Check: GEN005880
Solaris 10 X86 STIG:
GEN005880
(in versions v2 r4 through v1 r17)
Title
The NFS server must not allow remote root access. (Cat II impact)
Discussion
If the NFS server allows root access to local file systems from remote hosts, this access could be used to compromise the system.
Check Content
Determine if the NFS server is exporting with the root access option. Procedure: # exportfs -v | grep "root=" OR # more /etc/dfs/sharetab If an export with the root option is found and is not properly documented with the IA staff, this is a finding.
Fix Text
Edit the /etc/dfs/dfstab file and remove the root= option from all exports. Re-export the file systems.
Additional Identifiers
Rule ID: SV-227921r603266_rule
Vulnerability ID: V-227921
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |