UCF STIG Viewer Logo

The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none.


Overview

Finding ID Version Rule ID IA Controls Severity
V-227013 GEN005860 SV-227013r603265_rule Medium
Description
If sec=none on Solaris, all NFS requests are mapped to an unknown/common user instead of being processed according to the provided UID.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2022-09-07

Details

Check Text ( C-29175r485387_chk )
Perform the following on NFS servers:

# grep "^default" /etc/nfssec.conf

Check to ensure the second column does not equal 0. This would indicate the default is set to none. Perform the following to check currently exported file systems.

# more /etc/dfs/dfstab

If the option sec=none is set on any of the exported file systems, this is a finding.
Fix Text (F-29163r485388_fix)
Edit the /etc/dfs/dfstab file and add the sec=XXX option to the share line as an option. XXX must be a valid option for the system other than none.