suite a ce fil => http://ift.tt/1HmKaoc … 30#p123030
modifications a apporter à nfs (à vérifier )
commande
nano /etc/default/nfs-kernel-server
retour
# Number of servers to start up
RPCNFSDCOUNT=8
# Runtime priority of server (see nice(1))
RPCNFSDPRIORITY=0
# Options for rpc.mountd.
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://ift.tt/PMIzgO
# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
#RPCMOUNTDOPTS="--manage-gids"
RPCMOUNTDOPTS="--manage-gids --port 2048"
# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD=""
# Options for rpc.svcgssd.
RPCSVCGSSDOPTS=""
commande
/etc/default/nfs-common
retour
# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".
# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=
# Options for rpc.statd.
# Should rpc.statd listen on a specific port? This is especially useful
# when you have a port-based firewall. To use a fixed port, set this
# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
# For more information, see rpc.statd(8) or [url]http://ift.tt/1eJD8R8]
#STATDOPTS=
STATDOPTS="--port 2046 --outgoing-port 2047"
# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=
commande
/etc/modprobe.d/lockd
retour
options lockd nlm_udpport=2045 nlm_tcpport=2045
rpc.mountd emploie le port 2048
rpc.statd ecoute le port 2046 et utilise le port 2047 pour les connections sortantes
ce sont les ports 111 et 2045 2049 (udp et tcp ) à surveiller .
il reste a créer une règle pour le pare-feu (serveur et client ), et pour limiter le sniffer et spoofing je sais pas
partage nfs et pare-feu
0 commentaires:
Enregistrer un commentaire