UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none.


Overview

Finding ID Version Rule ID IA Controls Severity
V-934 GEN005860 SV-934r2_rule ECAN-1 Medium
Description
If sec=none on Solaris, all NFS requests are mapped to an unknown/common user instead of being processed according to the provided UID.
STIG Date
Solaris 9 SPARC Security Technical Implementation Guide 2013-01-10

Details

Check Text ( C-865r3_chk )
Perform the following on NFS servers.

# grep "^default" /etc/nfssec.conf

Check to ensure the second column does not equal 0. This would indicate the default is set to none. Perform the following to check currently exported file systems.

# more /etc/exports
OR
# more /etc/dfs/dfstab

If the option sec=none is set on any of the exported file systems, this is a finding.
Fix Text (F-1088r2_fix)
Edit the /etc/dfs/dfstab file and add the sec=XXX option to the share line as an option. XXX must be a valid option for the system other than none.