Exporting GuardPoints over NFS
To setup and configure your NFS server so that you can export GuardPoints:
-
Make sure that CTE-U is started before the NFS server is started:
vi /usr/lib/systemd/system/nfs-server.service
Response
network-online.target local-fs.target secfs-fuse.service
-
Create your GuardPoints on your NFS server.
-
Verify that the
/etc/exports
file contains the following:/guardpoint/path <nfs_server_IP>(rw,sync,fsid=3,no_root_squash)
-
Verify that
secfs_fuse
was started before NFSD:ps -ef |grep secfs; ps -ef |grep nfsd nfsd pid
The GuardPoint PID is valid as long as the NFS daemon is not restarted.
-
If
secfs_fuse
was not started before NFSD, or if you are unable to verify it, restart the NFS server:# service nfs-server restart
-
Mount the client:
mount -t nfs -o nfsvers=4,lookupcache=none,sync,noac,nofsc <client_IP>:/guardpoint/path /guardpoint/path
Only wide-open (applyKey/permit) policies are supported. Use of process sets, user sets, or signature sets is not supported.