CVM's running NFS server risk

Question

I just had a security scan done against my cluster running AOS 5.5.6 and the only 'high' risk that came back was with cve-id CVE-1999-0548 (NFS Server Without Shares Detected):

Description;
A superfluous NFS server that is not sharing any file systems has been detected.
How to Fix;
Disable the NFS server.

Obliviously, I don't think I want to disable the NFS server service on all of my cvm's - is there any official documentation that I can share with my peers to support this so that I can get an exemption from this risk on these systems?

danny_sre · Accepted Answer

Hi Mandg!

Since the CVM’s are the storage controllers for the environment we would not want to disable NFS. This is particularly true if the hypervisors are ESXi ( ref: https://portal.nutanix.com/#/page/kbs/details?targetId=kA032000000TStNCAW )

Note the following:

CVM, Stargate service is always listening on ports 2049 (NFS), 3261/3260 (iSCSi), 445 (SMB), no matter what kind of hypervisor we are using. This can cause security scan warnings for vulnerabilities on CVM in the environment.

Please review and let me know if you have any additional questions.

Thanks!

DannyR

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded