Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must not have the rpc.ugidd daemon enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4262 | GEN000000-LNX00300 | SV-4262r2_rule | ECSC-1 | Medium |
| Description |
|---|
| The rpc.ugidd daemon could be used by a remote attacker to list all users on a specific system. Once the user IDs have been obtained, a system could be compromised through brute-force password hacking. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-2086r2_chk ) |
|---|
| To check for the rpc.ugidd daemon perform: # chkconfig –list rpc.ugidd Or # ps –ef | grep –i ugidd If the daemon is running or installed this is a finding. |
| Fix Text (F-4173r2_fix) |
|---|
| If the rpc.ugidd daemon is installed, disable it using the chkconfig utility. |