NFS mounted directory (UNIX)

Module: Network Integrity

This check provides information about NFS mounted directories. Use the file list to exclude directories from the check. Specify full path names in the file list.

The following table lists the error messages for the check.

Table: Error messages for NFS mounted directory

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_NFSMOUNTED Category: Change Notification	UNIX (6371)	Title: NFS mount point Description:The following remote directories are mounted on your system. This can be a security problem if setuid is allowed on these files. Setuid can allow a non-privileged user on your system to obtain privileges by running a setuid. Make sure that the privileged users on other systems that have access to the NFS served files can be trusted on your system.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_NFSRWSOFT Category: Change Notification	UNIX (6372)	Title: NFS writable soft mount Description:The following NFS mount point is soft-mounted and writable. This is not recommended by the system vendor. You should immediately change the mount to either read-only or a hard mount. See the man pages for information about the mount command.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_NFSSUID Category: Change Notification	UNIX (6373)	Title: NFS setuid mount Description:The following NFS mount points allow suid operation. The nosuid option has not been specified. This is a security problem because users on other systems can create setuid programs and shell scripts and run them from unprivileged accounts on this system. You should review these NFS mount points against your security policy to determine if the nosuid option should be used. See the man pages for information about the mount command.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_NFSMOUNTED

Category: Change Notification

UNIX (6371)

Title: NFS mount point

Description:The following remote directories are mounted on your system. This can be a security problem if setuid is allowed on these files. Setuid can allow a non-privileged user on your system to obtain privileges by running a setuid. Make sure that the privileged users on other systems that have access to the NFS served files can be trusted on your system.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NFSRWSOFT

Category: Change Notification

UNIX (6372)

Title: NFS writable soft mount

Description:The following NFS mount point is soft-mounted and writable. This is not recommended by the system vendor. You should immediately change the mount to either read-only or a hard mount. See the man pages for information about the mount command.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NFSSUID

Category: Change Notification

UNIX (6373)

Title: NFS setuid mount

Description:The following NFS mount points allow suid operation. The nosuid option has not been specified. This is a security problem because users on other systems can create setuid programs and shell scripts and run them from unprivileged accounts on this system. You should review these NFS mount points against your security policy to determine if the nosuid option should be used. See the man pages for information about the mount command.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]