HPE Community
Operating System - HP-UX
1827260 Members
2318 Online
109717 Solutions
New Discussion

Superflous NFS Daemon

 
SOLVED
Go to solution
Brando Sumayao
Advisor

‎11-29-2001 02:54 PM

‎11-29-2001 02:54 PM

Superflous NFS Daemon

Got scanned for network security/vulnerability and I was informed that my server had a "Superflous NFS Daemon". What does this mean and how do I fix it?

Thanks.
0 Kudos
Reply
7 REPLIES 7
Sanjay_6
Honored Contributor

‎11-29-2001 03:00 PM

‎11-29-2001 03:00 PM

Re: Superflous NFS Daemon

Hi Brando,

Don't think the message you posted is sufficient. Can you post the results in more detail or attach the results in a file.

Thanks
0 Kudos
Reply
Brando Sumayao
Advisor

‎11-29-2001 03:38 PM

‎11-29-2001 03:38 PM

Re: Superflous NFS Daemon

Hi Sanjay,

I work inside a military facility and all the base network security office does is they send me a hardcopy print-out of the network scans on a monthly basis. All it said in the scan are as follows:

132.33.64.13 - medweb.60mdg.travis.af.mil - HP HP-UX B.11.11 - Superflous NFS Daemon (CAN-1999-0548).

Your thoughts ...
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎11-29-2001 08:02 PM

‎11-29-2001 08:02 PM

Solution

Re: Superflous NFS Daemon

Do you have NFS running and not need it?

If your machine is set up as an NFS server and it doesn't need to be, I'd look at turning off NFS. Have a look /etc/rc.config.d/nfsconf and make sure everything is set to 0 so that it doesn't start on a reboot.

To turn it off manually do a /sbin/init.d/nfs.client stop
and /sbin/init.d/nfs.server stop
Reply
Marco Paganini
Respected Contributor

‎11-29-2001 09:17 PM

‎11-29-2001 09:17 PM

Re: Superflous NFS Daemon

Hello Brando,

I'd say "Superfluous NFS daemon" means you have a NFS daemon running but either nobody using it or no filesystems being exported.

If you're in a controlled environment (with tight security), I'd say it could be a good idea to disable this (useless) NFS daemon.

Remember, NFS means (N)o (F)scking (S)ecurity. :)

Regards,
Paga
Keeping alive, until I die.
0 Kudos
Reply
Brando Sumayao
Advisor

‎11-30-2001 03:49 PM

‎11-30-2001 03:49 PM

Re: Superflous NFS Daemon

I couldn't turn off manually doing a /sbin/init.d/nfs.client stop
and /sbin/init.d/nfs.server stop (came back with a "not found" message).

But I did edit the nfsconf file and rebooted. When I did a ps-ef |grep nfs, I am seeing a process named "nfskd". What is this and is this process supposed to be up.

Also, in the NFSCONF file, do I need to change all the "1" values to "0"? The only values I changed were for the parameters NFS_CLIENT=0, NFS_SERVER=0 and PCNFS_SERVER=0, and commented out #NUM_NFSD=16 and #NUM_NFSIOD=16.

I left out the parameters AUTOMOUNT, START_MOUNTD and AUTOFS the way it is with a value of "1"? Is this ok?

Thanks!
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎12-01-2001 01:25 PM

‎12-01-2001 01:25 PM

Re: Superflous NFS Daemon

<>

nfskd is not used currently by the O/S. It was introduced in 11.00 for future use. Also,
do not try to kill it, since it is directly owned by PID 0. Better leave it alone.

<>

Since you are not going to use automount, you can make it also 0. But it should not matter now, since the NFS services are shut off, so the automount stuff cannot be used.

HTH
raj
Take it easy.
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎12-02-2001 11:53 AM

‎12-02-2001 11:53 AM

Re: Superflous NFS Daemon

Hi Brando,

If you have removed NFS_SERVER and NFS_CLIENT from the configuration you should disable the automounter too. Automounter looks for NFS services to work. Here is a thread from hp docs site on NFS configuration. If you want to disable NFS, you can follow the simple procedure outlined here. It is easy to turn off NFS without much headache.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B1031-90048/B1031-90048_top.html&con=/hpux/onlinedocs/B1031-90048/00/00/6-con.html&toc=/hpux/onlinedocs/B1031-90048/00/00/6-toc.html&searchterms=configuring%20NFS&queryid=20011202-115554

Here is a thread on "nfskd"

http://us-support2.external.hp.com/cki/bin/doc.pl/sid=e7614ab11d682cf3cb/screen=ckiDisplayDocument?docId=200000055052591

Hope this helps.

Regds
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.