{"description": "If a filesystem is exported using root squashing, requests from root on the client\nare considered to be unprivileged (mapped to a user such as nobody). This provides some mild\nprotection against remote abuse of an NFS server. Root squashing is enabled by default, and\nshould not be disabled.\n<br /><br />\nEnsure that no line in <tt>/etc/exports</tt> contains the option <tt>no_root_squash</tt>.", "rationale": "If the NFS server allows root access to local file systems from remote hosts, this\naccess could be used to compromise the system.", "severity": "unknown", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Use Root-Squashing on All Exports", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml", "template": null}