Things that are caused by improper NFS configuration

NFS (Network File system): One of the file systems supported by FreeBSD that allows computers in the network to share resources across TCP/IP networks;

NFS Configuration: (Declaration: The following NFS experiments are done on REDHAT7)

Install NFS First (my machine is a minimized system and I need to install it myself):

Yum Install Nfs-utils.x86_64-y

Start the service:

Systemctl Start Rpcbind (if this service does not Start, NFS service will fail to start)

Systemctl Start Nfs-server

Systemctl Enable rpcbind;systemctl enable Nfs-server boot

Firewall-cmd--permanent--add-service=nfs Let Firewall through NFS service

Firewall-cmd--permanent--add-service=rpc-bind through the RPC service (Rpcinfo cannot scan if not turned on)

Firewall-cmd--permanent--add-service=mountd via MOUNTD service (cannot be remotely showmount if not turned on)

Firewall-cmd--reload

Configuration:

Mkdir/pentest (Create a shared directory)

Vi/etc/exports

Cat/etc/exports

/* (Rw,sync,no_root_squash) (Note: The problem is in this place, the principle is explained after the text)

Exportfs-r (start sharing)

SHOWMOUNT-E (View share)

Client Mount:

MOUNT-T NFS NFS Server ip://tmp/test (mounted to local/tmp/test)

Intrusion:

Scan for machines with NFS configuration errors: Rpcinfo-p 192.168.119.131

View NFS Mount NEW: Showmount-e 192.168.119.131

With this information, we can mount NFS and transfer SSH permanent connection files

Summary: In fact, the principle of the formation of loopholes is the right,/etc/exports the permissions set in this file, we use the root authority above, so that the server was compromised;

/etc/exports file format

< output directory > [Client 1 options (access rights, user mappings, others)] [Client 2 options (access rights, user mappings, others)]

A. Output directory: The output directory refers to the NFS system needs to be shared to the client to use the directory;

B. Client: Client refers to a computer in the network that can access this NFS output directory

Specify the IP address of the host: 192.168.0.200

Specify all hosts in the subnet: 192.168.0.0/24 192.168.0.0/255.255.255.0

Host of the specified domain name: david.bsmart.cn

Specify all hosts in the domain: *.bsmart.cn

All hosts: *

C. Options: Options to set the output Directory access rights, user mappings, and so on.

Set output Directory read-only: RO

Set output directory Read/write: RW

d. User mapping options

All_squash: Maps all normal users and groups that are accessed remotely to anonymous users or user groups (Nfsnobody);

No_all_squash: Reverse with All_squash (default setting);

Root_squash: The root user and the owning group are mapped to anonymous users or groups of users (default setting);

No_root_squash: Reverse with Rootsquash;

ANONUID=XXX: Maps All remote access users to anonymous users and specifies that the user is a local user (uid=xxx);

ANONGID=XXX: Maps All remote Access user groups to anonymous user group accounts and specifies that the anonymous user group account is a local user group account (GID=XXX);

E. Other options

Secure: Restrict clients from connecting to Server for NFS (default setting) only from TCP/IP ports less than 1024;

Insecure: Allow clients to connect to the server from TCP/IP ports greater than 1024;

Sync: It is inefficient to write data synchronously to memory buffer and disk, but it can guarantee the consistency of data;

Async: Save the data in the memory buffer first, and write to disk if necessary;

Wdelay: Check if there is a related write operation, if any, then perform these writes together, which can improve the efficiency (default setting);

No_wdelay: If a write operation is performed immediately, it should be used in conjunction with sync;

Subtree: If the output directory is a subdirectory, the NFS server will check the permissions of its parent directory (default setting);

No_subtree: Even if the output directory is a subdirectory, the NFS server does not check the permissions of its parent directory, which can improve efficiency;

Things that are caused by improper NFS configuration