2.4 Disable RPC Encryption Key

Information

The keyserv service is only required for sites that are using the Secure RPC mechanism. The most common use for Secure RPC on Solaris machines is 'secure NFS', which uses the Secure RPC mechanism to provide higher levels of security than the standard NFS protocols. ('Secure NFS' is unrelated to Kerberos authentication as a mechanism for providing higher levels of NFS security. 'Kerberized' NFS does not require the keyserv service to be running.)

Rationale:

This service should be disabled if it is not required.

Solution

To disable this service, run the following command:

# svcadm disable svc:/network/rpc/keyserv

See Also

https://workbench.cisecurity.org/benchmarks/4777

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.2

Plugin: Unix

Control ID: 25a113c8e75a5e121af80d1a3f57e017d07f5cc46e3365df8b58d96413686b78