STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The NFS anonymous UID and GID must be configured to values that have no permissions.

DISA Rule

SV-227919r603266_rule

Vulnerability Number

V-227919

Group Title

SRG-OS-000104

Rule Version

GEN005820

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit /etc/dfs/dfstab and add the "anon=-1" option for exports lacking it. Re-export the filesystems.

Check Contents

Check if the anon option is set correctly for exported file systems.

List exported file systems.
# exportfs -v
OR
# more /etc/dfs/sharetab

Each of the exported file systems should include an entry for the 'anon=' option set to -1 or an equivalent (60001, 60002, 65534, or 65535). If an appropriate 'anon=' setting is not present for an exported file system, this is a finding.

Vulnerability Number

V-227919

Documentable

False

Rule Version

GEN005820

Severity Override Guidance

Check if the anon option is set correctly for exported file systems.

List exported file systems.
# exportfs -v
OR
# more /etc/dfs/sharetab

Each of the exported file systems should include an entry for the 'anon=' option set to -1 or an equivalent (60001, 60002, 65534, or 65535). If an appropriate 'anon=' setting is not present for an exported file system, this is a finding.

Check Content Reference

M

Target Key

4061

Comments