2.1.3 Ensure NFS and RPC are not enabled - nfs-server
The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network. Rationale: If the system does not export NFS shares or act as an NFS client, it is recommended that these services be disabled to reduce the remote attack surface.
Run the following commands to disable the nfs-server and rpcbind: # systemctl --now disable nfs-server # systemctl --now disable rpcbind /etc is stateless on Container-Optimized OS. Therefore, the steps mentioned above needs to be performed after every boot. Additional Information: Additional methods of disabling a service exist. Consult your distribution documentation for appropriate methods.