UCF STIG Viewer Logo

The nobody access for RPC encryption key storage service must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216350 SOL-11.1-040320 SV-216350r603267_rule Medium
Description
If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered by a malicious user.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2022-11-18

Details

Check Text ( C-17586r462487_chk )
Determine if the rpc-authdes package is installed:

# pkg list solaris/legacy/security/rpc-authdes

If the output of this command is:

pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed

no further action is required.

Determine if "nobody" access for keyserv is enabled.

# grep "^ENABLE_NOBODY_KEYS=" /etc/default/keyserv

If the output of the command is not:

ENABLE_NOBODY_KEYS=NO

this is a finding.
Fix Text (F-17584r462488_fix)
Determine if the rpc-authdes package is installed:

# pkg list solaris/legacy/security/rpc-authdes

If the output of this command is:

pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed

no further action is required.

The root role is required.

Modify the /etc/default/keyserv file.

# pfedit /etc/default/keyserv

Locate the line:

#ENABLE_NOBODY_KEYS=YES

Change it to:

ENABLE_NOBODY_KEYS=NO