Home » Infrastructure » Unix » NFS Inquery? (SUN unix oracle 10g)
NFS Inquery? [message #401242] Sun, 03 May 2009 03:23 Go to next message
alzuma
Messages: 46
Registered: July 2006
Location: CA
Member
Dears,

Some of the NFS shares exported by the server could be mounted by the scanning host. An attacker may exploit this problem to gain read (and possibly write) access to files on server.
Note that root privileges were not required to mount the remote shares. That is, the source port to mount the shares was bigger than 1024.

Recommendation
Configure NFS on the server so that only authorized hosts can mount the remote shares.
The NFS server should prevent mount requests originating from a non-privileged port.

My question is:
Do you have any idea if this change will affect the Database or not?


Re: NFS Inquery? [message #401256 is a reply to message #401242] Sun, 03 May 2009 06:30 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
>>Do you have any idea if this change will affect the Database or not?
Usually, Oracle databases are not hosted on NFS mount points.
If you are doing it, you are in a bigger trouble for other reasons.
>> Configure NFS on the server so that only authorized hosts can mount the remote shares.
Nothing new and just a basic recommendation.


Re: NFS Inquery? [message #401257 is a reply to message #401242] Sun, 03 May 2009 06:56 Go to previous messageGo to next message
alzuma
Messages: 46
Registered: July 2006
Location: CA
Member
Dear,

So, u don't recomend to Configure NFS on the server so that only authorized hosts can mount the remote shares.

>> If you are doing it, you are in a bigger trouble for other reasons.

Please, can u give me the reasons?.

Thanks
Re: NFS Inquery? [message #401258 is a reply to message #401257] Sun, 03 May 2009 07:26 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
>>So, u don't recomend to Configure NFS on the server so that only authorized hosts can mount the remote shares.
Where did I say that?
I said, it is a very basic recommendation.
Something like,
Enforce your database users to use a password.
Setting up authorized hosts is "the" first thing you do with NFS mounted filesytems.

>>Please, can u give me the reasons?.
Obvious above said security reasons.
You will be adding one more layer of dependency.
Performance and network related issues.

For testing/dev purposes NFS is okay.
Not so recommended for production.

All the above are generic and historic reasons.
Oracle is now shipping Direct NFS client with 11g which claims
to have optimized I/O by a multipath implementation.
icon14.gif  Re: NFS Inquery? [message #401319 is a reply to message #401242] Mon, 04 May 2009 01:19 Go to previous messageGo to next message
alzuma
Messages: 46
Registered: July 2006
Location: CA
Member

Many Thanks
Re: NFS Inquery? [message #401385 is a reply to message #401319] Mon, 04 May 2009 07:41 Go to previous messageGo to next message
alzuma
Messages: 46
Registered: July 2006
Location: CA
Member
Dear,

can u know the detailed steps to do this task (as a dba with having the root password of the unix machine)?

Thanks
Re: NFS Inquery? [message #401388 is a reply to message #401385] Mon, 04 May 2009 07:56 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Steps to do what exactly?
And don't use IM speak, read OraFAQ Forum Guide.

Regards
Michel
Re: NFS Inquery? [message #401390 is a reply to message #401385] Mon, 04 May 2009 08:11 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Beyond the scope of this forum.

Talk to your sysadmin ( and save yourself from the wrath of admins Wink)
or
Just Google.
Like Oracle, Sun has an extensive documentation that will provide detailed steps.
http://docs.sun.com/app/docs/doc/801-6634/6i10efsk3?l=en&q=NFS&a=view
>>as a dba with having the root password of the unix machine
Do you have root account on NFS server?
Re: NFS Inquery? [message #401434 is a reply to message #401242] Tue, 05 May 2009 00:55 Go to previous message
alzuma
Messages: 46
Registered: July 2006
Location: CA
Member

Thanks Alot boss. It done Successfully
Previous Topic: Run shell Script from a procedure
Next Topic: Shellscripting or PL/SQL program
Goto Forum:
  


Current Time: Thu Mar 28 14:37:58 CDT 2024