[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sunrpc on port 111 and domain on port 53

On Thu, Oct 19, 2000 at 12:01:50AM -0700, Aaron Brashears wrote:
> I'm making some efforts to tighten up security on my home server. I've
> been closing some services that I don't need, and after thinking I'd
> cleared everything out, I did an nmap scan of the box. Everything was as
> it should be except for sunrpc on port 111 and domain on port 53. I
> couldn't find any packages with dpkg -l which contained any part of that
> string. Plus, there is no whatis or man information.
> What are those services? What packages are they kept in?

apt-get --purge remove bind (if you really are not using bind, --purge
blows away config files!)

as for portmap its in netbase which you cannot remove, so you can do
several things:

rm /etc/rcS.d/S41portmap

chmod -x /etc/init.d/portmap (Permission denied error will be spewed
to the console at bootup)

edit /etc/init.d/portmap to add an exit 0 early on to prevent it from

dpkg-divert /sbin/portmap so the initscript will think its not really

there are more but you get the idea...

fortunatly woody fixes this obnoxious defect and portmap is its own
package which can be purged like any other. 

as for what they are, domain is DNS, and debian badly runs bind as
root by default, bind has been responsible for many many root
compromises in the past.  don't run it unless you need to, and if you
need to the only responsible way to run it (IMO) is in a chroot jail
as a non-root uid.  (such as named.named)  portmap is used for RPC
services, such as NFS, NIS, etc.  if you don't need NFS or NIS you
probably don't need portmap. 

Ethan Benson

Attachment: pgpl0s1ZsRN9C.pgp
Description: PGP signature

Reply to: