{"description": "The <code>gssproxy</code> package can be removed with the following command:\n<pre>\n$ apt-get remove gssproxy</pre>", "rationale": "<tt>gssproxy</tt> is a proxy for GSS API credential handling.\nKerberos relies on some key derivation functions that may not\nbe compatible with some site policies such as FIPS 140.", "severity": "medium", "references": {"srg": ["SRG-OS-000095-GPOS-00049", "SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the package is installed", "ocil": "\nRun the following command to determine if the <code>gssproxy</code> package is installed:\n<pre>$ dpkg -l  gssproxy</pre>", "oval_external_content": null, "fixtext": " To remove the Ubuntu 22.04 package gssproxy run the following command:\n\n$ apt-get remove gssproxy", "checktext": "", "vuldiscussion": "", "srg_requirement": " Ubuntu 22.04 must not have the gssproxy package installed.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must not have the gssproxy package installed.", "vuldiscussion": "It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.\n\nOperating systems are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations (e.g., key missions, functions).\n\nThe gssproxy package is a proxy for GSS API credential handling and could expose secrets on some networks. It is not needed for normal function of the OS.", "checktext": "Verify that the gssproxy package is not installed with the following command:\n\n$ dnf list --installed gssproxy\n\nError: No matching Packages to list\n\nIf the \"gssproxy\" package is installed and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.", "fixtext": "Remove the gssproxy package with the following command:\n\n$ sudo dnf remove gssproxy"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Uninstall gssproxy Package", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml", "template": {"name": "package_removed", "vars": {"pkgname": "gssproxy"}, "backends": {"anaconda": "off"}}}