UCF STIG Viewer Logo

The Linux NFS Server must not have the insecure file locking option.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4339 GEN000000-LNX00560 SV-44658r1_rule High
Description
Insecure file locking could allow for sensitive data to be viewed or edited by an unauthorized user.
STIG Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide 2018-09-19

Details

Check Text ( C-42162r1_chk )
Determine if an NFS server is running on the system by:

# ps -ef |grep nfsd

If an NFS server is running, confirm it is not configured with the insecure_locks option by:

# exportfs -v

The example below would be a finding:

/misc/export speedy.example.com(rw,insecure_locks)
Fix Text (F-38113r1_fix)
Remove the "insecure_locks" option from all NFS exports on the system.