The Network File System (NFS) anonymous UID and GID must be configured to values that have no permissions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-932 | GEN005820 | SV-35199r1_rule | ECSC-1 | Medium |
| Description |
|---|
| When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2018-09-14 |
Details
| Check Text ( C-38003r1_chk ) |
|---|
| Check if the 'anon' option is set correctly for shared file systems. # cat /etc/dfs/dfstab Each of the shared file systems should include an entry for the 'anon=' option set to -1 or an equivalent (60001, 65534, or 65535). If an appropriate 'anon=' setting is not present for a shared file system, this is a finding. |
| Fix Text (F-33237r1_fix) |
|---|
| Edit /etc/dfs/sharetab and set the anon=-1 option for shares without it. Re-export the file systems. |