GEN006460 - Any NIS+ server must be operating at security level 2.

Information

If the NIS+ server is not operating in, at least, security level 2, there is no encryption and the system could be penetrated by intruders and/or malicious users.

Solution

Ensure the NIS+ server is operating at security level 2 by editing /usr/lib/nis/nisserver and ensuring the line containing SEC= is set to the numeral 2, for example:

SEC=2 # 2=DES or 3=RSA

Security Level 0 is designed for testing and initial setup of the NIS+ namespace. When running at level 0, the daemon does not enforce access control. Any client is allowed to perform any operation, including updates and deletions.

Security level 1 accepts AUTH_SYS and AUTH_DES credentials for authenticating clients and authorizing them to perform NIS+ operations. This is not a secure mode of operation since AUTH_SYS credentials are easily forged. It should not be used on networks in which any untrusted user may potentially have access. Security level 2 accepts only AUTH_DES credentials for authentication and authorization. This is the highest level of security currently provided by the NIS+ service and the default security level if the -S option is not used.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R4_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CAT|II, CCI|CCI-000382, Rule-ID|SV-227044r603265_rule, STIG-ID|GEN006460, STIG-Legacy|SV-28453, STIG-Legacy|V-926, Vuln-ID|V-227044

Plugin: Unix

Control ID: 0920889d1456cb97e5fe42c46f81551643b1f8d0d1d014eb3b18fb809979dece