2.9 Disable NIS Server Services - nis domain

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The NIS server software is not installed by default and is only required on systems that are
acting as an NIS server for the local site. Typically there are only a small number of NIS
servers on any given network. These services are disabled by default unless the system has
been previously configured to act as a NIS server.

Rationale:

As RPC-based services such as NIS may use non-secure authentication and share sensitive
network object information with systems and applications using RPC-based services, this
service should be disabled. Users are encouraged to use LDAP as a name service in place of
NIS.

Solution

To disable this service, run the following commands:

# svcadm disable svc:/network/nis/server

Check to see if LDAP Client is in use:

# svcs -a | grep ldap | awk -F" " '{if ($1 ~ /disabled/ && $3 ~ /client/)
print "LDAP Client is disabled - svc:/network/nfs/domain can be disabled.";}'

If LDAP is not in use also disable nis/domain:

# svcadm disable svc:/network/nis/domain

Notes:

It is possible that the svc:/network/nis/server package may not be installed by default on
some systems. In this case, the above commands will indicate that the software is not
installed.

See Also

https://workbench.cisecurity.org/files/2582