GEN000000-LNX00560 - The Linux NFS Server must not have the insecure file locking option.

Information

Insecure file locking could allow for sensitive data to be viewed or edited by an unauthorized user.

Solution

Remove the 'insecure_locks' option from all NFS exports on the system.

Procedure:

Edit /etc/exports and remove all instances of the insecure_locks option.

Re-export the file systems to make the setting take effect.
# exportfs -a

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-6, 800-53|IA-2, CAT|I, CCI|CCI-000225, CCI|CCI-000764, Rule-ID|SV-218179r603259_rule, STIG-ID|GEN000000-LNX00560, STIG-Legacy|SV-62985, STIG-Legacy|V-4339, Vuln-ID|V-218179

Plugin: Unix

Control ID: 4a50613025f9d3b4757b64b61ebc482baa6e03f8bc8a7806e3a8f3c8f34c7b63