STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-209031r603263_rule
V-209031
SRG-OS-000104
OL6-00-000309
CAT I
10
By default the NFS server requires secure file-lock requests, which require credentials from the client in order to lock a file. Most NFS clients send credentials with file lock requests, however, there are a few clients that do not send credentials when requesting a file-lock, allowing the client to only be able to lock world-readable files.
To get around this, the "insecure_locks" option can be used so these clients can access the desired export.
This poses a security risk by potentially allowing the client access to data for which it does not have authorization.
Remove any instances of the "insecure_locks" option from the file "/etc/exports".
To verify insecure file locking has been disabled, run the following command:
# grep insecure_locks /etc/exports
If there is output, this is a finding.
V-209031
False
OL6-00-000309
To verify insecure file locking has been disabled, run the following command:
# grep insecure_locks /etc/exports
If there is output, this is a finding.
M
2928