{"description": "Each call to a function which retrieves data from a system database like the\npassword or group database is handled by the Name Service Switch\nimplementation in the GNU C library.  The various services provided are\nimplemented by independent modules, each of which naturally varies widely\nfrom the other. One of such modules is the <tt>nis</tt> module, which allows\nto get information from NIS servers.", "rationale": "NIS service is insecure and should not be used.", "severity": "medium", "references": {"anssi": ["R69"]}, "control_references": {"anssi": ["R69"]}, "components": [], "identifiers": {}, "ocil_clause": "a nis database is configured in nsswitch.conf", "ocil": "Run the following command:\n<pre>grep '^\\w+\\s+(\\w+\\s+)*nis($|\\s+.*$)' /etc/nsswitch.conf</pre>\nIf a line is returned and it contains the word <tt>nis</tt> in the list\nof services, it is a finding.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "This rule does not have remediation. Editing the <tt>/etc/nsswitch.conf</tt> incorrectly can disrupt access to the system."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Name Service Switch does not use NIS", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/nis/no_nis_in_nsswitch/rule.yml", "template": null}