[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90305-4

Platform: macosx10.10Date: (C)2015-06-23   (M)2017-11-21



Disable NFS Services if Not in Use If the system does not require access to NFS (Network File System) file shares or is not acting as an NFS server, then support for NFS is non-essential and NFS services must be disabled. NFS is a network file system protocol supported by Unix-like operating systems. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized.


Parameter: enabled/disabled


Technical Mechanism: The NFS daemon must be disabled. To check if NFS is disabled, run the following command: sudo /usr/libexec/PlistBuddy -c 'print com.apple.nfsd:Disabled' /var/db/launchd.db/com.apple.launchd/overrides.plist If the returned value isn't 'true', this is a finding. The NFS lock daemon must be disabled. To check if the NFS lock daemon is disabled, run the following command: sudo /usr/libexec/PlistBuddy -c 'print com.apple.lockd:Disabled' /var/db/launchd.db/com.apple.launchd/overrides.plist If the returned value isn't 'true', this is a finding. The NFS stat daemon must be disabled. To check if the NFS stat daemon is disabled, run the following command: sudo /usr/libexec/PlistBuddy -c 'print com.apple.statd.notify:Disabled' /var/db/launchd.db/com.apple.launchd/overrides.plist If the returned value isn't 'true', this is a finding.

References:

Resource IdReference
NISTCM-7 a
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:25082


OVAL    2
oval:org.secpod.oval:def:31670
oval:org.secpod.oval:def:25082

© 2013 SecPod Technologies