https://community.hpe.com/t5/operating-system-hp-ux/nfs-share-user-mountable/m-p/6841396#M489344 <P>I got this ACAS scan vulnerability #15984&nbsp;</P><P>&nbsp;</P><P>NFS Share User Mountable</P><P><A href="https://www.tenable.com/plugins/index.php?view=single&amp;id=15984" target="_blank">https://www.tenable.com/plugins/index.php?view=single&amp;id=15984</A></P><P>their solution:</P><P>configure NFS so that only authorized hosts can mount the remote shares</P><P>&nbsp;</P><P>My /etc/dfs/dfstab reads like this:</P><P>share -F nfs -o anon=-1,root=xxxx.xxxxx.xxxxx,rw=xxxx.xxxxx.xxxxx&nbsp;&nbsp; /xyz</P><P>&nbsp;</P><P>I thought that anon=-1 should be enough to fix this problem.&nbsp;&nbsp;&nbsp;&nbsp; I changed anon=0 to anon=-1 , re-exported, but after re-running the scan, the vulnerability returned.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 14 Mar 2016 16:12:06 GMT dictum9 2016-03-14T16:12:06Z https://community.hpe.com/t5/operating-system-hp-ux/nfs-share-user-mountable/m-p/6841396#M489344 <P>I got this ACAS scan vulnerability #15984&nbsp;</P><P>&nbsp;</P><P>NFS Share User Mountable</P><P><A href="https://www.tenable.com/plugins/index.php?view=single&amp;id=15984" target="_blank">https://www.tenable.com/plugins/index.php?view=single&amp;id=15984</A></P><P>their solution:</P><P>configure NFS so that only authorized hosts can mount the remote shares</P><P>&nbsp;</P><P>My /etc/dfs/dfstab reads like this:</P><P>share -F nfs -o anon=-1,root=xxxx.xxxxx.xxxxx,rw=xxxx.xxxxx.xxxxx&nbsp;&nbsp; /xyz</P><P>&nbsp;</P><P>I thought that anon=-1 should be enough to fix this problem.&nbsp;&nbsp;&nbsp;&nbsp; I changed anon=0 to anon=-1 , re-exported, but after re-running the scan, the vulnerability returned.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 14 Mar 2016 16:12:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/nfs-share-user-mountable/m-p/6841396#M489344 dictum9 2016-03-14T16:12:06Z https://community.hpe.com/t5/operating-system-hp-ux/nfs-share-user-mountable/m-p/6841437#M489345 <P>&gt;I changed anon=0 to anon=-1 , re-exported, but after re-running the scan, the vulnerability returned.</P><P>&nbsp;</P><P>Typically anon is is set to -2, for nobody.</P><P>Also, perhaps the scan wants you to limit the ro= users too?</P> Mon, 14 Mar 2016 18:13:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/nfs-share-user-mountable/m-p/6841437#M489345 Dennis Handly 2016-03-14T18:13:45Z https://community.hpe.com/t5/operating-system-hp-ux/nfs-share-user-mountable/m-p/6841479#M489347 <P>I will make changes and re-run the scan.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 14 Mar 2016 20:31:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/nfs-share-user-mountable/m-p/6841479#M489347 dictum9 2016-03-14T20:31:27Z