Join us for a virtual Nutanix User Group meeting with Jarian Gibson as he covers Nutanix Cloud Clusters (NC2) on Azure and AWS with Citrix. <\/span><\/p>

Jarian will take a deep dive into NC2 on Azure architecture and Citrix on NC2 on Azure\u00a0that helps you strengthen your business continuity and disaster recovery position. He\u2019ll also provide the latest updates for NC2 on AWS.<\/span><\/p>

Plus, we're\u00a0giving away a Nutanix suitcase to one lucky winner!\u00a0Opt-in when you register\u00a0to be entered to win.\u00a0<\/p>","author":{"id":113632,"url":"\/members\/karlie-beil-113632","name":"Karlie Beil","avatar":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/icon\/200x200\/1581aab3-bcf6-49f4-b2fb-3d11e8c010dc.png","userTitle":"Community Manager","rank":{"isBold":false,"isItalic":false,"isUnderline":false,"name":"Community Manager","color":"#0873ba"},"userLevel":4},"type":"Webinar","url":"https:\/\/next.nutanix.com\/events\/global-nug-nc2-on-azure-and-aws-with-citrix-151","image":"https:\/\/uploads-us-west-2.insided.com\/nutanix-us\/attachment\/f9693b5b-436b-427a-9b98-531b4040ff24_thumb.png","location":"","startsAt":1678298400,"endsAt":1678302000,"contentType":"event","attendees":[],"attendeeCount":0,"isLoggedInUserAttendee":false,"createdAt":"1675974969"},"phrases":{"Forum":{"{n} year|{n} years":"{n} year|{n} years","{n} month|{n} months":"{n} month|{n} months","{n} day|{n} days":"{n} day|{n} days","{n} hour|{n} hours":"{n} hour|{n} hours","{n} minute|{n} minutes":"{n} minute|{n} minutes","just":"just now","{plural} ago":"{plural} ago"}}}">

解决了

CVM运行NFS服务器风险

4年前
2019年1月8日
1回复
1054意见

UserLevel 2

+11

mandg
开拓者
22个答复

我刚刚对运行AOS 5.5.6的群集进行了安全扫描，而回来的唯一“高”风险是CVE-ID CVE-1999-0548（未检测到的股票的NFS服务器）：

描述;

已经检测到未共享任何文件系统的多余NFS服务器。

怎么修;

禁用NFS服务器。

遗忘了，我认为我不想在所有CVM上禁用NFS服务器服务 - 是否有任何正式文档可以与我的同行分享以支持这一点，以便我可以免除这些系统的风险？

图标

最好的答案danny_sre2019年11月25日，21:03

Hi Mandg!<\/p>

\u00a0<\/p>

Since the CVM\u2019s are the storage controllers for the environment we would not want to disable NFS. This is particularly true if the hypervisors are ESXi ( ref:\u00a0https:\/\/portal.nutanix.com\/#\/page\/kbs\/details?targetId=kA032000000TStNCAW<\/a>\u00a0)\u00a0<\/p>

Note the following:<\/p>

CVM, Stargate service is always listening on ports 2049 (NFS), 3261\/3260 (iSCSi), 445 (SMB), no matter what kind of hypervisor we are using.\u00a0This can cause security scan warnings for vulnerabilities on CVM in the environment.<\/p>

\u00a0<\/p>

Please review and let me know if you have any additional questions.\u00a0<\/p>

\u00a0<\/p>","className":"post__content__best_answer"}">

查看原件

\r\n

\r\nDescription;<\/b>

\r\nA superfluous NFS server that is not sharing any file systems has been detected.

\r\nHow to Fix;<\/b>

\r\nDisable the NFS server.

\r\n

\r\nObliviously, I don't think I want to disable the NFS server service on all of my cvm's - is there any official documentation that I can share with my peers to support this so that I can get an exemption from this risk on these systems?","quoteUsername":"mandg","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

喜欢

引用

分享

该主题已关闭以供评论

1回复

最古老的第一

新的先来最好投票

Userlevel 1

+1

danny_sre

Nutanix员工

13个答复

3年前
2019年11月25日

回答

嗨，曼格！

由于CVM是环境的存储控制器，因此我们不想禁用NFS。如果管理程序是ESXI，则尤其如此（参考：https://portal.nutanix.com/#/page/kbs/details?targetId=ka0320000000000tstncaw）

注意以下内容：

CVM，星际之门服务总是在端口2049（NFS），3261/3260（ISCSI），445（SMB）上聆听，无论我们使用哪种操纵虚拟机。这可能会导致对环境中CVM漏洞的安全扫描警告。

请查看，让我知道您是否还有其他问题。

谢谢！

丹尼尔

丹尼

Hi Mandg!<\/p>
\u00a0<\/p>
Since the CVM\u2019s are the storage controllers for the environment we would not want to disable NFS. This is particularly true if the hypervisors are ESXi ( ref:\u00a0https:\/\/portal.nutanix.com\/#\/page\/kbs\/details?targetId=kA032000000TStNCAW<\/a>\u00a0)\u00a0<\/p>

Note the following:<\/p>
CVM, Stargate service is always listening on ports 2049 (NFS), 3261\/3260 (iSCSi), 445 (SMB), no matter what kind of hypervisor we are using.\u00a0This can cause security scan warnings for vulnerabilities on CVM in the environment.<\/p>
\u00a0<\/p>
Please review and let me know if you have any additional questions.\u00a0<\/p>
\u00a0<\/p>
Thanks!<\/p>
\u00a0<\/p>
DannyR<\/p>
\u00a0<\/p>","quoteUsername":"danny_sre","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

喜欢

引用

由内部支持

条款和条件

报名

已经有一个帐户？登录

使用您的帐户登录

登录社区

使用您的帐户登录

输入您的用户名或电子邮件地址。我们将向您发送带有指令的电子邮件以重置密码。

用户名或电子邮件

返回概述

扫描病毒文件。

抱歉，我们仍在检查此文件的内容，以确保它可以安全下载。请在几分钟后再试一次。
好的

该文件无法下载

抱歉，我们的病毒扫描仪检测到该文件无法安全下载。
好的

Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">