Solved

is it possible to stop nfs shares from reporting any information about the shares

Posted on 2011-09-13
3
294 Views
Last Modified: 2012-06-21
I have two nfs shares between a as400 and 2 linux serves.  The rhel5 serves will answer a query with the ip address shares.  Is there anyway to have the shares run without telling any computer that they are running?

In other words a stealth share that one can use only if he already knows that it is there.

gary
0
Comment
Question by:javagair
  • 2
3 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
Comment Utility
You might be able to accomplish this with TCP wrappers.

First, in /etc/hosts.deny, add
portmap: ALL
rpc.mountd: ALL
rpc.rquotad: ALL

Open in new window


Then, in /etc/hosts.allow, add
portmap: your.ip.address or.your.hostname
rpc.mountd:  your.ip.address or.your.hostname
rpc.rquotad: your.ip.address or.your.hostname

Open in new window

like
rpc.mountd:  192.168.1.1
rpc.rquotad: bob.domain.com

Open in new window



Then restart the NFS server.

I'm not sure if this is going to work, I've never come across the need for this before.  If this way doesn't work, then I don't think it's possible.  Perhaps someone else knows more, but try my idea first.
0
 

Author Comment

by:javagair
Comment Utility
the reason I asked the question is we got written up on a vulnerability report because they could see which ip address where connected to the nfs shares.

gary
0
 

Author Closing Comment

by:javagair
Comment Utility
I am accepting this as the answer because after reading this I checked linux information on these subjects and the information appears to correct.  I would have liked to wait till the next vulnerability test was run but that is not for 30 days and questions don't stay open that long.

gary
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

In order for businesses to be compliant with certain information security laws in some countries, you need to be able to prove that a user (which user it was becomes important to the business to take action against the user after an event has occurr…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now