STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX NFS server must be configured to restrict file system access to local hosts.

DISA Rule

SV-215330r508663_rule

Vulnerability Number

V-215330

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-003017

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit "/etc/exports" and add "ro" and/or "rw" options (as appropriate) specifying a list of hosts or networks which are permitted access.

Re-export the file systems:
# /usr/sbin/exportfs -a

Check Contents

Check the permissions on exported NFS file systems by running command:

# exportfs -v
/export/shared -ro,access=10.17.76.74

If the exported file systems do not contain the "rw" or "ro" options specifying a list of hosts or networks, this is a finding.

Vulnerability Number

V-215330

Documentable

False

Rule Version

AIX7-00-003017

Severity Override Guidance

Check the permissions on exported NFS file systems by running command:

# exportfs -v
/export/shared -ro,access=10.17.76.74

If the exported file systems do not contain the "rw" or "ro" options specifying a list of hosts or networks, this is a finding.

Check Content Reference

M

Target Key

4012

Comments