2.2.7 Ensure NFS and RPC are not enabled (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network.
Rationale
If the system does not export NFS shares or act as an NFS client, it is recommended that these services be disabled to reduce remote attack surface.
Audit
Run the following commands to verify nfs
is not enabled:
# systemctl is-enabled nfs-kernel-server disabled
Verify result is not “enabled”.
Run the following commands to verify rpcbind
is not enabled:
# systemctl is-enabled rpcbind disabled
Verify result is not “enabled”.
Remediation
Run the following command to disable nfs
and rpcbind
:
# systemctl disable nfs-kernel-server # systemctl disable rpcbind