Check: GEN001320
HP-UX 11.31 STIG:
GEN001320
(in versions v1 r19 through v1 r13)
Title
NIS/NIS+/yp files must be owned by root, sys, or bin. (Cat II impact)
Discussion
NIS/NIS+/yp files are part of the system's identification and authentication processes and are, therefore, critical to system security. Failure to give ownership of sensitive files or utilities to root or bin provides the designated owner and unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
Check Content
Check NIS file ownership. Procedure: # ls -lLa /var/yp/<nis domainname> If the file ownership is not root, sys, or bin, this is a finding.
Fix Text
Change the ownership of NIS/NIS+/yp files to root, sys, or bin. Consult vendor documentation to determine the location of the files. Procedure (example): # chown root <filename>
Additional Identifiers
Rule ID: SV-38460r1_rule
Vulnerability ID: V-789
Group Title: GEN001320
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
| Number | Title |
|---|---|
| AC-6 |
Least Privilege |