UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The NFS server must have logging implemented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4300 GEN000000-SOL00400 SV-40041r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
Filesystem logging, especially for NFS exported file systems, can be critical to detecting data misuse and possible hardware/system errors that may, otherwise, go unnoticed.
STIG Date
SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-03-31

Details

Check Text ( C-39054r1_chk )
To enable NFS server logging the log option must be applied to all exported file systems in the /etc/dfs/dfstab. Perform the following to verify NFS is enabled.

# share

The preceding command will display all exported filesystems. Each line should contain a log entry to indicate logging is enabled. If the log entry is not present, this is a finding. If the share command does not return anything, then this is not an NFS server and this is considered not applicable.

NFS version 4 does not support server logging. Verify NFS_SERVER_VERSMAX in /etc/default/nfs.

# grep NFS_SERVER_VERSMAX /etc/default/nfs

If NFS_SERVER_VERSMAX is commented out or set to any value but 2 or 3, this is a finding.
Fix Text (F-34153r1_fix)
Edit /etc/dfs/dfstab and add the log option to all exported filesystems. Run the shareall command for the changes to take effect.

NFS version 2 or 3 must be forced by updating the NFS_SERVER_VERSMAX variable appropriately in /etc/default/nfs and restarting the NFS daemon.