UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Network File System (NFS) anonymous UID and GID must be configured to values without permissions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-932 GEN005820 SV-64169r1_rule ECSC-1 IAIA-1 IAIA-2 Medium
Description
When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2015-03-26

Details

Check Text ( C-52631r3_chk )
Check if the 'anonuid' and 'anongid' options are set correctly for exported file systems.

List exported filesystems:
# exportfs -v

Each of the exported file systems should include an entry for the 'anonuid=' and 'anongid=' options set to "-1" or an equivalent (60001, 65534, or 65535).

If appropriate values for 'anonuid' or 'anongid' are not set, this is a finding.
Fix Text (F-54773r2_fix)
Edit "/etc/exports" and set the "anonuid=-1" and "anongid=-1" options for exports lacking it.

Re-export the filesystems.