|Securing and Optimizing Linux: RedHat Edition -A Hands on Guide|
|Prev||Chapter 5. General System Security||Next|
If you are exporting file systems using NFS service, be sure to configure the /etc/exports file with the most restrictive access possible. This means not using wildcards, not allowing root write access, and mounting read-only wherever possible.
Example 5-1. Export file systems using NFS
Edit the exports file vi /etc/exports and add:
/dir/to/export host1.mydomain.com(ro,root_squash) /dir/to/export host2.mydomain.com(ro,root_squash)
/dir/to/export is the directory you want to export.
host#.mydomain.com is the machine allowed to log in this directory.
The ro option mean mounting read-only.
The root_squash option for not allowing root write access in this directory.
[root@deep]# /usr/sbin/exportfs -a
: Please be aware that having an NFS service available on your system can be a security risk. Personally, I don't recommend using it.