4.5.14 Ensure nfs_use_reserved_ports is enabled

Information

The portcheck and nfs_use_reserved_ports parameters force the NFS server process on the local system to ignore NFS client requests that do not originate from the privileged ports range (ports less than 1024).

The portcheck and nfs_use_reserved_ports parameters will both be set to 1 This value means that NFS client requests that do not originate from the privileged ports range (ports less than 1024) will be ignored by the local system.

Solution

In /etc/tunables/nextboot add the portcheck and nfs_use_reserved_ports entries:

nfso -p -o portcheck=1
nfso -p -o nfs_use_reserved_ports=1

This makes the change permanent by adding the entry into /etc/tunables/nextboot

See Also

https://workbench.cisecurity.org/benchmarks/10385

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 817836c583d473c27449f7f0103b77a7065241a15056b3b10eb01f0e76e28e01