The Ubuntu operating system must not have the Network Information Service (NIS) package installed.

STIG ID: UBTU-18-010018  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: high |  CCI: CCI-000381 |  Vulnerability Id: V-219157 | 

Vulnerability Discussion

Removing the Network Information Service (NIS) package decreases the risk of the accidental (or intentional) activation of NIS or NIS+ services.

Check

Verify that the Network Information Service (NIS) package is not installed on the Ubuntu operating system.

Check to see if the NIS package is installed with the following command:

# dpkg -l | grep nis

If the NIS package is installed, this is a finding.

Fix

Configure the Ubuntu operating system to disable non-essential capabilities by removing the Network Information Service (NIS) package from the system with the following command:

# sudo apt-get remove nis