Troubleshooting NFS scans from a Discover server running Linux

book

Article ID: 159856

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

Troubleshooting NFS scans from a Discover server running Linux

Resolution

Here are some troubleshooting steps to help resolve issues with setting up a NSF share when the Discover server is a Linux box.

The correct syntax for the Discover target should be nfs://server/share


Do not try and  use 'root' credentials to connect to the remote share in the Discover target


Example of what is happening behind the scenes;

mount -v -t nfs 192.168.1.1:/share /home

 

command < options <IP or Hostname:/share /localmountpoint

We will try and mount the NFS share into the following directory on the linux box /mnt/vontu

Make sure you can manually run the mount command as the 'protect' user from the Discover server

In regards to DLP:

 

so logged in as the protect account

 

Example:

sudo  mount -v -t nfs lakota.engdlp.symantec.com:/home/shared /mnt/vontu

 

To unmount:

sudo umount /mnt/vontu

 

To see if a NFS share has been setup, view the /etc/exports on the server where the share is.

 

 

 

Grant the 'protect' user permission to mount the NFS share

Make sure you see this line in the etc/sudoers file;

protect ALL= NOPASSWD: /bin/mount, /bin/umount, /usr/bin/sshfs

Please make sure these lines are also in the /etc/sudoers file;

# Vontu service user
Defaults:protect !requiretty
protect ALL= NOPASSWD: /bin/mount, /bin/umount, /usr/bin/sshfs
 
# Vontu content extractor user
Defaults:protect_extract !requiretty
protect ALL=(protect_extract) NOPASSWD: /opt/Vontu/jre/bin/java
Defaults>protect_extract umask=0007