Check: GEN005820
HP-UX 11.23 STIG:
GEN005820
(in version v1 r8)
Title
The NFS anonymous UID and GID must be configured to values without permissions. (Cat II impact)
Discussion
When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.
Check Content
Check if the anon option is set correctly for exported file systems. List exported file systems: # exportfs -v Each of the exported file systems should include an entry for the anon= option set to -1 or an equivalent (60001, 65534, or 65535). If an appropriate anon= setting is not present for an exported file system, this is a finding.
Fix Text
Edit /etc/exports and set the anon=-1 option for exports without it. Re-export the file systems.
Additional Identifiers
Rule ID: SV-39006r1_rule
Vulnerability ID: V-932
Group Title: GEN005820
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000062 |
The organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission/business objectives. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |