Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-48089 | SOL-11.1-040320 | SV-60961r1_rule | Medium |
Description |
---|
If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered by a malicious user. |
STIG | Date |
---|---|
Solaris 11 SPARC Security Technical Implementation Guide | 2017-01-05 |
Check Text ( C-50521r1_chk ) |
---|
Determine if "nobody" access for keyserv is enabled. # grep "^ENABLE_NOBODY_KEYS=" /etc/default/keyserv If the output of the command is not: ENABLE_NOBODY_KEYS=NO this is a finding. |
Fix Text (F-51697r1_fix) |
---|
The root role is required. Modify the /etc/default/keyserv file. # pfedit /etc/default/keyserv Locate the line: #ENABLE_NOBODY_KEYS=YES Change it to: ENABLE_NOBODY_KEYS=NO |