Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: dfstab Security Questions
Operating Systems Solaris dfstab Security Questions Post 302498744 by stringman on Tuesday 22nd of February 2011 10:33:33 AM
Old 02-22-2011
dfstab Security Questions
Hello,

I am in the middle of a security audit (Soalris 10) and have been given the following directives regarding my dfstab file:
  1. The SA will ensure the NFS server is configured to deny client access requests that do not include a userid.
  2. The SA will ensure access to exported filesystems is restricted to local hosts via the export configuration file.
My dfstab file looks like this:
Code:
share -F nfs -d "Eonstor" /raid0 #EonStor/Infotrend
share -F nfs -d "Excess" /raid1 #DotHil logical disk 2

Regarding item #1, I think it has something to do w/ the sec=<mode> option, but I can't say for sure.

Regarding item #2, the security report implied it was a dfstab problem because it showed the dfstab output as needing modification, but the verbiage suggests another file is involved.

Any help would be greatly appreciated. Thanks in advance.

Ken
 

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Updated /etc/dfs/dfstab

Solaris 8. So i updated dfstab and added computer2.acme.com i.e: share -F nfs rw=computer1.acme.com,computer2.acme.com /export/home how do I get the daemon to recognize the change, without kicking computer1.acme.com off? kill -HUP or /etc/init.d/nfsd stop /etc/init.d/nfsd start or... (1 Reply)
Discussion started by: benq70
1 Replies

2. UNIX for Dummies Questions & Answers

Basic security questions

Hey guys, I've seen this posted a few times when i searched but I kinda want to know the cleanest way of doing it. On Solaris 8 and Solaris 9 What is the best way to disable telnet ssh1 and remote root login premanently? I've seen posts that say edit /etc/services edit this edit that... (3 Replies)
Discussion started by: kingdbag
3 Replies

3. Homework & Coursework Questions

Print questions from a questions folder in a sequential order

1.) I am to write scripts that will be phasetest folder in the home directory. 2.) The folder should have a set-up,phase and display files I have written a small script which i used to check for the existing users and their password. What I need help with: I have a set of questions in a... (19 Replies)
Discussion started by: moraks007
19 Replies

4. Solaris

Help with parsing regex in tripwire for Solaris 10 dfstab

Help with parsing regex in tripwire: the rule is" This test verifies that exported file systems do not have the "root=<host>" option specified." regex that does not work is : ^.*-o+(?=root=\S+|\S+,root=\S+).* the dfstab looks like this : # cat /etc/dfs/dfstab # Place... (1 Reply)
Discussion started by: bathija12
1 Replies

5. Solaris

Help with parsing regex in tripwire for Solaris 10 dfstab FQDN

Help with parsing regex in tripwire: the rule is" This test verifies that all exported file systems found in /etc/exports specify a fully qualified domain name containing "thecss.com" or a NIS netgroup.." regex that does not work is : ... (1 Reply)
Discussion started by: bathija12
1 Replies

LEARN ABOUT DEBIAN

share

share(1M)                                                                                                                                share(1M)

NAME

       share - make local resource available for mounting by remote systems

SYNOPSIS

       share [-F FSType] [-o specific_options] [-d description] [pathname]

       The share command exports, or makes a resource available for mounting, through a remote file system of type FSType. If the option -F FSType
       is omitted, the first file system type listed in /etc/dfs/fstypes is used as default. For  a  description  of  NFS  specific  options,  see
       share_nfs(1M).  pathname is the pathname of the directory to be shared. When invoked with no arguments, share displays all shared file sys-
       tems.

       -F FSType

           Specify the filesystem type.

       -o specific_options

           The specific_options are used to control access of the shared resource. (See share_nfs(1M) for the NFS specific options.) They  may  be
           any of the following:

           rw

               pathname is shared read/write to all clients. This is also the default behavior.

           rw=client[:client]...

               pathname is shared read/write only to the listed clients. No other systems can access pathname.

           ro

               pathname is shared read-only to all clients.

           ro=client[:client]...

               pathname is shared read-only only to the listed clients. No other systems can access pathname.

           Separate multiple options with commas. Separate multiple operands for an option with colons. See .

       -d description

           The -d flag may be used to provide a description of the resource being shared.

       Example 1: Sharing a Read-Only Filesystem

       This line will share the /disk file system read-only at boot time.

       share -F nfs -o ro /disk

       Example 2: Invoking Multiple Options

       The  following  command shares the filesystem /export/manuals, with members of the netgroup having read-only access and users on the speci-
       fied host having read-write access.

       share -F nfs -o ro=netgroup_name,rw=host1:host2:host3 /export/manuals

       /etc/dfs/dfstab

           list of share commands to be executed at boot time

       /etc/dfs/fstypes

           list of file system types, NFS by default

       /etc/dfs/sharetab

           system record of shared file systems

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+

       mountd(1M), nfsd(1M), share_nfs(1M), shareall(1M), unshare(1M), attributes(5)

       Export (old terminology): file system sharing used to be called exporting on SunOS 4.x,  so  the  share  command  used  to  be  invoked  as
       exportfs(1B) or /usr/sbin/exportfs.

       If  share commands are invoked multiple times on the same filesystem, the last share invocation supersedes the previous--the options set by
       the last share command replace the old options. For example, if read-write permission was given to usera on /somefs,  then  to  give  read-
       write permission also to userb on /somefs:

              example% share -F nfs -o rw=usera:userb /somefs

       This behavior is not limited to sharing the root filesystem, but applies to all filesystems.

                                                                    9 Dec 2004                                                           share(1M)
All times are GMT -4. The time now is 05:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy