Re: rpc.portmap and friends
mike@bcinternet.com wrote:
>
> How dangerous is it to remove rpc.portmap, rpc.bwnfsd, rpc.mountd,
> rpc.nfsd, rpc.pcnfsd, rpc.rstatd, rpc.rusersd, rpc.rwalld, and rpc.ugidd?
> I'm trying to setup a semi-closed box running nothing but a few terminal
> server utilities and want to only accept telnet and ftp connections from a
> few hosts. I noticed that there were a few rpc services starting at boot
> time, so I moved the binaries out of /usr/sbin and into another
> directory. Now inetd doesn't start at boot time because this line in
> /etc/init.d/netbase;
> test -f /usr/sbin/rpc.portmap || exit 0
>
> I can get around this by simply replacing netbase with my own
> script that fires up inetd. My question is, am I doing something I
> shouldn't? Are things going to be breaking on my box from not having
> these daemons running? Any advice would be appreciated.
>
Just modify /etc/init.d/netbase to not test for /usr/sbin/rpc.portmap
and not to start it. You can control access to other network services
by commenting them out in /etc/inetd.conf (turning them off altogether)
or by modifying /etc/hosts.allow and /etc/hosts.deny (selectively
allowing one host or another).
Moving the binaries out of /usr/sbin is excessive and unnecessary.
If you want to make the system really tight then disable all regular
login (rexec, rsh, telnet) and install ssh.
--
Jens B. Jorgensen
jjorgens@bdsinc.com
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: