Puppet Class: security_baseline::rules::debian::sec_nis

Defined in:
manifests/rules/debian/sec_nis.pp

Summary

Ensure NIS Server is not enabled (Scored)

Overview

The Network Information Service (NIS) (formally known as Yellow Pages) is a client-server directory service protocol for distributing system configuration files. The NIS server is a collection of programs that allow for the distribution of configuration files.

Rationale: The NIS service is inherently an insecure system that has been vulnerable to DOS attacks, buffer overflows and has poor authentication for querying NIS maps. NIS generally been replaced by such protocols as Lightweight Directory Access Protocol (LDAP). It is recommended that the service be disabled and other, more secure services be used.

Examples:

class security_baseline::rules::debian::sec_nis {
    enforce => true,
    message => 'Test',
    log_level => 'info'
}

Parameters:

  • enforce (Boolean) (defaults to: true)

    Enforce the rule or just test and log

  • message (String) (defaults to: '')

    Message to print into the log

  • log_level (String) (defaults to: '')

    The log_level for the above message



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'manifests/rules/debian/sec_nis.pp', line 31

class security_baseline::rules::debian::sec_nis (
  Boolean $enforce  = true,
  String $message   = '',
  String $log_level = ''
) {
  if($enforce) {

    ensure_resource('service', ['nis'], {
      ensure => 'stopped',
      enable => false
    })

  } else {

    if($facts['security_baseline']['services_enabled']['srv_nis'] == 'enabled') {
      echo { 'nis':
        message  => $message,
        loglevel => $log_level,
        withpath => false,
      }
    }
  }
}