Title

All NFS-exported system files and system directories must be owned by root. (Cat II impact)

Discussion

Failure to give ownership of sensitive files or directories to root provides the designated owner and possible unauthorized users with the potential to access sensitive information or change system configuration which could weaken the system's security posture.

Check Content

Check for NFS exported file systems. Procedure: # exportfs -v OR # more /etc/dfs/sharetab This will display all of the exported file systems. For each file system displayed, check the ownership. Procedure: # ls -lLa <exported file system path> If the files and directories are not owned by root, this is a finding.

Fix Text

Change the ownership of exported file systems not owned by root. Procedure: # chown root <path>

Additional Identifiers

Rule ID: SV-227917r603266_rule

Vulnerability ID: V-227917

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.