UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The nobody access for RPC encryption key storage service must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216350 SOL-11.1-040320 SV-216350r603267_rule Medium
Description
If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered by a malicious user.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2021-05-28

Details

Check Text ( C-17586r462487_chk )
Determine if the rpc-authdes package is installed:

# pkg list solaris/legacy/security/rpc-authdes

If the output of this command is:

pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed

no further action is required.

Determine if "nobody" access for keyserv is enabled.

# grep "^ENABLE_NOBODY_KEYS=" /etc/default/keyserv

If the output of the command is not:

ENABLE_NOBODY_KEYS=NO

this is a finding.
Fix Text (F-17584r462488_fix)
Determine if the rpc-authdes package is installed:

# pkg list solaris/legacy/security/rpc-authdes

If the output of this command is:

pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed

no further action is required.

The root role is required.

Modify the /etc/default/keyserv file.

# pfedit /etc/default/keyserv

Locate the line:

#ENABLE_NOBODY_KEYS=YES

Change it to:

ENABLE_NOBODY_KEYS=NO