Weak NFS Export Permissions

Horizon3.ai  |  July 21, 2021  |  Fix Actions

Table of Contents

Option 1: Disable the NFS Service

Debian/Ubuntu

  • From within a terminal:
sudo service nfs-kernel-server stop
sudo apt-get --purge remove nfs-kernel-server nfs-common portmap

CentOS 6/RHEL 6

  • From within a terminal:
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig portmap off
chkconfig nfs off
yum remove portmap nfs-utils

CentOS 7+/RHEL 7+

  • From within a terminal:
systemctl disable nfs-lock
systemctl stop nfs
systemctl disable nfs
yum remove nfs-utils portmap

Option 2: Restrict Access to the NFS service

Different systems allow restriction of which clients can connect to the NFS service.

  • On Linux systems, the /etc/exports file can be configured to whitelist clients that access the NFS service:
[root@server ~]# cat /etc/exports/root/nfs
192.168.0.100(rw,async)

NOTE: On other systems, the solution may be to implement firewall rules to disallow access to the service from untrusted clients.

How can NodeZero help you?
Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.
Get a Demo
Share: