Local Disks Only check inside of some Enterprise Security Manager modules seems not to be working
Last Updated May 06, 2019
The Local Disk Only checkbox is selected in the File Watch, File Find, or other policy module but Enterprise Security Manager (ESM) is reporting on issues for files and directories that are located on NFS mounted volumes when it shouldn't.
Control Compliance Suite (CCS) using Message Based data Collection (MBC) and running Enterprise Security Manager (ESM) modules to gather data.
Messages are coming back from checks in ESM modules about files that are located on NFS mounted volumes when they should not because the "Local Disks Only" selection box has been selected.
The mounted directories of autofs are not being updated into the /etc/mtab file on the UNIX\Linux machine in all cases.
Prior to Security Update 39, the Local Disks Only check inspected the mtab file as to which disks are local and which are NFS mounts. Some OS s affected are SUSE and Red hat Linux machines. While these still may be security concerns, the Local Disks Only selection should preclude ESM from traversing these NFS mounted volumes.
Apply Security Update 39 (SU 39) or higher to correct this problem. This SU will allow the Local Disks Only setting to also parse through the autofs information to determine all of the NFS mounted volumes that may not be listed in the mtab file.
LDAP mounted NFS volumes may still not be detected as remote and may still be traversed and reported on. LDAP automount volumes can be determined by examining the automount section in the /etc/nsswitch.conf file. CIFs type volume mounts are also not currently recognized as remote volumes and may be traversed. Exclusions can be made in the various modules that use the Local Disks Only check for the various remote mount paths that are not currently being detected by this check.
NOTE: In the case that /etc/auto_master file is being used instead of /etc/auto.master, remove the /etc/auto.master file as the Local Disks Only check defers to the auto_master file in situations where the auto.master is not discovered. Security Update 47 also includes the exclusion of GPFS mounts also when the Local Disks Only checkbox is selected.
Imported Document ID: TECH123516
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe