This post is more than 5 years old
13 Posts
0
4347
OMIVV security findings
Our internal security team is reporting some security findings for our OMIVV appliance (3.1.1.150).
1. The following NFS shares could be mounted:
/nfsstage
2. The following shares have no access restrictions:
/nfsstage
Is it possible to restrict access and/or have the OMIVV appliance only present the /nfsstage share when it is needed?
Vikram_KV
20 Posts
1
December 29th, 2016 03:00
Hello FBBen,
The NFS share /nfsstage is a staging area that OMIVV uses only during firmware update and OS deployments. This share is read-only from outside. Moreover, OMIVV does not place any sensitive content in this location. Also, the files / images placed for OS deployment will be flushed once the deployment job is completed.
Hope this info helps.
Vikram_KV
20 Posts
1
January 2nd, 2017 01:00
Hello FBBen,
This is a DUP that OMIVV had downloaded for firmware update.
OMIVV retains the DUPs that are downloaded, so that it need not download the same file over and again.These files will be purged automatically once the folder crosses a specific size limit.
Hope this info helps.
FBBen
13 Posts
0
December 29th, 2016 07:00
Hello VIKRAM_KV,
I'll pass that along and see what they say.
I was able to mount the /nfsstage share myself and confirmed that it is read-only. I did however find a "repository" folder which contained two files; "fw_repository.xml" and "iDRAC-with-Lifecycle-Controller_Firmware_2091K_WN64_2.40.40.40_A00.EXE". We do not have any pending jobs and I've reboot the OMIVV appliance. Is there anything that we need to do to purge these files?
Abhi_Janwalkar
2 Posts
0
August 28th, 2019 03:00
Can we stop nfs service on the omivv server and start it only when required?