[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115190

 
 

909

 
 

90025

 
 

140

 
 
Paid content will be excluded from the download.

Filter
Matches : 24436 Download | Alert*

Configure lockd to use static UDP port Configure the 'lockd' daemon to use a static UDP port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'LOCKD_UDPPORT=lockd-port' Where 'lockd-port' is a port which is not used by any other service on your network.

Disable the Automounter The 'autofs' daemon mounts and unmounts filesystems, such as user home directories shared via NFS, on demand. In addition, autofs can be used to handle removable media, and the default configuration provides the cdrom device as '/misc/cd'. However, this method of providing access to removable media is not common, so autofs can almost always be disabled if NFS is not in use ...

Configure statd to use static port Configure the 'statd' daemon to use a static port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'STATD_PORT=statd-port' Where 'statd-port' is a port which is not used by any other service on your network.

Configure mountd to use static port Configure the 'mountd' daemon to use a static port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'MOUNTD_PORT=statd-port' Where 'mountd-port' is a port which is not used by any other service on your network.

Specify UID and GID for Anonymous NFS Connections To specify the UID and GID for remote root users, edit the '/etc/exports' file and add the following for each export: anonuid='value greater than UID_MAX from /etc/login.defs' anongid='value greater than GID_MAX from /etc/login.defs' Alternatively, functionally equivalent values of 60001, 65534, 65535 may be used.

Disable Network File System (nfs) The Network File System (NFS) service allows remote hosts to mount and interact with shared filesystems on the local machine. If the local machine is not designated as a NFS server then this service should be disabled. The 'nfs' service can be disabled with the following command: '$ sudo systemctl disable nfs'

Disable Secure RPC Server Service (rpcsvcgssd) The rpcsvcgssd service manages RPCSEC GSS contexts required to secure protocols that use RPC (most often Kerberos and NFS). The rpcsvcgssd service is the server-side of RPCSEC GSS. If the system does not require secure RPC then this service should be disabled. The 'rpcsvcgssd' service can be disabled with the following command: '$ sudo syste ...

Use Root-Squashing on All Exports If a filesystem is exported using root squashing, requests from root on the client are considered to be unprivileged (mapped to a user such as nobody). This provides some mild protection against remote abuse of an NFS server. Root squashing is enabled by default, and should not be disabled. Ensure that no line in '/etc/exports' contains the option 'no_root_squas ...

Restrict NFS Clients to Privileged Ports By default, the server NFS implementation requires that all client requests be made from ports less than 1024. If your organization has control over machines connected to its network, and if NFS requests are prohibited at the border firewall, this offers some protection against malicious requests from unprivileged users. Therefore, the default should not b ...

Ensure Insecure File Locking is Not Allowed By default the NFS server requires secure file-lock requests, which require credentials from the client in order to lock a file. Most NFS clients send credentials with file lock requests, however, there are a few clients that do not send credentials when requesting a file-lock, allowing the client to only be able to lock world-readable files. To get aro ...


Pages:      Start    4    5    6    7    8    9    10    11    12    13    14    15    16    17    ..   2443

© SecPod Technologies