Network and Storage Protocols

NFS, NTP and NetApp Mode 7

Harisheldon
4,574 Views

Greetings all and Happy New Year,

 

I currently have an issue with the NFS settings on three of my four filers.  I have compared them to the filer which is not on the ACAS report, and the settings are a mirror of each other.  The problems are as follows:

  1. NFS Exported Share Information Disclosure (It is possible to access NFS shares on the remote host) Solution: Configure NFS on the remote host so that only authorized hosts can mount its remote shares.
  2. NFS Shares World Readable (The remote NFS server exports world-readable shares) Solution: Place the appropriate restrictions on all NFS shares.

I have done a search on the Internet and the NetApp site and I cannot find any solution to these.  The solution presented is from the ACAS scan.

 

The other problem is with the NTP.  The problem is:

  1. Network Time Protocol (NTP) Mode 6 Scanner (The remote NTP server responds to mode 6 queries) Solution: Restrict NTP mode 6 queries.

I am still doing a bunch of reading on this but if you assist, great.

 

As always any and all help is greatly appreciated.  Have a happy and safe new year.

 

James

 

3 REPLIES 3

AlexDawson
4,531 Views

Hi there! Looks like you have some/all volumes exported to a wider group of hosts than is necessary. The command to manage that is exportfs - this document - https://library.netapp.com/ecmdocs/ECMP1511537/html/man1/na_exportfs.1.html -  explains the options available, but exact options depend on which volumes have the problem, and what the design on your network is. If properly setup, you can use OnCommand System Manager to manage this through a GUI.

 

Regarding NTP.. NetApp systems don't run NTP servers, they act as NTP clients, however the mode 6 vulnerabilities look like they are related to this issue - https://security.netapp.com/advisory/ntap-20171004-0001/  - you should be running the most recent version of ONTAP for your platform - in most cases 8.2.5P2 - and utilize defence in depth to protect your systems.

 

Hope this helps!

ahmedm89
4,221 Views

The link you posted above does not work. What will happen if we disable NTP? how will it impact the filers?

AlexDawson
4,178 Views

Correct links are https://security.netapp.com/advisory/ntap-20171004-0002/ and https://security.netapp.com/advisory/ntap-20171004-0001/

 

You should not disable NTP - It will break SMB as the clock drifts and make analysing system incidents more difficult

Public