The nobody access for RPC encryption key storage service must be disabled.

An XCCDF Rule

Details
Profiles

Description

If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered by a malicious user.

ID: SV-216350r959010_rule
Version: SOL-11.1-040320
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Determine if the rpc-authdes package is installed:

# pkg list solaris/legacy/security/rpc-authdes

If the output of this command is:
pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed

no further action is required.

The root role is required.

Modify the /etc/default/keyserv file.

# pfedit /etc/default/keyserv

Locate the line:

#ENABLE_NOBODY_KEYS=YES

Change it to:

ENABLE_NOBODY_KEYS=NO

The nobody access for RPC encryption key storage service must be disabled.

Description

Remediation Templates

A Manual Procedure