STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Any NIS+ server must be operating at security level 2.

DISA Rule

SV-227951r603266_rule

Vulnerability Number

V-227951

Group Title

SRG-OS-000510

Rule Version

GEN006460

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure the NIS+ server is operating at security level 2 by editing /usr/lib/nis/nisserver and ensuring the line containing SEC= is set to the numeral 2, for example:

SEC=2 # 2=DES or 3=RSA

Security Level 0 is designed for testing and initial setup of the NIS+ namespace. When running at level 0, the daemon does not enforce access control. Any client is allowed to perform any operation, including updates and deletions.

Security level 1 accepts AUTH_SYS and AUTH_DES credentials for authenticating clients and authorizing them to perform NIS+ operations. This is not a secure mode of operation since AUTH_SYS credentials are easily forged. It should not be used on networks in which any untrusted user may potentially have access. Security level 2 accepts only AUTH_DES credentials for authentication and authorization. This is the highest level of security currently provided by the NIS+ service and the default security level if the -S option is not used.

Check Contents

If the system is not using NIS+, this is not applicable.

Check the system to determine if NIS+ security level 2 is implemented.

Procedure:
# niscat cred.org_dir

If the second column does not contain DES, the system is not using NIS+ security level 2, and this is a finding.

Vulnerability Number

V-227951

Documentable

False

Rule Version

GEN006460

Severity Override Guidance

If the system is not using NIS+, this is not applicable.

Check the system to determine if NIS+ security level 2 is implemented.

Procedure:
# niscat cred.org_dir

If the second column does not contain DES, the system is not using NIS+ security level 2, and this is a finding.

Check Content Reference

M

Target Key

4061

Comments