Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

cis-2-3-1.yml 1.3KB

12345678910111213141516171819202122232425262728293031323334353637383940414243
  1. # 2.3.1 Ensure NIS Client is not installed
  2. #
  3. # Description
  4. # ===========
  5. # The Network Information Service (NIS), formerly known as Yellow Pages,
  6. # is a client-server directory service protocol used to distribute system
  7. # configuration files. The NIS client ( ypbind ) was used to bind a machine
  8. # to an NIS server and receive the distributed configuration files.
  9. #
  10. # Rationale
  11. # =========
  12. # The NIS service is inherently an insecure system that has been vulnerable
  13. # to DOS attacks, buffer overflows and has poor authentication for querying
  14. # NIS maps. NIS generally has been replaced by such protocols as Lightweight
  15. # Directory Access Protocol (LDAP). It is recommended that the service be
  16. # removed.
  17. #
  18. # Audit
  19. # =====
  20. # Run the following command and verify nis is not installed:
  21. #
  22. # dpkg -s nis
  23. #
  24. # Remediation
  25. # ===========
  26. # Run the following command to uninstall nis:
  27. #
  28. # apt-get remove nis
  29. #
  30. # Impact
  31. # ======
  32. # Many insecure service clients are used as troubleshooting tools and in
  33. # testing environments. Uninstalling them can inhibit capability to test
  34. # and troubleshoot. If they are required it is advisable to remove the clients
  35. # after use to prevent accidental or intentional misuse.
  36. #
  37. parameters:
  38. linux:
  39. system:
  40. package:
  41. nis:
  42. version: removed