The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none.

From SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE

Part of GEN005860

Associated with IA controls: ECAN-1

Associated with: CCI-000366

SV-40306r1_rule The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none.

Vulnerability discussion

If sec=none on Solaris, all NFS requests are mapped to an unknown/common user instead of being processed according to the provided UID.

Check content

Perform the following on NFS servers: # grep "^default" /etc/nfssec.conf Check to ensure the second column does not equal 0. This would indicate the default is set to none. Perform the following to check currently exported file systems. # more /etc/dfs/dfstab If the option sec=none is set on any of the exported file systems, this is a finding.

Fix text

Edit the /etc/dfs/dfstab file and add the sec=XXX option to the share line as an option. XXX must be a valid option for the system other than none.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer