HPE Community
Operating System - HP-UX
1825793 Members
2296 Online
109687 Solutions
New Discussion

question on nfs mount

 
jrw046
Occasional Contributor

‎05-24-2007 07:56 AM

‎05-24-2007 07:56 AM

question on nfs mount

I got this error running a security search

Synopsis :

It is possible to access the remote NFS shares without having root privileges.

Description :

Some of the NFS shares exported by the remote server could be
mounted by the scanning host. An attacker may exploit this problem
to gain read (and possibly write) access to files on remote host.

Note that root privileges were not required to mount the remote shares. That is,
the source port to mount the shares was bigger than 1024.

Solution :

Configure NFS on the remote host so that only authorized hosts can mount
the remote shares.

The remote NFS server should prevent mount requests originating from a non-privileged port.


My exportfs is set up like this

/opt/odbc -rw=kyd15
/opt/visaer -rw=kyd15
/opt/mss -rw=kyd15

Any ideas as to why I get the error
0 Kudos
Reply
1 REPLY 1
Patrick Wallek
Honored Contributor

‎05-24-2007 07:59 AM

‎05-24-2007 07:59 AM

Re: question on nfs mount

You should probably set the -access parameter in your /etc/exports file as well to restricts access as well as rw permissions.

/opt/odbc -access=kyd15,rw
/opt/visaer -access=kyd15,rw
/opt/mss -access=kyd15,rw


# man exports
for details.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.