CVM's running NFS server risk | Nutanix Community
Skip to main content
I just had a security scan done against my cluster running AOS 5.5.6 and the only 'high' risk that came back was with cve-id CVE-1999-0548 (NFS Server Without Shares Detected):



Description;

A superfluous NFS server that is not sharing any file systems has been detected.

How to Fix;

Disable the NFS server.



Obliviously, I don't think I want to disable the NFS server service on all of my cvm's - is there any official documentation that I can share with my peers to support this so that I can get an exemption from this risk on these systems?

Hi Mandg!

 

Since the CVM’s are the storage controllers for the environment we would not want to disable NFS. This is particularly true if the hypervisors are ESXi ( ref: https://portal.nutanix.com/#/page/kbs/details?targetId=kA032000000TStNCAW ) 


Note the following:

CVM, Stargate service is always listening on ports 2049 (NFS), 3261/3260 (iSCSi), 445 (SMB), no matter what kind of hypervisor we are using. This can cause security scan warnings for vulnerabilities on CVM in the environment.

 

Please review and let me know if you have any additional questions. 

 

Thanks!

 

DannyR