Community
System Administration

Re: NFS Share User Mountable

 
dictum9
Super Advisor

‎03-14-2016 09:12 AM

‎03-14-2016 09:12 AM

NFS Share User Mountable

I got this ACAS scan vulnerability #15984 

 

NFS Share User Mountable

https://www.tenable.com/plugins/index.php?view=single&id=15984

their solution:

configure NFS so that only authorized hosts can mount the remote shares

 

My /etc/dfs/dfstab reads like this:

share -F nfs -o anon=-1,root=xxxx.xxxxx.xxxxx,rw=xxxx.xxxxx.xxxxx   /xyz

 

I thought that anon=-1 should be enough to fix this problem.     I changed anon=0 to anon=-1 , re-exported, but after re-running the scan, the vulnerability returned.

 

 

 

0 Kudos
Reply
2 REPLIES 2
Dennis Handly
Acclaimed Contributor

‎03-14-2016 11:13 AM

‎03-14-2016 11:13 AM

Re: NFS Share User Mountable

>I changed anon=0 to anon=-1 , re-exported, but after re-running the scan, the vulnerability returned.

 

Typically anon is is set to -2, for nobody.

Also, perhaps the scan wants you to limit the ro= users too?

0 Kudos
Reply
dictum9
Super Advisor

‎03-14-2016 01:31 PM

‎03-14-2016 01:31 PM

Re: NFS Share User Mountable

I will make changes and re-run the scan.

 

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.