We have some systems in a STIG environment and one of the STIG requirements is to have NIS not use UDP. Is there a way to do this with Solaris 10?
Here's the text from the STIG rule:
Group ID (Vulid): V-4399
Group Title: GEN006380
Rule ID: SV-4399r6_rule
Severity: CAT I
Rule Version (STIG-ID): GEN006380
Rule Title: The system must not use UDP for NIS/NIS+.
Vulnerability Discussion: Implementing NIS or NIS+ under UDP may make the system more susceptible to a denial of service attack and does not provide the same quality of service as TCP.
Responsibility: System Administrator
If the system does not use NIS or NIS+, this is not applicable.
Check if NIS or NIS+ is implemented using UDP.
# rpcinfo -p | grep yp | grep udp
If NIS or NIS+ is implemented using UDP, this is a finding.
Fix Text: Configure the system to not use UDP for NIS and NIS+. Consult vendor documentation for the required procedure.</i>
I know Rule SV-867 says NIS is not to be used but I'm not concerned with that rule at this time.
It is my understanding that the "services" file is just a lookup file like "hosts". Removing the entry won't prohibit the use of the protocol. And besides, in services there is just the entry for "rpc"; not individual rpc services...