All AIX NFS anonymous UIDs and GIDs must be configured to values without permissions.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-215209	SRG-OS-000480-GPOS-00227	AIX7-00-001055	SV-215209r991589_rule	2024-08-16	3

Description
When an NFS server is configured to deny remote root access, a selected UID and GID are used to handle requests from the remote root user. The UID and GID should be chosen from the system to provide the appropriate level of non-privileged access.

ℹ️ Check
Check if the "anon" option is set correctly for exported file systems. List exported file systems using command: # exportfs -v /home/doej rw,anon=-1,access=doej Note: Each of the exported file systems should include an entry for the "anon=" option set to "-1" or an equivalent (60001, 60002, 65534, or 65535). If an appropriate "anon=" setting is not present for an exported file system, this is a finding.

ℹ️ Check

Check if the "anon" option is set correctly for exported file systems. List exported file systems using command: # exportfs -v /home/doej rw,anon=-1,access=doej Note: Each of the exported file systems should include an entry for the "anon=" option set to "-1" or an equivalent (60001, 60002, 65534, or 65535). If an appropriate "anon=" setting is not present for an exported file system, this is a finding.

✔️ Fix
Edit "/etc/exports" and set the "anon=-1" option for all exported file systems without it. Re-export the file systems using command: # exportfs -a