Check: GEN006380
Solaris 10 X86 STIG:
GEN006380
(in versions v2 r4 through v1 r17)
Title
The system must not use UDP for NIS/NIS+. (Cat I impact)
Discussion
Implementing NIS or NIS+ under UDP may make the system more susceptible to a Denial of Service attack and does not provide the same quality of service as TCP.
Check Content
If the system does not use NIS or NIS+, this is not applicable. Check if NIS or NIS+ is implemented using UDP. Procedure: # rpcinfo -p | grep yp | grep udp If NIS or NIS+ is implemented using UDP, this is a finding.
Fix Text
Configure the system to not use UDP for NIS and NIS+. Consult vendor documentation for the required procedure.
Additional Identifiers
Rule ID: SV-227948r603266_rule
Vulnerability ID: V-227948
Group Title: SRG-OS-000095
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |