Check: GEN005840
HP-UX 11.31 STIG:
GEN005840
(in versions v1 r19 through v1 r13)
Title
The Network File System (NFS) server must be configured to restrict file system access to local hosts. (Cat II impact)
Discussion
The NFS access option limits user access to the specified level. This assists in protecting shared file systems. If access is not restricted, unauthorized hosts may be able to access the system's NFS shares.
Check Content
Check the permissions on shared NFS file systems. Procedure: # cat /etc/dfs/sharetab If the shared file systems do not contain the "rw" or "ro" options that specify a list of hosts or networks, this is a finding.
Fix Text
Edit /etc/dfs/dfstab and add ro and/or rw options (as appropriate) that specify a list of hosts or networks which are permitted access. Re-share the file systems via the following commands: # unshare <the file system entry that was modified> # share <the file system entry that was modified>
Additional Identifiers
Rule ID: SV-35201r1_rule
Vulnerability ID: V-933
Group Title: GEN005840
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |