The nobody access for RPC encryption key storage service must be disabled.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-216113 | SRG-OS-000480 | SOL-11.1-040320 | SV-216113r959010_rule | 2024-11-25 | 3 |
| Description |
|---|
| If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered by a malicious user. |
| ℹ️ Check |
|---|
| Determine if the rpc-authdes package is installed: # pkg list solaris/legacy/security/rpc-authdes If the output of this command is: pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed no further action is required. Determine if "nobody" access for keyserv is enabled. # grep "^ENABLE_NOBODY_KEYS=" /etc/default/keyserv If the output of the command is not: ENABLE_NOBODY_KEYS=NO this is a finding. |
| ✔️ Fix |
|---|
| Determine if the rpc-authdes package is installed: # pkg list solaris/legacy/security/rpc-authdes If the output of this command is: pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed no further action is required. The root role is required. Modify the /etc/default/keyserv file. # pfedit /etc/default/keyserv Locate the line: #ENABLE_NOBODY_KEYS=YES Change it to: ENABLE_NOBODY_KEYS=NO |