Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Services
NFS and RPC
Configure NFS Servers
Ensure Insecure File Locking is Not Allowed
Ensure Insecure File Locking is Not Allowed
An XCCDF Rule
Details
Profiles
Prose
Ensure Insecure File Locking is Not Allowed
Medium Severity
By default the NFS server requires secure file-lock requests, which require credentials from the client in order to lock a file. Most NFS clients send credentials with file lock requests, however, there are a few clients that do not send credentials when requesting a file-lock, allowing the client to only be able to lock world-readable files. To get around this, the
insecure_locks
option can be used so these clients can access the desired export. This poses a security risk by potentially allowing the client access to data for which it does not have authorization. Remove any instances of the
insecure_locks
option from the file
/etc/exports
.