STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The NFS anonymous UID and GID must be configured to values that have no permissions.

DISA Rule

SV-227012r603265_rule

Vulnerability Number

V-227012

Group Title

SRG-OS-000104

Rule Version

GEN005820

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

Edit /etc/dfs/dfstab and add the "anon=-1" option for exports lacking it. Re-export the filesystems.

Check Contents

Check if the anon option is set correctly for exported file systems.

List exported file systems.
# exportfs -v
OR
# more /etc/dfs/sharetab

Each of the exported file systems should include an entry for the 'anon=' option set to -1 or an equivalent (60001, 60002, 65534, or 65535). If an appropriate 'anon=' setting is not present for an exported file system, this is a finding.

Vulnerability Number

V-227012

Documentable

False

Rule Version

GEN005820

Severity Override Guidance

Check if the anon option is set correctly for exported file systems.

List exported file systems.
# exportfs -v
OR
# more /etc/dfs/sharetab

Each of the exported file systems should include an entry for the 'anon=' option set to -1 or an equivalent (60001, 60002, 65534, or 65535). If an appropriate 'anon=' setting is not present for an exported file system, this is a finding.

Check Content Reference

M

Target Key

4060

Comments