3 Replies Latest reply: Jan 13, 2012 2:06 PM by bobthesungeek76036 RSS

    Force TCP protocol with NIS?

      We have some systems in a STIG environment and one of the STIG requirements is to have NIS not use UDP. Is there a way to do this with Solaris 10?

      Here's the text from the STIG rule:

      Group ID (Vulid): V-4399
      Group Title: GEN006380
      Rule ID: SV-4399r6_rule
      Severity: CAT I
      Rule Version (STIG-ID): GEN006380
      Rule Title: The system must not use UDP for NIS/NIS+.

      Vulnerability Discussion: Implementing NIS or NIS+ under UDP may make the system more susceptible to a denial of service attack and does not provide the same quality of service as TCP.

      Responsibility: System Administrator
      IAControls: ECSC-1

      Check Content:
      If the system does not use NIS or NIS+, this is not applicable.

      Check if NIS or NIS+ is implemented using UDP.

      # rpcinfo -p | grep yp | grep udp

      If NIS or NIS+ is implemented using UDP, this is a finding.

      Fix Text: Configure the system to not use UDP for NIS and NIS+. Consult vendor documentation for the required procedure.</i>

      I know Rule SV-867 says NIS is not to be used but I'm not concerned with that rule at this time.