Information
macOS can act as an NFS fileserver. NFS sharing could be enabled to allow someone on another computer to mount shares and gain access to information from the user's computer. File sharing from a user endpoint has long been considered questionable, and Apple has removed that capability from the GUI. NFSD is still part of the Operating System and can be easily turned on to export shares and provide remote connectivity to an end-user computer.
The etc/exports file contains the list of NFS shared directories. If the file exists, it is likely that NFS sharing has been enabled in the past or may be available periodically. As an additional check, the audit verifies that there is no /etc/exports file.
File serving should not be done from a user desktop. Dedicated servers should be used. Open ports make it easier to exploit the computer.
Solution
Run the following command to disable the nfsd fileserver services:
% /usr/bin/sudo /sbin/nfsd stop
% /usr/bin/sudo /bin/launchctl disable system/com.apple.nfsd
Remove the exported Directory listing.
% /usr/bin/sudo /bin/rm /etc/exports
Impact:
The nfs server is both a point of attack for the system and a means for unauthorized file transfers.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1, CSCv7|9.2
Control ID: cefc7e05d8fe537780cd749456da14878169f8b79a9f92fde4dc216d19091f1e