UCF STIG Viewer Logo

The NFS server must have logging implemented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4300 GEN000000-SOL00400 SV-4300r2_rule ECAR-3 ECAR-2 ECAR-1 Medium
Description
Filesystem logging, especially for NFS exported file systems, can be critical to detecting data misuse and possible hardware/system errors that may, otherwise, go unnoticed.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-8295r2_chk )
To enable NFS server logging the log option must be applied to all exported file systems in the /etc/dfs/dfstab. Perform the following to verify NFS is enabled.

# share

The preceding command will display all exported filesystems. Each line should contain a log entry to indicate logging is enabled. If the log entry is not present, this is a finding. If the share command does not return anything, then this is not an NFS server and this is considered not applicable.
Fix Text (F-4211r2_fix)
Edit /etc/dfs/dfstab and add the log option to all exported filesystems. Run the shareall command for the changes to take effect.