Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Severity : High

Description: This control ensures that NFS endpoints are protected against unintended and malicious deletion by unauthorized groups and users. IAM Users/groups should be permitted to mount the specific file system to mount. The security policies for IAM users and groups should remove statements for permission for FILE_SYSTEM_DELETE , MOUNT_TARGET_DELETE or EXPORT_SET_DELETE with statement request.permission != {FILE_SYSTEM_DELETE, MOUNT_TARGET_DELETE, EXPORT_SET_DELETE}.

Remediation Steps:

Perform following to update File Storage security policies :

  1. Login to the OCI console at https://www.oracle.com/cloud/sign-in.html .

  2. In the navigation, Click Identity & Security.

  3. Under Identity, click Policies.

  4. Select the compartment and then reported policy .  The policy's details and statements are displayed.

  5. Click Edit Policy Statements.

  6. In Policy Builder Select Basic or Advance editor to update the policy statements with request.permission != {FILE_SYSTEM_DELETE, MOUNT_TARGET_DELETE, EXPORT_SET_DELETE}.

  7. Click Save Changes.

Important:

Reference:


  • No labels