2.3.1 Ensure NIS Client is not installed

Information

The NIS service is inherently an insecure system that has been vulnerable to DOS attacks, buffer overflows and has poor authentication for querying NIS maps. NIS generally has been replaced by such protocols as Lightweight Directory Access Protocol (LDAP). It is recommended that the service be removed.

Solution

Run the following command to uninstall ypbind - # yum remove ypbind. Many insecure service clients are used as troubleshooting tools and in testing
environments. Uninstalling them can inhibit capability to test and troubleshoot. If they are required it is advisable to remove the clients after use to prevent accidental or intentional misuse.

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|2

Plugin: Unix

Control ID: 404761d7e16d1ffc5afa54e053a3a84933b8fd72489cea8e23088e00196a6f8b