Detections
Analytics
GEN000000-LNX00560 - The Linux NFS Server must not have the insecure file locking option.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Insecure file locking could allow for sensitive data to be viewed or edited by an unauthorized user.Solution
Remove the 'insecure_locks' option from all NFS exports on the system.Procedure:
Edit /etc/exports and remove all instances of the insecure_locks option.
Re-export the file systems to make the setting take effect.
# exportfs -a
See Also
http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R17_STIG.zip
Item Details
Category: ACCESS CONTROL
References: 800-53|AC-6, CAT|I, CCI|CCI-000225, CCI|CCI-000764, Group-ID|V-4339, Rule-ID|SV-37316r1_rule, STIG-ID|GEN000000-LNX00560
Plugin: Unix
Control ID: fb2c6f49a583636847c99b5f2781408ab74f5d18636679d0de62a2cf7b61f48d