CCE-90764-2Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Use Root-Squashing on All Exports
If a filesystem is exported using root squashing, requests from root on the client
are considered to be unprivileged (mapped to a user such as nobody). This provides some mild
protection against remote abuse of an NFS server. Root squashing is enabled by default, and
should not be disabled.
Ensure that no line in '/etc/exports' contains the option 'no_root_squash'.
Parameter:
Technical Mechanism:
If the NFS server allows root access to local file systems from remote hosts, this
access could be used to compromise the system.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30453 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31176 |