From Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide
Part of SRG-OS-000095
Associated with: CCI-000381
If the system does not require access to NFS (Network File System) file shares or is not acting as an NFS server, then support for NFS is non-essential and NFS services must be disabled. NFS is a network file system protocol supported by Unix-like operating systems. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized.
The NFS daemon must be disabled. To check if NFS is disabled, run the following command: sudo /usr/libexec/PlistBuddy -c 'print com.apple.nfsd:Disabled' /var/db/launchd.db/com.apple.launchd/overrides.plist If the returned value isn't 'true', this is a finding.
To disable NFS, run the following command: sudo defaults write /private/var/db/launchd.db/com.apple.launchd/overrides.plist 'com.apple.nfsd' -dict Disabled -bool true
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer