Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-934 | GEN005860 | SV-934r2_rule | ECAN-1 | Medium |
Description |
---|
If sec=none on Solaris, all NFS requests are mapped to an unknown/common user instead of being processed according to the provided UID. |
STIG | Date |
---|---|
Solaris 9 SPARC Security Technical Implementation Guide | 2013-04-10 |
Check Text ( C-865r3_chk ) |
---|
Perform the following on NFS servers. # grep "^default" /etc/nfssec.conf Check to ensure the second column does not equal 0. This would indicate the default is set to none. Perform the following to check currently exported file systems. # more /etc/exports OR # more /etc/dfs/dfstab If the option sec=none is set on any of the exported file systems, this is a finding. |
Fix Text (F-1088r2_fix) |
---|
Edit the /etc/dfs/dfstab file and add the sec=XXX option to the share line as an option. XXX must be a valid option for the system other than none. |