Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

is it possible to stop nfs shares from reporting any information about the shares

I have two nfs shares between a as400 and 2 linux serves.  The rhel5 serves will answer a query with the ip address shares.  Is there anyway to have the shares run without telling any computer that they are running?

In other words a stealth share that one can use only if he already knows that it is there.

gary
0
javagair
Asked:
javagair
  • 2
1 Solution
 
PapertripCommented:
You might be able to accomplish this with TCP wrappers.

First, in /etc/hosts.deny, add
portmap: ALL
rpc.mountd: ALL
rpc.rquotad: ALL

Open in new window


Then, in /etc/hosts.allow, add
portmap: your.ip.address or.your.hostname
rpc.mountd:  your.ip.address or.your.hostname
rpc.rquotad: your.ip.address or.your.hostname

Open in new window

like
rpc.mountd:  192.168.1.1
rpc.rquotad: bob.domain.com

Open in new window



Then restart the NFS server.

I'm not sure if this is going to work, I've never come across the need for this before.  If this way doesn't work, then I don't think it's possible.  Perhaps someone else knows more, but try my idea first.
0
 
javagairAuthor Commented:
the reason I asked the question is we got written up on a vulnerability report because they could see which ip address where connected to the nfs shares.

gary
0
 
javagairAuthor Commented:
I am accepting this as the answer because after reading this I checked linux information on these subjects and the information appears to correct.  I would have liked to wait till the next vulnerability test was run but that is not for 30 days and questions don't stay open that long.

gary
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now