3.8 Only enable NFS server processes if absolutely necessary - Ensure file /etc/rc3.d/S15nfs.server does NOT exist.


NFS is frequently exploited to gain unauthorized access to files and systems. There is no need to run the NFS server-related daemons on hosts that are not NFS servers. If the system is an NFS server, the admin should take reasonable precautions when exporting file systems, including restricting NFS access to a specific range of local IP addresses and exporting file systems 'read-only' and 'nosuid' where appropriate. For more information consult the share_nfs manual page.

See Also


Item Details

Audit Name: CIS Solaris 9 v1.3


References: 800-53|CM-7b., CSCv6|9.1

Plugin: Unix

Control ID: 958ae1e6004e63cd591f347de4efbaac3f1884fb66be34f0ffa7392e65bb6732