An XCCDF Group - A logical subset of the XCCDF Benchmark
nfs-utils
$ sudo dnf erase nfs-utils
$ mount -t nfs,nfs4,smbfs,cifs,ncpfs
/etc/fstab
netfs
$ sudo systemctl mask --now netfs.service
nfslock
$ sudo systemctl mask --now nfslock.service
rpcbind
$ sudo systemctl mask --now rpcbind.service
rpcgssd
$ sudo systemctl mask --now rpcgssd.service
rpcidmapd
$ sudo systemctl mask --now rpcidmapd.service
iptables
rpcbind, lockd, and rpc.statd
rpc.mountd
lockd
/etc/sysconfig/nfs
LOCKD_TCPPORT=lockd-port
lockd-port
LOCKD_UDPPORT=lockd-port
mountd
MOUNTD_PORT=statd-port
mountd-port
statd
STATD_PORT=statd-port
statd-port
nfs
rpcsvcgssd
nfs-server
$ sudo systemctl mask --now nfs-server.service
$ sudo systemctl mask --now rpcsvcgssd.service
/etc/exports
anonuid=value greater than UID_MAX from /etc/login.defs anongid=value greater than GID_MAX from /etc/login.defs
value greater than UID_MAX from /etc/login.defs
value greater than GID_MAX from /etc/login.defs
anonuid
anongid
-1
nfs4
,nodev,nosuid
,noexec
all_squash
insecure_locks
insecure
no_root_squash
exports(5)
exports
/DIR host1(opt1,opt2) host2(opt3)
/DIR
hostN
optN
ro
rw
address/netmask
address/CIDR