Weak NFS Export Permissions
Table of Contents
Option 1: Disable the NFS Service
Debian/Ubuntu- From within a terminal:
sudo service nfs-kernel-server stop
sudo apt-get --purge remove nfs-kernel-server nfs-common portmap
CentOS 6/RHEL 6- From within a terminal:
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig portmap off
chkconfig nfs off
yum remove portmap nfs-utils
CentOS 7+/RHEL 7+- From within a terminal:
systemctl disable nfs-lock
systemctl stop nfs
systemctl disable nfs
yum remove nfs-utils portmap
Option 2: Restrict Access to the NFS service
Different systems allow restriction of which clients can connect to the NFS service. - On Linux systems, the /etc/exports
file can be configured to whitelist clients that access the NFS service:
[root@server ~]# cat /etc/exports/root/nfs
192.168.0.100(rw,async)
NOTE: On other systems, the solution may be to implement firewall rules to disallow access to the service from untrusted clients.