iCompaas Support

Profile Applicability:
 • Level 1

Description:
 Network File System (NFS) services allow file sharing over the network. If the system is not intended to provide NFS services, these should be disabled to reduce the system’s attack surface and prevent unauthorized file sharing.

Rationale:
 Disabling unused NFS services minimizes exposure to network-based attacks and prevents unauthorized access to shared files.

Impact:
 Pros:

• Reduces risk of unauthorized file access over the network.
  

• Limits unnecessary services running on the system.
  

Cons:

• Disabling NFS on systems that require it may disrupt legitimate file sharing.
  

Default Value:
 NFS services may be enabled by default on some systems.

Pre-requisites:

• Root or sudo privileges to manage system services.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check if NFS server services are enabled:

systemctl is-enabled nfs-server  
systemctl is-enabled nfs

2. Check if NFS server services are running:

systemctl status nfs-server  
systemctl status nfs

Implementation Plan:

Using Linux command line:

1. Disable NFS server services:

systemctl disable nfs-server  
systemctl disable nfs

2. Stop running NFS server services:

systemctl stop nfs-server  
systemctl stop nfs

3. Verify services are disabled and stopped:

systemctl is-enabled nfs-server  
systemctl is-enabled nfs  
systemctl status nfs-server  
systemctl status nfs

Backout Plan:

Using Linux command line:

1. Enable and start NFS server services if required:

systemctl enable nfs-server  
systemctl start nfs-server  
systemctl enable nfs  
systemctl start nfs

2. Verify service status.

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• Systemd Service Management