The nobody access for RPC encryption key storage service must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered by a malicious user.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-216113r959010_rule
Severity: Medium
References: CCI-000366
Updated: 17 days ago

Determine if the rpc-authdes package is installed:

# pkg list solaris/legacy/security/rpc-authdes

If the output of this command is:
pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed

no further action is required.

The root role is required.

Modify the /etc/default/keyserv file.

# pfedit /etc/default/keyserv

Locate the line:

#ENABLE_NOBODY_KEYS=YES

Change it to:

ENABLE_NOBODY_KEYS=NO

The nobody access for RPC encryption key storage service must be disabled.

Description

Remediation - Manual Procedure