|
- # 2.3.1 Ensure NIS Client is not installed
- #
- # Description
- # ===========
- # The Network Information Service (NIS), formerly known as Yellow Pages,
- # is a client-server directory service protocol used to distribute system
- # configuration files. The NIS client ( ypbind ) was used to bind a machine
- # to an NIS server and receive the distributed configuration files.
- #
- # Rationale
- # =========
- # The NIS service is inherently an insecure system that has been vulnerable
- # to DOS attacks, buffer overflows and has poor authentication for querying
- # NIS maps. NIS generally has been replaced by such protocols as Lightweight
- # Directory Access Protocol (LDAP). It is recommended that the service be
- # removed.
- #
- # Audit
- # =====
- # Run the following command and verify nis is not installed:
- #
- # dpkg -s nis
- #
- # Remediation
- # ===========
- # Run the following command to uninstall nis:
- #
- # apt-get remove nis
- #
- # Impact
- # ======
- # Many insecure service clients are used as troubleshooting tools and in
- # testing environments. Uninstalling them can inhibit capability to test
- # and troubleshoot. If they are required it is advisable to remove the clients
- # after use to prevent accidental or intentional misuse.
- #
- parameters:
- linux:
- system:
- package:
- nis:
- version: removed
|
