{"description": "Edit the file <tt>/etc/fstab</tt>. For each filesystem whose type\n(column 3) is <tt>nfs</tt> or <tt>nfs4</tt>, add the text\n<tt>,nodev,nosuid</tt> to the list of mount options in column 4. If\nappropriate, also add <tt>,noexec</tt>.\n<br /><br />\nSee the section titled \"Restrict Partition Mount Options\" for a description of\nthe effects of these options. In general, execution of files mounted via NFS\nshould be considered risky because of the possibility that an adversary could\nintercept the request and substitute a malicious file. Allowing setuid files to\nbe executed from remote servers is particularly risky, both for this reason and\nbecause it requires the clients to extend root-level trust to the NFS\nserver.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["mount_option_krb_sec_remote_filesystems", "mount_option_nodev_remote_filesystems", "mount_option_noexec_remote_filesystems", "mount_option_nosuid_remote_filesystems"], "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "title": "Mount Remote Filesystems with Restrictive Options", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/group.yml"}