STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The NFS server must not allow remote root access.

DISA Rule

SV-227921r603266_rule

Vulnerability Number

V-227921

Group Title

SRG-OS-000480

Rule Version

GEN005880

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the /etc/dfs/dfstab file and remove the root= option from all exports. Re-export the file systems.

Check Contents

Determine if the NFS server is exporting with the root access option.

Procedure:
# exportfs -v | grep "root="
OR
# more /etc/dfs/sharetab

If an export with the root option is found and is not properly documented with the IA staff, this is a finding.

Vulnerability Number

V-227921

Documentable

False

Rule Version

GEN005880

Severity Override Guidance

Determine if the NFS server is exporting with the root access option.

Procedure:
# exportfs -v | grep "root="
OR
# more /etc/dfs/sharetab

If an export with the root option is found and is not properly documented with the IA staff, this is a finding.

Check Content Reference

M

Target Key

4061

Comments