All AIX NFS anonymous UIDs and GIDs must be configured to values without permissions.
An XCCDF Rule
Description
<VulnDiscussion>When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-215209r991589_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Edit "/etc/exports" and set the "anon=-1" option for all exported file systems without it.
Re-export the file systems using command:
# exportfs -a