GEN005820 - The NFS anonymous UID and GID must be configured to values that have no permissions.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.

Solution

Edit /etc/dfs/dfstab and add the 'anon=-1' option for exports lacking it. Re-export the filesystems.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R2_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000764, Rule-ID|SV-227919r603266_rule, STIG-ID|GEN005820, STIG-Legacy|SV-40304, STIG-Legacy|V-932, Vuln-ID|V-227919

Plugin: Unix

Control ID: cf5ea7fc42e434060868f67cf205e9b860f9e1a70fa39468933a05cc90832bbd