[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Configure lockd to use static TCP port Configure the 'lockd' daemon to use a static TCP port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'LOCKD_TCPPORT=lockd-port' Where 'lockd-port' is a port which is not used by any other service on your network.

Configure lockd to use static UDP port Configure the 'lockd' daemon to use a static UDP port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'LOCKD_UDPPORT=lockd-port' Where 'lockd-port' is a port which is not used by any other service on your network.

Disable the Automounter The 'autofs' daemon mounts and unmounts filesystems, such as user home directories shared via NFS, on demand. In addition, autofs can be used to handle removable media, and the default configuration provides the cdrom device as '/misc/cd'. However, this method of providing access to removable media is not common, so autofs can almost always be disabled if NFS is not in use ...

Configure statd to use static port Configure the 'statd' daemon to use a static port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'STATD_PORT=statd-port' Where 'statd-port' is a port which is not used by any other service on your network.

Configure mountd to use static port Configure the 'mountd' daemon to use a static port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'MOUNTD_PORT=statd-port' Where 'mountd-port' is a port which is not used by any other service on your network.

Disable Network File System (nfs) The Network File System (NFS) service allows remote hosts to mount and interact with shared filesystems on the local machine. If the local machine is not designated as a NFS server then this service should be disabled. The 'nfs' service can be disabled with the following command: '$ sudo systemctl disable nfs'

Disable Secure RPC Server Service (rpcsvcgssd) The rpcsvcgssd service manages RPCSEC GSS contexts required to secure protocols that use RPC (most often Kerberos and NFS). The rpcsvcgssd service is the server-side of RPCSEC GSS. If the system does not require secure RPC then this service should be disabled. The 'rpcsvcgssd' service can be disabled with the following command: '$ sudo syste ...

Use Root-Squashing on All Exports If a filesystem is exported using root squashing, requests from root on the client are considered to be unprivileged (mapped to a user such as nobody). This provides some mild protection against remote abuse of an NFS server. Root squashing is enabled by default, and should not be disabled. Ensure that no line in '/etc/exports' contains the option 'no_root_squas ...

Restrict NFS Clients to Privileged Ports By default, the server NFS implementation requires that all client requests be made from ports less than 1024. If your organization has control over machines connected to its network, and if NFS requests are prohibited at the border firewall, this offers some protection against malicious requests from unprivileged users. Therefore, the default should not b ...

Disable DNS Server The 'named' service can be disabled with the following command: '$ sudo systemctl disable named'


Pages:      Start    3013    3014    3015    3016    3017    3018    3019    3020    3021    3022    3023    3024    3025    3026    ..   3047

© SecPod Technologies