Securing NFS & NIS under SuSE 7.3

To: "'chris@lowth.com'" <chris@lowth.com>
Subject: Securing NFS & NIS under SuSE 7.3
Date: Thu, 8 May 2003 11:03:44 -0400 

Hi Chris,
 
I have implemented a similar strategy for SuSE and am also nailing down
ypbind on hosts and ypserv on my NIS servers.
 
Here are some notes:
 
This has been tested on SuSE 7.3 and should work on later versions as well.
 
1)  Upgrade to a 2.4.18 Kernel or later.  SuSE builds support into the
kernel for lockd (e.g. monolithic) so the /etc/modules.conf does not work.
If you are using lilo you have to add the following:
 
    append = "lockd.tcpport=<port#> lockd.udpport=<port#>" to the
appropriate secition in lilo (and run /usr/sbin/lilo)
 
2) For 7.3 you have to get a newer version of the nfs-utils (0.3.3 or
greater).  I just install the one that comes with the 8.0 distro (8.1 move
to the 1.X nfs-utils which I haven't tested).  This provides support for
statd, mountd & quotad to be nailed down.

ftp://ftp.suse.com/pub/suse/i386/8.0/suse/n1/nfs-utils-0.3.3-129.i386.rpm

edit /etc/init.d/nfsserver & /etc/init.d/nfs (if present is run first &
loads rpc.mountd :-()
 
/etc/init.d/ypserv, /etc/init.d/yppasswdd, /etc/init.d/ypxfrd &
/etc/init.d/ypbind can also be nailed down so all the common portmapped
services can be set to predictable values that persist across reboots.
 
Regards