Navigate

Check: GEN005820

HP-UX 11.31 STIG: GEN005820 (in versions v1 r19 through v1 r13)

Title

The Network File System (NFS) anonymous UID and GID must be configured to values that have no permissions. (Cat II impact)

Discussion

When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.

Check Content

Check if the 'anon' option is set correctly for shared file systems. # cat /etc/dfs/dfstab Each of the shared file systems should include an entry for the 'anon=' option set to -1 or an equivalent (60001, 65534, or 65535). If an appropriate 'anon=' setting is not present for a shared file system, this is a finding.

Fix Text

Edit /etc/dfs/sharetab and set the anon=-1 option for shares without it. Re-export the file systems.

Additional Identifiers

Rule ID: SV-35199r1_rule

Vulnerability ID: V-932

Group Title: GEN005820

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000062	The organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission/business objectives.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
No controls are assigned to this check