HPE Community
Operating System - HP-UX
1835963 Members
4020 Online
110088 Solutions
New Discussion

Ignite and exports file / NFS vulnarability

 
Josee Bourget-Thuma
Frequent Advisor

‎06-14-2002 06:07 AM

‎06-14-2002 06:07 AM

Ignite and exports file / NFS vulnarability

Hi!

I'm trying to setup Ignite server but also keep the access to the NFS mounts restricted. Our company has requested we tighten security.

I'd like to elliminate the anon=2 reference in the exports file by specifying host names (root=host.name:...) but Ignite is still complaining.

Can someone point me in the right direction on this or is this anon entry unavoidable?

Thanks in advance!

Josee...
Failure is not an option.
0 Kudos
Reply
4 REPLIES 4
RAC_1
Honored Contributor

‎06-14-2002 07:14 AM

‎06-14-2002 07:14 AM

Re: Ignite and exports file / NFS vulnarability

First put root-hostname,access=hostname in /etc/exports.

Put hostname username entries in .rhosts files
in root's home directories.

You must get remsh on client server from
ignite server for Network ignite preparation.

This has to work.

Regards,
There is no substitute to HARDWORK
0 Kudos
Reply
Josee Bourget-Thuma
Frequent Advisor

‎06-14-2002 02:15 PM

‎06-14-2002 02:15 PM

Re: Ignite and exports file / NFS vulnarability

I've actually tailored the exports file to only give root access to certain hosts.

I've tried using mountd -e in conjunction with inetd.sec file and run inetd -l from startup.

It would seem that people are still able to mount to those exported directories.

When I turn off the moutd and statd daemons, Ignite complains still. I was hoping to work around vulnaribility by being specific in exports but it seems it doesn't work.

Can someone refer me to some good documentation? I find no reference to this so far.

Is my solution to simply not run mountd and statd unless I need it?

Thanks again in advance!

Josee...
Failure is not an option.
0 Kudos
Reply
Josee Bourget-Thuma
Frequent Advisor

‎06-14-2002 03:08 PM

‎06-14-2002 03:08 PM

Re: Ignite and exports file / NFS vulnarability

More question:

Shouldn't showmount show the same exported mounts as
exportfs -v?

How do I force umount of those mounted?

Thanks!

Josee...
Failure is not an option.
0 Kudos
Reply
frueyang
Occasional Advisor

‎06-16-2002 08:39 PM

‎06-16-2002 08:39 PM

Re: Ignite and exports file / NFS vulnarability

hi, in my opnions, the command exportfs -v equals to the command showmount -v, printing all the exported file system; however, the command showmount -a present for printing all remote mounts in the format :
name: directory

You can use umount -a to umount all umountable file system, fuser can help you umount file system forcibly.

May this help you!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.