ubuntu1604:2:2:7

2.2.7 Ensure NFS and RPC are not enabled (Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation

Description

The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network.

Rationale

If the system does not export NFS shares or act as an NFS client, it is recommended that these services be disabled to reduce remote attack surface.

Audit

Run the following commands to verify nfs is not enabled: 

# systemctl is-enabled nfs-kernel-server 
disabled

Verify result is not “enabled”.

Run the following commands to verify rpcbind is not enabled: 

# systemctl is-enabled rpcbind
disabled

Verify result is not “enabled”.

Remediation

Run the following command to disable nfs and rpcbind: 

# systemctl disable nfs-kernel-server 
# systemctl disable rpcbind
  • ubuntu1604/2/2/7.txt
  • Last modified: 2017/05/02 11:41
  • by Piotr Kłoczewski