Skip to content

RHEL 9 must not have the ypserv package installed.

An XCCDF Rule

Description

<VulnDiscussion>The NIS service provides an unencrypted authentication service, which does not provide for the confidentiality and integrity of user passwords or the remote session. Removing the "ypserv" package decreases the risk of the accidental (or intentional) activation of NIS or NIS+ services.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-257829r925474_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Remove the ypserv package with the following command:

$ sudo dnf remove ypserv