cancel
Showing results for 
Search instead for 
Did you mean: 

NFS Share User Mountable

 
dictum9
Super Advisor

NFS Share User Mountable

I got this ACAS scan vulnerability #15984 

 

NFS Share User Mountable

https://www.tenable.com/plugins/index.php?view=single&id=15984

their solution:

configure NFS so that only authorized hosts can mount the remote shares

 

My /etc/dfs/dfstab reads like this:

share -F nfs -o anon=-1,root=xxxx.xxxxx.xxxxx,rw=xxxx.xxxxx.xxxxx   /xyz

 

I thought that anon=-1 should be enough to fix this problem.     I changed anon=0 to anon=-1 , re-exported, but after re-running the scan, the vulnerability returned.

 

 

 

2 REPLIES

Re: NFS Share User Mountable

>I changed anon=0 to anon=-1 , re-exported, but after re-running the scan, the vulnerability returned.

 

Typically anon is is set to -2, for nobody.

Also, perhaps the scan wants you to limit the ro= users too?

dictum9
Super Advisor

Re: NFS Share User Mountable

I will make changes and re-run the scan.