Profile Applicability:
 • Level 1

Description:
 Network Information Service (NIS) servers provide centralized authentication and directory services. If the system is not intended to act as an NIS server, these services should be disabled to reduce security risks and limit unnecessary network exposure.

Rationale:
 Disabling unused NIS services minimizes attack surfaces and prevents unauthorized access or information disclosure via NIS protocols.

Impact:
 Pros:

  • Reduces risk of unauthorized authentication and directory access.

  • Limits unnecessary network services.

Cons:

  • Disabling NIS on systems relying on it may disrupt authentication and directory functions.

Default Value:
 NIS server services may be enabled or running by default on some systems.

Pre-requisites:

  • Root or sudo privileges to manage system services.

Remediation:

Test Plan:

Using Linux command line:

1. Check if NIS server service is enabled:

systemctl is-enabled ypserv

2. Check if NIS server service is running:

systemctl status ypserv

Implementation Plan:

Using Linux command line:

1. Disable NIS server service:

systemctl disable ypserv

2. Stop running NIS server service:

systemctl stop ypserv

3. Verify service is disabled and stopped:

systemctl is-enabled ypserv  
systemctl status ypserv

Backout Plan:

Using Linux command line:

1. Enable and start NIS server service if required:

systemctl enable ypserv  
systemctl start ypserv

2. Verify service status.

References:

  • CIS Amazon Linux 2 Benchmark v3.0.0

  • Systemd Service Management