UCF STIG Viewer Logo

The NFS anonymous UID and GID must be configured to values without permissions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-932 GEN005820 SV-38956r1_rule IAIA-1 ECSC-1 IAIA-2 Medium
Description
When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.
STIG Date
AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2014-10-03

Details

Check Text ( C-863r2_chk )
Check if the anon option is set correctly for exported file systems.

List exported file systems.
# exportfs -v

Each of the exported file systems should include an entry for the 'anon=' option set to -1 or an equivalent (60001, 60002, 65534, or 65535). If an appropriate 'anon=' setting is not present for an exported file system, this is a finding.
Fix Text (F-32338r1_fix)
Edit /etc/exports and set the anon=-1 option for exported file systems without it. Re-export the file systems.

# exportfs -a