Description
The Network Information Service (NIS), formerly known as Yellow Pages,
is a client-server directory service protocol used to distribute system configuration
files. The NIS client (ypbind) was used to bind a system to an NIS server
and receive the distributed configuration files.
Rationale
The NIS service is inherently an insecure system that has been vulnerable
to DOS attacks, buffer overflows and has poor authentication for querying
NIS maps. NIS generally has been replaced by such protocols as Lightweight
Directory Access Protocol (LDAP). It is recommended that the service be
removed.
Shell script
The following script can be run on the host to remediate the issue.
# CAUTION: This remediation script will remove ypbind
# from the system, and may remove any packages
# that depend on ypbind. Execute this
# remediation AFTER testing on a non-production
# system!
if rpm -q --quiet "ypbind" ; then
yum remove -y "ypbind"
fi
Ansible playbook
The following playbook can be run with Ansible to remediate the issue.
- name: Ensure ypbind is removed
package:
name: ypbind
state: absent
tags:
- CCE-27396-1
- PCI-DSSv4-2.2.4
- disable\_strategy
- low\_complexity
- low\_disruption
- no\_reboot\_needed
- package\_ypbind\_removed
- unknown\_severity
