IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [nfs]

NFS, or Network File System, is an open distributed file system protocol initially developed by Sun Microsystems. It first appeared in SunOS in 1985 but is now supported in a wide range of operating systems.

NFS, or Network File System, is an open distributed file system protocol initially developed by Sun Microsystems. It first appeared in SunOS in 1985 but is now supported in a wide range of operating systems.

14 questions
28
votes
2 answers

Security risk of opening port 111 (rpcbind)?

As far as I understood rpcbind is used for listing active services, and telling the requesting client where to send the RPC request. If a host listens on port 111, one can use rpcinfo to get program numbers and ports and services running; For…
Goli E
  • 895
  • 1
  • 11
  • 20
8
votes
1 answer

Can auditd track events that occured over NFS

I have multiple servers mounting a NFS shared called /opt/WHATEVER from Server X. Server X has auditd enables with rule: sudo /sbin/auditctl -w /opt/WHATEVER -p rwxa When events occur on Server X on that folder, it works great. However, when any…
Takadonet
  • 81
  • 1
  • 2
7
votes
3 answers

Is it a bad idea to share the ssh host key in a diskless environment?

I am looking at this cluster of student work stations. They are diskless clients which boot from NFS. They also have sshd enabled. All of these machines share the same ssh host key (rsa,dsa,etc), because they boot from NFS. As NFS is not encrypted,…
user46168
4
votes
1 answer

What is insecure about the "insecure" option of NFS exports?

Why is it considered insecure for an NFS export to allow connections originating from high ports? Compare the manual: exportfs understands the following export options: secure This option requires that requests originate on an Internet port less…
bers
  • 200
  • 1
  • 9
3
votes
0 answers

NFS IP spoofing

I am using VirtualBox: where the guest is an Arch ISO and the host Windows/Cygwin or a generic Linux. For sharing host folders, VB native shared folders is not an option (since the setup requires often a reboot of the ISO). I am turning to NFS, …
antonio
  • 845
  • 2
  • 8
  • 15
2
votes
1 answer

NFS and encrypted File systems

Can a NFS mounted file system be used for encrypted /home, and can the encrypted Home Directories be mounted/decrypted for the user when they login?
Squidly
  • 267
  • 1
  • 6
2
votes
1 answer

Why is autofs insecure?

I am hardening CentOS/RHEL 7.6. The hardening documents recommend disabling the automounter, "unless it is necessary." Why is autofs such a problem? One of the benefits of networking is a shared file system. What other alternatives are…
Scottie H
  • 244
  • 1
  • 9
2
votes
1 answer

Secure Authentication options for NFS

Are there any Secure Authentication for NFS other than Kerberos?
Saqib Ali
  • 213
  • 1
  • 8
2
votes
1 answer

On NFSv4 with kerberos security

When NFSv4 is configured to use kerberos authentication is mandatory to have a keytab installed on every client with is own principal. To access files a user still needs to be authenticated with his principal. What happens if a client keytab gets…
Enrico Polesel
  • 201
  • 1
  • 4
1
vote
1 answer

SUID Binary Doesn't Work - TryHackMe

In the TryHackMe's machine, there are some NFS shares that no_root_squash is enabled which allows attacker to create malicious SUID binary on the share with root privileges. I mounted share successfully, then created a binary file with following…
BooRuleDie
  • 11
  • 2
1
vote
1 answer

NFS4+Kerberos: Is the client authenticated?

Imagine the following scenario: A company network with "domain joined" linux clients (e.g they have a HOST$@DOMAIN.LOCAL principal in their keytabs file + A computer entry in the DC). Now an attacker gains access to this network with his laptop…
tobi_b
  • 13
  • 4
1
vote
1 answer

Any known risks with Elastic File System?

I want to give some of my clients the ability to write files via SFTP, which later I can read from my main server. Since I'm using EC2, to do so I simply opened an Elastic File System (EFS) and mounted it on two servers: on my main server, which is…
Ronen Ness
  • 125
  • 5
0
votes
1 answer

Ransomware on Mycloud NAS

I own a Mycloud NAS and it was affected by ransomware. In the NAS there are several folders, most of them are password protected. There is also the "Public" folder which can be seen by all users and contains family photos, movies, etc... Until now…
Daniele F.
  • 11
  • 1
0
votes
0 answers

What are the risks of sharing disk storage by NFS by two machines in different security zones?

In order to share files between two systems, an IT department has decided to share disk storage in a SAN device. The volumes are shared by NFS. The two machines mount the same volume in the SAN. The problem is that the two machines are in different…
Eloy Roldán Paredes
  • 1,507
  • 12
  • 25