Re: how to keep portmap from running?
On Thu, 23 Nov 2000, Robert A. Jacobs wrote:
> * Peter Jay Salzman <p@belial.ucdavis.edu> [231100 09:16]:
> > bleah. how do i keep this program from starting on boot?
> >
> > i looked in /etc/init.d. can't even find a startup script for this thing!
> > it's not in inetd.conf either. how does this thing get started?
>
> This is more of a question to the readers of this thread than directly to
> you Pete, but:
>
> What are the ramifications of turning portmapper on or off? I've gotten the
> (perhaps mistaken) impression that portmapper presents some security risks
> but it almost seems like I have to have it running to get other services to
> work properly.
Portmapper maps the RPC services to ports. The list of services it
deals with are listed in /etc/rpc. Most of them deal with clustered
computing, so you'll need to run portmap if you're using nfs, yp, or (I
think) trying to do a beowulf-type setup. Otherwise, you probably don't
need it. You could try doing a `rpcinfo -p localhost` to find out what
your computer is making available.
> Is there an alternative to running portmapper?
Portmap is a fairly big security risk, since it allows lots of new
access to your machine. You may remember a recent rpc.statd exploit
that could have been prevented if the target machine was not running
portmap. Of course, if you need it, then you need it. Use TCP wrappers
to protect yourself. If you're behind a firewall, this is less of an
issue, but layered security is still the way to go.
Damian Menscher
--
--==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## <menscher@uiuc.edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Reply to: