If you are exporting file systems using NFS service, be sure to configure the /etc/exports file with the most restrictive access possible. This means not using wildcards, not allowing root write access, and mounting read-only wherever possible.
Example 5.1. Export file systems using NFS
Edit the exports file vi /etc/exports and add:
/dir/to/export host1.mydomain.com(ro,root_squash)
/dir/to/export host2.mydomain.com(ro,root_squash)
Where:
/dir/to/exportis the directory you want to export.hostis the machine allowed to log in this directory.#.mydomain.comThe
rooption mean mounting read-only.The
root_squashoption for not allowing root write access in this directory.
For this change to take effect you will need to run the following command on your terminal:
[root@deep]# /usr/sbin/exportfs -a
Please be aware that having an NFS service available on your system can be a security risk. Personally, I don't recommend using it.