Information
Remove any reference to localhost or localhost aliases from /etc/exports.
Rationale:
If the RPC portmapper has proxy forwarding enabled, which is a default setting in many vendor versions. You must not export your local filesytems back to the localhost, either by name or to the alias localhost, and you must not export to any netgroups of which your host is a member. If proxy forwarding is enabled, an attacker may carefully craft NFS packets and send them to the portmapper, which in turn, forwards them to the NFS server. As the packets come from the portmapper process, which runs as root, they appear to be coming from a trusted system. This configuration may allow anyone to alter and delete files at will.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Remove any reference to localhost or localhost aliases in /etc/exports: Review the content of /etc/exports and check for localhost or localhost aliases:
cat /etc/exports
NOTE: If instances of localhost or localhost aliases are found, edit the file and remove them. Create a copy of /etc/exports:
cp -p /etc/exports /etc/exports.pre_cis
Edit the file:
vi /etc/exports
Edit the relevant NFS exports to remove the localhost access, for example:
/nfsexport sec=sys,rw,access=localhost:testserver
If /etc/exports is updated, as localhost references have been removed, update the current NFS export options:
exportfs -a
Default Value:
N/A