An NFS Server is running on the ESX Server host
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15784 | ESX0020 | SV-16723r1_rule | Medium |
| Description |
|---|
| Datastores may have several types of file system formats. These include VMFS, Raw Device Mappings, and NFS. VMFS is a proprietary file system developed by VMware that is built to handle a high amount of I/O generated by the ESX Server. Raw Device Mappings (RDM) is a mapping file in a VMFS volume that acts as a proxy for a raw physical device. An RDM can be thought of as a symbolic link from a VMFS volume to a raw LUN. An NFS volume is located on an NFS server. In normal usage there should be no case where an ESX host would be required to export an NFS directory or directories using an NFS server. If such a server were to exist within the ESX host operating environment, sensitive data from datastores to which the ESX server is attached may become compromised. Since there should never be a need for an ESX server to export a file system, the presence of a running NFS server is a finding. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-15970r1_chk ) |
|---|
| On the ESX Server service console, perform the following: # ps –ef | grep nfsd If you see the something other than the “grep nfsd” process, this is a finding. |
| Fix Text (F-15725r1_fix) |
|---|
| Do not configure an NFS Server on the ESX Server host. |