CCE-92739-2Platform: ubuntu18.04 | Date: (C)2019-11-07 (M)2022-10-10 |
Ensure NFS and RPC are not enabled
The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network.
Parameter:
Technical Mechanism:
If the server does not export NFS shares or act as an NFS client, it is recommended that these services be disabled to reduce remote attack surface.
Fix:
Remove or comment out start lines in /etc/init/rpcbind-boot.conf:
# start on virtual-filesystems and net-device-up IFACE=lo
Remove any start links for nfs-kernel-server from /etc/rc*.d:
# rm /etc/rc*.d/S*nfs-kernel-server
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:51338 |