CCE-90305-4Platform: macosx10.10 | Date: (C)2015-06-23 (M)2022-10-10 |
Disable NFS Services if Not in Use
If the system does not require access to NFS (Network File System) file shares or is not acting as an NFS server, then support for NFS is non-essential and NFS services must be disabled. NFS is a network file system protocol supported by Unix-like operating systems. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized.
Parameter:
enabled/disabled
Technical Mechanism:
The NFS daemon must be disabled. To check if NFS is disabled, run the following command:
sudo /usr/libexec/PlistBuddy -c 'print com.apple.nfsd:Disabled' /var/db/launchd.db/com.apple.launchd/overrides.plist
If the returned value isn't 'true', this is a finding.
The NFS lock daemon must be disabled. To check if the NFS lock daemon is disabled, run the following command:
sudo /usr/libexec/PlistBuddy -c 'print com.apple.lockd:Disabled' /var/db/launchd.db/com.apple.launchd/overrides.plist
If the returned value isn't 'true', this is a finding.
The NFS stat daemon must be disabled. To check if the NFS stat daemon is disabled, run the following command:
sudo /usr/libexec/PlistBuddy -c 'print com.apple.statd.notify:Disabled' /var/db/launchd.db/com.apple.launchd/overrides.plist
If the returned value isn't 'true', this is a finding.
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
NIST | CM-7 a |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25082 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31670 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25082 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31670 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25082 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31670 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25082 |