Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

What is the way to configure Netapp so that only authorized hosts can access.

novice
‎2021-01-19 08:06 AM
6,434 Views

I have Netapp version 8.2.2.   I have the following security violation on it after scanned with security tool.

It said that the solution is to "configure NFS on the remote host so that only authorized hosts can mount its remote shares".

There are 12 servers, which are in a cluster, and additional 5 servers access and share the file system.   What is the way to build the access list so that only these 17 servers can access the Netapp?

 

========================================================================================

 

 

Synopsis :
It is possible to access NFS shares on the remote host.

Description :
At least one of the NFS shares exported by the remote server could be
mounted by the scanning host. An attacker may be able to leverage
this to read (and possibly write) files on remote host.

The following NFS shares could be mounted :

+ /vol/LUN_RDM011_vol
+ Contents of /vol/LUN_RDM011_vol :
- .
- ..
- .snapshot
- LUN_RDM11

+ /vol/LUN_RDM012_vol
+ Contents of /vol/LUN_RDM012_vol :
- .
- ..
- .snapshot
- LUN_RDM12

+ /vol/LUN_RDM21_vol
+ Contents of /vol/LUN_RDM21_vol :
- .
- ..
- .snapshot
- LUN_RDM21

+ /vol/LUN_RDM22_vol
+ Contents of /vol/LUN_RDM22_vol :
- .
- ..
- .snapshot
- LUN_RDM22

+ /vol/LUN_RDM41_vol
+ Contents of /vol/LUN_RDM41_vol :
- .
- ..
- .snapshot
- LUN_RDM41

+ /vol/LUN_RDM51_vol
+ Contents of /vol/LUN_RDM51_vol :

....

....


Solution :
Configure NFS on the remote host so that only authorized hosts can
mount its remote shares.

0 Kudos
1 ACCEPTED SOLUTION

jcolonfzenpr
‎2021-01-23 10:04 AM
In response to novice
6,284 Views

Look for client permission for Export.,

Jonathan Colón | Blog | Linkedin

View solution in original post

Preview file
189 KB
3 REPLIES 3

pedro_rocha
‎2021-01-19 11:01 AM
6,410 Views

Hello,

 

I believe you have an export policy specifying 0.0.0.0/0 as the client specification. In that way, all the networks are allowed to access the exports for volumes with the export policy.

 

So you should create more restrictive export policies specifying the client IPs.

 

This documentation may help you: https://library.netapp.com/ecm/ecm_download_file/ECMP1331695

(Creating an export policy in System Manager).

 

Regards,

Pedro

 

0 Kudos

novice
‎2021-01-22 11:25 AM
In response to pedro_rocha
6,303 Views

Thank you for your reply.   

On my Netapp Ondemand System manager Version: 3.1, I don't see an export policy on the left tree.   My Netapp is version 8.2.2.   If I (or can I upgrade the system manager only without Netapp upgrade?) upgrade the System Manager, will there be export policy menu on the left tree?   

 

0 Kudos

jcolonfzenpr
‎2021-01-23 10:04 AM
In response to novice
6,285 Views

Look for client permission for Export.,

Jonathan Colón | Blog | Linkedin
Preview file
189 KB
Announcements
All Community Forums
Public