Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-934 | GEN005860 | SV-40306r1_rule | ECAN-1 | Medium |
| Description |
|---|
| If sec=none on Solaris, all NFS requests are mapped to an unknown/common user instead of being processed according to the provided UID. |
| STIG | Date |
|---|---|
| SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2016-06-22 |
Details
| Check Text ( C-39156r2_chk ) |
|---|
| Perform the following on NFS servers: # grep "^default" /etc/nfssec.conf Check to ensure the second column does not equal 0. This would indicate the default is set to none. Perform the following to check currently exported file systems. # more /etc/dfs/dfstab If the option sec=none is set on any of the exported file systems, this is a finding. |
| Fix Text (F-1088r2_fix) |
|---|
| Edit the /etc/dfs/dfstab file and add the sec=XXX option to the share line as an option. XXX must be a valid option for the system other than none. |