usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

rules[refactor] Updated check/fix for nfsd

Browse Source
This commit is contained in:
Bob Gendler
2025-05-07 13:49:04 -04:00
parent 16d0501b28
commit 368510e41c
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rules/os/os_nfsd_disable.yaml
View File

@@ -3,13 +3,19 @@ title: Disable Network File System Service
discussion: |
Support for Network File Systems (NFS) services is non-essential and, therefore, _MUST_ be disabled.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.nfsd" => disabled'
isDisabled=$(/sbin/nfsd status | /usr/bin/awk '/nfsd service/ {print $NF}')
if [[ "$isDisabled" == "disabled" ]] && [[ -z $(/usr/bin/pgrep nfsd) ]]; then
echo "pass"
else
echo "fail"
fi
result:
integer: 1
string: "pass"
fix: |
[source,bash]
----
/bin/launchctl disable system/com.apple.nfsd
/bin/rm -rf /etc/exports
----
The system may need to be restarted for the update to take effect.
references: