Title

The NFS server must have logging implemented. (Cat II impact)

Discussion

Filesystem logging, especially for NFS exported file systems, can be critical to detecting data misuse and possible hardware/system errors that may, otherwise, go unnoticed.

Check Content

To enable NFS server logging the log option must be applied to all exported file systems in the /etc/dfs/dfstab. Perform the following to verify NFS is enabled. # share The preceding command will display all exported filesystems. Each line should contain a log entry to indicate logging is enabled. If the log entry is not present, this is a finding. If the share command does not return anything, then this is not an NFS server and this is considered not applicable.

Fix Text

Edit /etc/dfs/dfstab and add the log option to all exported filesystems. Run the shareall command for the changes to take effect.

Additional Identifiers

Rule ID: SV-4300r2_rule

Vulnerability ID: V-4300

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.