Rules Related To 'nfs-utils'

Component overview

Relevant packages:

Relevant groups:

None

Changelog:

No changes recorded.

Relevant rules:

Rule details

Uninstall nfs-utils Package

package_nfs-utils_removed

Description

The nfs-utils package can be removed with the following command:

$ sudo yum erase nfs-utils

Rationale

nfs-utils provides a daemon for the kernel NFS server and related tools. This package also contains the showmount program. showmount queries the mount daemon on a remote host for information about the Network File System (NFS) server on the remote host. For example, showmount can display the clients which are mounted on that host.

Disable Network File System (nfs)

service_nfs_disabled

Description

The Network File System (NFS) service allows remote hosts to mount and interact with shared filesystems on the local system. If the local system is not designated as a NFS server then this service should be disabled. The nfs-server service can be disabled with the following command:

$ sudo systemctl mask --now nfs-server.service

Rationale

Unnecessary services should be disabled to decrease the attack surface of the system.

Disable Network File System Lock Service (nfslock)

service_nfslock_disabled

Description

The Network File System Lock (nfslock) service starts the required remote procedure call (RPC) processes which allow clients to lock files on the server. If the local system is not configured to mount NFS filesystems then this service should be disabled. The nfslock service can be disabled with the following command:

$ sudo systemctl mask --now nfslock.service

Rationale

Disable Secure RPC Client Service (rpcgssd)

service_rpcgssd_disabled

Description

The rpcgssd service manages RPCSEC GSS contexts required to secure protocols that use RPC (most often Kerberos and NFS). The rpcgssd service is the client-side of RPCSEC GSS. If the system does not require secure RPC then this service should be disabled. The rpcgssd service can be disabled with the following command:

$ sudo systemctl mask --now rpcgssd.service

Rationale

Disable RPC ID Mapping Service (rpcidmapd)

service_rpcidmapd_disabled

Description

The rpcidmapd service is used to map user names and groups to UID and GID numbers on NFSv4 mounts. If NFS is not in use on the local system then this service should be disabled. The rpcidmapd service can be disabled with the following command:

$ sudo systemctl mask --now rpcidmapd.service

Rationale

Disable Secure RPC Server Service (rpcsvcgssd)

service_rpcsvcgssd_disabled

Description

The rpcsvcgssd service manages RPCSEC GSS contexts required to secure protocols that use RPC (most often Kerberos and NFS). The rpcsvcgssd service is the server-side of RPCSEC GSS. If the system does not require secure RPC then this service should be disabled. The rpcsvcgssd service can be disabled with the following command:

$ sudo systemctl mask --now rpcsvcgssd.service

Rationale

Unnecessary services should be disabled to decrease the attack surface of the system.