Disable Network File Systems (netfs)
The netfs script manages the boot-time mounting of several types of networked filesystems, of which NFS and Samba are the most common. If these filesystem types are not in use, the script can be disabled, protecting the system somewhat against accidental or malicious changes to/etc/fstab
and against flaws in the netfs script itself.
The netfs
service can be disabled with the following command:
$ sudo systemctl mask --now netfs.service
- ID
- xccdf_org.ssgproject.content_rule_service_netfs_disabled
- Severity
- Unknown
- Updated
Remediation Templates
An Ansible Snippet
- name: Disable Network File Systems (netfs) - Collect systemd Services Present in
the System
ansible.builtin.command: systemctl -q list-unit-files --type service
register: service_exists
changed_when: false
failed_when: service_exists.rc not in [0, 1]
OS Build Blueprint
masked = ["netfs"]
A Puppet Snippet
include disable_netfs
class disable_netfs {
service {'netfs':
enable => false,
ensure => 'stopped',