Lesson 6
Date: 2/26/2009
Network Information Service (NIS)
Linux for Engineering and IT Applications
Security Issues
Remote access to NIS maps can be controlled through
/etc/ypserv.securenets
on host/network basis.
Access to
portmap
can be controlled through
tcp_wrappers
(
hosts.deny
and
hosts.allow
files) and/or firewall (access to
tcp/111
).
However, a rogue user on a NIS client can quiry the server NIS maps
ypcat passwd
testu:
$1$F3wWFCHd$oYiPPoWXGbe/XVBTG7zFx/
:1001:100::/home/testu:/bin/bash mike:
$2$i3r.kJDZ$RlrAtz5tgwDin25c9krZW0
:1000:1000::/home/mike:/bin/bash
Then get the password hashes and run crack tools on them.
Sensitive information shouldn't be stored in NIS maps.
Secure alternatives for centralized authentication:
LDAP
and
Kerberos
.
Data sharing over NIS
NIS architecture
NIS server configuration
NIS server processes
NIS client configuration
NIS client command
NIS user login restrictions
Netgroups
NIS server maps
Creating your own NIS maps
Security Issues
Practical Exercise
Take me to the Course Website