NFS contents.gifindex.gif

NFS

The security of NFS relies heavily upon who is allowed to mount the files that a server exports, and whether or not they are exported read-only. To find out which directories are exported, the Scanner logs all exportable directories. The Unix command showmount -e hostname shows the exports on a remote host. If the exported directories look like this:

/usr (everyone)

/export/hosta hosta

/export/hostb hostb

anyone can mount /usr - and possibly replace files and gain access. hosta and hostb appear to be clients to this server. In such a case, /usr can be mounted by anyone. Instead, this access should be restricted. You should check hosta and hostb for security vulnerabilities. When either is vulnerable, so is the server.

Consult the system manual for more information on exports, NFS, or netgroups.

Risk: Low

OS Vulnerable: Any running NFS

Fix: Disable NFS, or reconfigure. See NFS Exports