GEN005820 - The Network File System (NFS) anonymous UID and GID must be configured to values without permissions - 'anonuid'

Information

When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.

Solution

Edit '/etc/exports' and set the 'anonuid=-1' and 'anongid=-1' options for exports lacking it.

Re-export the filesystems.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-14(1), 800-53|AC-24(2), CAT|II, CCI|CCI-000062, CCI|CCI-002355, Rule-ID|SV-218631r603259_rule, STIG-ID|GEN005820, STIG-Legacy|SV-64169, STIG-Legacy|V-932, Vuln-ID|V-218631

Plugin: Unix

Control ID: 650b9b1ceebb8a8992d19f02115918d1a1e31728490967cdf4830459070eaf59