User Guides
CTE-U Quick Start Guide
- Terminology and Components
- Install and Configure CTE-U with CipherTrust Manager
  - Installation Prerequisites
  - Installation and Registration
  - Verifying Package Signatures
  - Setting the SE Linux state
- Guarding with CTE-U and CipherTrust Manager
  - Access the CipherTrust Manager Domain
  - Create an Encryption Key
  - Guarding CTE files with CTE-U
- Exporting GuardPoints over NFS
- Migrating CTE Agents to CTE-U
- Multifactor Authentication for CTE-U
  - Introduction to Multifactor Authentication
  - Using [CTE-U,MFA]
  - Use Cases for MFA on CTE
  - Exempting some users from authentication with a Whitelist
  - Setting up Multifactor Authentication with a One-Time-Password
  - Setting up Multifactor Authentication with an Inactivity Time Out
  - Administrator Tasks for Multifactor Authentication
  - Troubleshooting Multifactor Authentication
CTE-U Health Manager Utility
- Performing Health Check
- Using the Monitor
- Service Commands
- Viewing the Service Status
- Gathering the Technical Dump
- Troubleshooting/ Debugging CTE-U
CTE-U Agent Advanced Configuration Guide for Linux
- CTE-U Overview
- Getting Started
  - Configuring CTE-U with CipherTrust Manager
- Enhanced Encryption Mode
- CTE with systemd
  - CTE Agent Control Changes on systemd
- Utilities
  - CTE-U Linux Authentication and Client Settings
  - Individual GuardPoint Tuning
  - Secfsd Utility
- Upgrading CTE-U on Linux
- Uninstalling CTE-U from Linux
Using FreeBSD with CTE-U
- FreeBSD Jail
- Install CTE-U Dependencies
- FreeBSD Services
- Upgrade CTE-U Packages
- Remove CTE-U Packages
- Unsupported Features for CTE-U with FreeBSD

Exporting GuardPoints over NFS

Warning

CTE-U cannot guard a sub-directory of an exported NFS share directory. The guarded path must be the same as the NFS exported path.
Use of process sets or signature sets is not supported.

Note

For CTE-U v10.3.0 and subsequent versions, user sets are supported. See Creating User Sets for more information.

To setup and configure your NFS server so that you can export GuardPoints:

Make sure that CTE-U is started before the NFS server is started:

vi /usr/lib/systemd/system/nfs-server.service

Response

network-online.target local-fs.target secfs-fuse.service

Create your GuardPoints on your NFS server.

Verify that the /etc/exports file contains the following:

/guardpoint/path <nfs_server_IP>(rw,sync,fsid=3,no_root_squash)

Verify that secfs_fuse was started before NFSD:
```
ps -ef |grep secfs; ps -ef |grep nfsd nfsd pid
```
Note

The GuardPoint PID is valid as long as the NFS daemon is not restarted.
If secfs_fuse was not started before NFSD, or if you are unable to verify it, restart the NFS server:
```
# service nfs-server restart
```
Mount the client:
```
mount -o lookupcache=none
```
Note

When mounting as a non-root user with NFS mount (guarded in NFS server):
- Specify only the GID for the non-root user in the user set configuration in the policy.
- Alternatively, include the root user as part of the user set configuration in the policy, but limit root user permissions. The following allows the root user to mount NFS, but they cannot read the actual data.
  - Action = d_rd-att
  - Effect = permit,audit

Suggest A Change

Exporting GuardPoints over NFS

On this page