STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none.

DISA Rule

SV-227920r603266_rule

Vulnerability Number

V-227920

Group Title

SRG-OS-000480

Rule Version

GEN005860

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the /etc/dfs/dfstab file and add the sec=XXX option to the share line as an option. XXX must be a valid option for the system other than none.

Check Contents

Perform the following on NFS servers:

# grep "^default" /etc/nfssec.conf

Check to ensure the second column does not equal 0. This would indicate the default is set to none. Perform the following to check currently exported file systems.

# more /etc/dfs/dfstab

If the option sec=none is set on any of the exported file systems, this is a finding.

Vulnerability Number

V-227920

Documentable

False

Rule Version

GEN005860

Severity Override Guidance

Perform the following on NFS servers:

# grep "^default" /etc/nfssec.conf

Check to ensure the second column does not equal 0. This would indicate the default is set to none. Perform the following to check currently exported file systems.

# more /etc/dfs/dfstab

If the option sec=none is set on any of the exported file systems, this is a finding.

Check Content Reference

M

Target Key

4061

Comments