STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-226420r603265_rule
V-226420
SRG-OS-000470
GEN000000-SOL00400
CAT II
10
Edit /etc/dfs/dfstab and add the log option to all exported filesystems. Run the shareall command for the changes to take effect.
NFS version 2 or 3 must be forced by updating the NFS_SERVER_VERSMAX variable appropriately in /etc/default/nfs and restarting the NFS daemon.
To enable NFS server logging the log option must be applied to all exported file systems in the /etc/dfs/dfstab. Perform the following to verify NFS is enabled.
# share
The preceding command will display all exported filesystems. Each line should contain a log entry to indicate logging is enabled. If the log entry is not present, this is a finding. If the share command does not return anything, then this is not an NFS server and this is considered not applicable.
NFS version 4 does not support server logging. Verify NFS_SERVER_VERSMAX in /etc/default/nfs.
# grep NFS_SERVER_VERSMAX /etc/default/nfs
If NFS_SERVER_VERSMAX is commented out or set to any value but 2 or 3, this is a finding.
V-226420
False
GEN000000-SOL00400
To enable NFS server logging the log option must be applied to all exported file systems in the /etc/dfs/dfstab. Perform the following to verify NFS is enabled.
# share
The preceding command will display all exported filesystems. Each line should contain a log entry to indicate logging is enabled. If the log entry is not present, this is a finding. If the share command does not return anything, then this is not an NFS server and this is considered not applicable.
NFS version 4 does not support server logging. Verify NFS_SERVER_VERSMAX in /etc/default/nfs.
# grep NFS_SERVER_VERSMAX /etc/default/nfs
If NFS_SERVER_VERSMAX is commented out or set to any value but 2 or 3, this is a finding.
M
4060