CCE-90761-8Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Disable Secure RPC Server Service (rpcsvcgssd)
The rpcsvcgssd service manages RPCSEC GSS contexts required to
secure protocols that use RPC (most often Kerberos and NFS). The rpcsvcgssd
service is the server-side of RPCSEC GSS. If the system does not require secure
RPC then this service should be disabled.
The 'rpcsvcgssd' service can be disabled with the following command:
'$ sudo systemctl disable rpcsvcgssd'
Parameter:
Technical Mechanism:
Unnecessary services should be disabled to decrease the attack surface of the system.
Fix:
#
# Disable nfs-secure-server.service (rpcsvcgssd) for all systemd targets
#
systemctl disable nfs-secure-server.service
#
# Stop nfs-secure-server.service (rpcsvcgssd) if currently running
#
systemctl stop nfs-secure-server.service
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30450 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31173 |