Severity : High
Description: This control ensures that NFS endpoints are protected against unintended and malicious deletion by unauthorized groups and users. IAM Users/groups should be permitted to mount the specific file system to mount. The security policies for IAM users and groups should remove statements for permission for FILE_SYSTEM_DELETE , MOUNT_TARGET_DELETE or EXPORT_SET_DELETE with statement request.permission != {FILE_SYSTEM_DELETE, MOUNT_TARGET_DELETE, EXPORT_SET_DELETE}.
Remediation Steps:
Perform following to update File Storage security policies :
Login to the OCI console at https://www.oracle.com/cloud/sign-in.html .
In the navigation, Click Identity & Security.
Under Identity, click Policies.
Select the compartment and then reported policy . The policy's details and statements are displayed.
Click Edit Policy Statements.
In Policy Builder Select Basic or Advance editor to update the policy statements with request.permission != {FILE_SYSTEM_DELETE, MOUNT_TARGET_DELETE, EXPORT_SET_DELETE}.
Click Save Changes.
Important:
Reference:
https://docs.oracle.com/en-us/iaas/Content/Security/Reference/filestorage_security.htm
https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingpolicies.htm
https://docs.oracle.com/en-us/iaas/Content/File/Tasks/managingfilesystems.htm