Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-934 | GEN005860 | SV-40306r1_rule | ECAN-1 | Medium |
Description |
---|
If sec=none on Solaris, all NFS requests are mapped to an unknown/common user instead of being processed according to the provided UID. |
STIG | Date |
---|---|
SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2017-01-05 |
Check Text ( C-39156r2_chk ) |
---|
Perform the following on NFS servers: # grep "^default" /etc/nfssec.conf Check to ensure the second column does not equal 0. This would indicate the default is set to none. Perform the following to check currently exported file systems. # more /etc/dfs/dfstab If the option sec=none is set on any of the exported file systems, this is a finding. |
Fix Text (F-1088r2_fix) |
---|
Edit the /etc/dfs/dfstab file and add the sec=XXX option to the share line as an option. XXX must be a valid option for the system other than none. |