The nobody access for RPC encryption key storage service must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216113 | SOL-11.1-040320 | SV-216113r959010_rule | CCI-000366 | medium |
| Description | ||||
| If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a private key for the "nobody" user, it will be used by key_encryptsession to compute a magic phrase which can be easily recovered by a malicious user. | ||||
| STIG | Date | |||
| Solaris 11 X86 Security Technical Implementation Guide | 2025-05-05 | |||
Details
Check Text (C-216113r959010_chk)
Determine if the rpc-authdes package is installed:
# pkg list solaris/legacy/security/rpc-authdes
If the output of this command is:
pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed
no further action is required.
Determine if "nobody" access for keyserv is enabled.
# grep "^ENABLE_NOBODY_KEYS=" /etc/default/keyserv
If the output of the command is not:
ENABLE_NOBODY_KEYS=NO
this is a finding.
Fix Text (F-17349r462443_fix)
Determine if the rpc-authdes package is installed:
# pkg list solaris/legacy/security/rpc-authdes
If the output of this command is:
pkg list: no packages matching 'solaris/legacy/security/rpc-authdes' installed
no further action is required.
The root role is required.
Modify the /etc/default/keyserv file.
# pfedit /etc/default/keyserv
Locate the line:
#ENABLE_NOBODY_KEYS=YES
Change it to:
ENABLE_NOBODY_KEYS=NO