Solaris 10 "NFS Share User Mountable" Nessus vulnerability
I need to fix the following Nessus vulnerability (odd punctuation sic) -
Quote:
Code:
SunOS av1 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V445 My Googling has revealed the "nfs_portmon" option, so at the end of /etc/system I have Code:
set nfssrv:nfs_portmon = 1 Code:
$ sudo adb -k Code:
$ rpcinfo -p | grep mountd Where am I going wrong? |
You have to modify share options by giving necessary permissions to necessary hosts. For example to give rw access to 192.168.1.1 host:
Code:
share -F nfs -o rw=192.168.1.1 /export/home/scoban |
Not sure restricting to certain clients is an option, as this Very Important Server's NFS exports are mounted by employees worldwide.
Anyway, this post seems to indicate that I can't do this in Solaris 10 either, but I don't know where to find the RFE to check. I searched Google and Sunsolve (after logging in, and yep we have a support contract) but couldn't find it. |
After trying to understand the poorly worded problem description, it seems to me the risk factor is not that much due to using a reserved port or not but more to sharing a file system to anyone. Implementing the "-p port" option wouldn't really solve that issue as I suspect you haven't any way to prevent a user to be root on its own machine worldwide.
If you want a strong security model with NFS, you might want to force NFSv4 (NFS_SERVER_VERSMIN=4 in /etc/default/nfs). |
All times are GMT -5. The time now is 03:50 PM. |