[TriLUG] Question About NFS Client Access Config
Lance A. Brown via TriLUG
trilug at trilug.org
Wed Apr 10 09:27:44 EDT 2019
Why should iptables be considered cheating? Defense in depth is a well regarded concept and adding
a layer of host based security is a common tactic in controlling access to resources on a server.
Seems rather like doing security with one hand tied behind your back.
--[Lance]
Scott Chilcote via TriLUG wrote on 4/10/2019 9:16 AM:
> Hi All,
>
> Thanks for the great help and ideas on this!
>
> We did think of the iptables solution, and patched that in last night.
> But as Joe Mack pointed out that's considered cheating, and our host
> does not generally condone filtering inside the VLAN. We'll see whether
> that holds.
>
> The scan result is very specific that "At least one of the NFS shares
> exported by the remote server could be mounted by the scanning host."
> That's a serious WTF finding, no? We will likely get Redhat support
> involved.
>
> Much appreciation!
>
> Scott C.
More information about the TriLUG
mailing list