Differences

This shows you the differences between two versions of the page.

Link to this comparison view

centos7:2:2:7 [2017/05/04 14:45] (current)
Piotr Kłoczewski created
Line 1: Line 1:
 +======2.2.7 Ensure NFS and RPC are not enabled (Scored)======
 +=====Profile Applicability=====  ​
 +<​code>​
 +Level 1 - Server
 +Level 1 - Workstation ​
 +</​code>​
 +
 +=====Description=====
 +The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network.
 +
 +=====Rationale=====
 +If the system does not export NFS shares or act as an NFS client, it is recommended that these services be disabled to reduce remote attack surface.
 +
 +=====Audit===== ​
 +Run the following commands to verify ''​nfs''​ is not enabled:
 +<​Code:​bash>​
 +# systemctl is-enabled nfs 
 +disabled ​
 +</​Code>​
 +Verify result is not "​enabled"​. \\ \\ 
 +Run the following commands to verify ''​rpcbind''​ is not enabled:
 +<​Code:​bash>​
 +# systemctl is-enabled rpcbind
 +disabled ​
 +</​Code>​
 +Verify result is not "​enabled"​.
 +
 +=====Remediation===== ​
 +Run the following command to disable ''​nfs''​ and ''​rpcbind'':​
 +<​Code:​bash>​
 +# systemctl disable nfs 
 +# systemctl disable rpcbind
 +</​Code>​