Ensure NIS Client Is Not Installed : iCompaas Support

Profile Applicability:
• Level 1

Description:
NIS (Network Information Service) clients enable systems to retrieve user and group information from a centralized NIS server. If NIS client functionality is not required, removing these packages reduces potential security risks and limits network exposure.

Rationale:
Removing unnecessary NIS client packages minimizes attack surface and reduces the risk of unauthorized access or information leakage.

Impact:
Pros:

Limits exposure to network-based vulnerabilities related to NIS.
Simplifies system configuration and improves security posture.

Cons:

Removing NIS client may disrupt authentication on systems relying on NIS.

Default Value:
NIS client packages may be installed by default on some systems.

Pre-requisites:

Root or sudo privileges to uninstall packages.

Remediation:

Test Plan:

Using Linux command line:

1. Check if NIS client is installed:

RPM-based systems:

rpm -q ypbind

Debian-based systems:

dpkg -l | grep nis

2. Confirm presence of NIS client packages.

Implementation Plan:

Using Linux command line:

1. Remove NIS client packages if installed:

RPM-based:

yum remove ypbind -y

Debian-based:

apt remove nis -y

2. Verify removal:

rpm -q ypbind  # or dpkg -l | grep nis

Backout Plan:

Using Linux command line:

1. Reinstall NIS client if needed:

RPM-based:

yum install ypbind -y

Debian-based:

apt install nis -y

2. Confirm successful installation.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
NIST SP 800-53 Revision 5 - AC-2

Ensure NIS Client Is Not Installed Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles