Details

The GSS API is a security abstraction layer that is designed to make it easier for developers

to integrate with different authentication schemes. It is most commonly used in

applications for sites that use Kerberos for network authentication, though it can also allow

applications to interoperate with other authentication schemes.

Rationale:

GSS does not expose anything external to the system as it is configured to use TLI (protocol

= ticotsord) by default. This service should be disabled if it is not required.

Solution

To disable this service, run the following command:

# svcadm disable svc:/network/rpc/gss

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2582

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.

References

• 800-53|SI-4
• CSCv6|9.1
• CSCv7|9.2

Source

• Tenable.com/audits