Access file systems over a network as if they were local
Uses entirely different protocol. NFS is used between Linux and Unix systems.
NFS clients can't communicate directly with SMB servers
Internet standard: Governs procedures in a distributed file system
NSFv3: Protocol version 3.0 has been in use for many years: Authenticates client pc
NFSv4: As with Win SMB, the user must authenticate
NFSv2 Older but supported by many systems: UDP
NFSv3 Variable file size/better error reporting: Not fully compatible with v2
NFDv4 Includes Kerberos, works through firewalls, supports ACLs
No portmappers, state-based operations, stateful
Performance improvements, Security improvements
NFSv4.1 Protocol support to leverage cluster server deployments
pNFS: Parallel access to files distributed across multiple servers
Multipathing: Session trunking mechanism
Advantages:
Only 1 UDP/TCP p 2049 used to run the service
Simplifies use across firewalls ONE-RPC/SUN-RPC:
Open Network Computing/RPC protocol on TCP/UDP p 111
XDR: External Data Representation: for system-independent exchange of data
Auth shifted to RPC protocol's options derived from avail FS info
Server is responsible for translating client's info into FS format
Converting corresponding auth into UNIX syntax
UID/GID/group memberships
Problems: Client/server don't need to have same mappings of UID/GID to users/groups
Server doesn't need to do anything and no checks made
/etc/exports Contains table of physical FS on NFS server accessible by clients
cat /etc/exports # ACL for FS may be exported to clients
# Example for NFSv2/NFSv3
/srv/homes
hostname1(rw,sync,no_subtree_check)
hostname2(ro,sync,no_subtree_check)
# Example for NFSv4:
/srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
/srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
# Default exports file contains examples
rw # read/write perms
ro # read only perms
sync # sync data xfer (slower)
async # async data xfer (faster)
secure # ports 1024+ not used
insecure # ports 1024+ used
no_subtree_check # disables checking subdir trees
root_squash # assigns all perms of root uid/gid 0 to uid/guid of anon
# Entry test ExportFS
echo '/mnt/nfs 10.10.10.10/24(sync,no_subtree_check)' >> /etc/exports
systemctl restart nfs-kernel-server
exportfs
/mnt/nfs 10.10.10.10/24
Footprinting
Ports 111, 2049; Can get info via RPC
sudo nmap 10.10.10.10 -p111,2049 -sV -sC --script nfs* # nse script
PORT STATE SERVICE VERSION
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100003 3,4 2049/tcp nfs
| 100005 1,2,3 47217/tcp6 mountd
| 100021 1,3,4 39542/udp nlockmgr
| 100227 3 2049/tcp6 nfs_acl
2049/tcp open nfs_acl 3 (RPC #100227)
Once discovered, we can mount to our local machine
Create an empty folder the NFS share will be mounted
We can navigate it and view the contents just like our local system
root_squash is set? Can't edit backup.sh file even as root
showmount -e 10.10.10.10 # show available NFS shares
mkdir moo-share # create folder to download to
sudo mount -t nfs 10.10.10.10:/ ./moo-share/ -o nolock # mount nfs share
tree . # list folder structure
ls -l mnt/nfs/ # list contents with user/group names
ls -n mnt/nfs/ # list contents with uid/guids
sudo unmount ./moo-share # unmount share
