Security Issues

  • Remote access to NIS maps can be controlled through /etc/ypserv.securenets on host/network basis.
  • Access to portmap can be controlled through tcp_wrappers (hosts.deny and hosts.allow files) and/or firewall (access to tcp/111).
  • However, a rogue user on a NIS client can quiry the server NIS maps 
    
ypcat passwd

      	
testu:$1$F3wWFCHd$oYiPPoWXGbe/XVBTG7zFx/:1001:100::/home/testu:/bin/bash
mike:$2$i3r.kJDZ$RlrAtz5tgwDin25c9krZW0:1000:1000::/home/mike:/bin/bash
    Then get the password hashes and run crack tools on them.

  • Sensitive information shouldn't be stored in NIS maps.
  • Secure alternatives for centralized authentication: LDAP and Kerberos.

    Previous Pageprevious First Pagetop Next Pagenext