Hello to the list! I have recently been experimenting with a diskless, network booting bastion with root over NFS.
One advantage I have found is that Host-based IDS can be run on the NFS server not the bastion. This means that filesystem changes made by an intruder can be spotted, and reversed, remotely. The HIDS database & processes are shielded from the attacker. The attacker won't even know its being performed until their root kit is mysteriously deleted (for example). My question for the list is, naturally, How secure is (Linux) NFS rated? The bastion must mount its root filesystem thus; /vol/bastion bastion(rw,no_root_squash) which raises the spectre of a remote NFS root exploit. How robust is no_root_squash? Is it possible that a bug could exist in NFS which would allow the lack of root squashing to propagate out of the directory which is thus exported? (assuming that there are no symlinks in the exported directory structure which link out of it). Thanks! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
