Puppet Class: cis_security_hardening::rules::nfs

Defined in:
manifests/rules/nfs.pp

Summary

Ensure NFS is not enabled

Overview

The Network File System (NFS) is one of the first and most widely distributed file systems in the UNIX environment. It provides the ability for systems to mount file systems of other servers through the network.

Rationale: If the system does not export NFS shares, it is recommended that the NFS be disabled to reduce the remote attack surface.

Examples:

class { 'cis_security_hardening::rules::nfs':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'manifests/rules/nfs.pp', line 20

class cis_security_hardening::rules::nfs (
  Boolean $enforce = false,
) {
  if $enforce {
    if $facts['os']['name'].downcase() == 'ubuntu' {
      ensure_packages(['nfs-kernel-server'], {
          ensure => purged,
      })
    } else {
      ensure_resource('service', 'nfs', {
          enable => false,
          ensure => stopped,
      })
    }
  }
}