GEN005820 - The NFS anonymous UID and GID must be configured to values without permissions.

Information

When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.

Solution

Edit /etc/exports and set the anon=-1 option for exported file systems without it. Re-export the file systems.
# exportfs -a

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-14(1), CAT|II, CCI|CCI-000062, Rule-ID|SV-38956r1_rule, STIG-ID|GEN005820, Vuln-ID|V-932

Plugin: Unix

Control ID: a7fb06e864e8537ac4f5e98f6dd57cf6f73c4bbacbecf91590b728ebd4dfc97a