Check: GEN005880
Solaris 10 SPARC STIG:
GEN005880
(in versions v2 r4 through v1 r19)
Title
The NFS server must not allow remote root access. (Cat II impact)
Discussion
If the NFS server allows root access to local file systems from remote hosts, this access could be used to compromise the system.
Check Content
Determine if the NFS server is exporting with the root access option. Procedure: # exportfs -v | grep "root=" OR # more /etc/dfs/sharetab If an export with the root option is found and is not properly documented with the IA staff, this is a finding.
Fix Text
Edit the /etc/dfs/dfstab file and remove the root= option from all exports. Re-export the file systems.
Additional Identifiers
Rule ID: SV-227014r603265_rule
Vulnerability ID: V-227014
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |