NFS Exported Filesystems List Vulnerability

Question

Hi Everyone, Our vulnerability tool reports below list for NFS exported shares . Tool used here Qualys and ID is listed below. we have similar issue in VNX exported file shares and I am aware about the fix of changing (forceFullShowmount  parameter on datamover ) do we have any similar fix for Isilon 8.1 ?   NFS Exported Filesystems List Vulnerability (QID 66002)This system is running a Network File System (NFS) server that enables a remote host to access andshare files and directories. The current configuration of this system gives both authorized andunauthorized users the list of exported disks and authorized hosts.This list discloses information about your internal organization and network architecture. It providesinformation about where data is stored, whether the server is heavily secured, and lists hosts that canbe attacked. The list also contains a source of valuable information, which can be used in a spoofingattack.If the NFS server is not required on this system, then shutdown and disable the 'mountd' and 'nfsd'RPC services.If the NFS server is required on this system, then the solution is not as simple. Since the server's clientsneed to be able to access the export list, this service cannot be shutdown. Access can be restricted tohosts on the local network or hosts that are authorized clients of this server. Use either a packet filter atthe system level (local packet filter) or a centralized packet filter on the firewall. Note, however, thatusing a firewall in front of your network will not secure the service itself, but will limit the risk to internalattacks.This vulnerability is confirmed by exploiting the vulnerability.

DELL-Josh Cr · Accepted Answer

Hi,

Try the following steps and see if it still fails the vulnerability test:

a. Check the current value of the parameter # isi_gconfig https://dell.to/2OdCkLu.lwio.Parameters.Drivers.nfs.MountdAllowForeignShowmountERequests b. Change the value to 0 # isi_gconfig https://dell.to/2OdCkLu.lwio.Parameters.Drivers.nfs.MountdAllowForeignShowmountERequests=0 c. Double check if it’s been changed successfully # isi_gconfig https://dell.to/2OdCkLu.lwio.Parameters.Drivers.nfs.MountdAllowForeignShowmountERequests d. Refresh NFS to make sure it takes effect # isi_for_array -s /usr/likewise/bin/lwsm refresh nfs

Srikanth2021 · Answer

Any suggestions on this query

Srikanth2021 · Answer

Hi josh, Thank you for the reply.  Is this a disruptive change ? will NFS clients  requires remounting ?   Regards  Srikanth

Srikanth2021 · Answer

Hi, Links provide are directing to DELL sales pages.   Regards  Srikanth

DELL-Sam L · Answer

Hello Srikanth2021,

As Josh stated try these steps first:

a. Check the current value of the parameter # isi_gconfig

b. Change the value to 0 # isi_gconfig

c. Double check if it’s been changed successfully # isi_gconfig

d. Refresh NFS to make sure it takes effect # isi_for_array -s /usr/likewise/bin/lwsm refresh nfs

Here are also a couple of links as well to a KB & a guide.

https://dell.to/3bcVpGz

https://dell.to/3kPon2A

Isilon

Was this post helpful?