Security
Showing results for 
Search instead for 
Do you mean 

How to secure rpc and nlockmgr RPC Service for hp unix NFS sharing ?

Highlighted
Advisor

How to secure rpc and nlockmgr RPC Service for hp unix NFS sharing ?

How to secure rpc and nlockmgr RPC Service for hp unix NFS sharing ?

3 REPLIES
Advisor

Re: How to secure rpc and nlockmgr RPC Service for hp unix NFS sharing ?

Please assist me experts on this..

Acclaimed Contributor Acclaimed Contributor

Re: How to secure rpc and nlockmgr RPC Service for HP-UX NFS sharing?

Are you looking for which ports to unblock in your firewall?

Honored Contributor Honored Contributor

Re: How to secure rpc and nlockmgr RPC Service for hp unix NFS sharing ?

First, you'll need to configure fixed port numbers for the NFS-related services. You should do this on both on your NFS server and on all your NFS clients.

Depending on your HP-UX version, you may need to ensure that you have a specific patch installed:

11.31 - no patch required
11.23 - PHNE_34550 or superseding patch
11.11 - PHNE_34662 or superseding patch

 

Then you can add some lines to /etc/rc.config.d/nfsconf to specify fixed port numbers for the NFS-related services.

For example, these lines would fix lockd (nlockmgr) to port 4045, rpc.statd (status) to 4046 and rpc.mountd (mountd) to 4047:

STATD_PORT=4046
MOUNTD_PORT=4047

# in 11.31, lockd is always fixed to UDP port 4045 so this is not needed
LOCKD_PORT=4045 

 

After doing this and restarting your NFS services, they should be in fixed ports. Use "rpcinfo -p" to verify.

 

Once the services are bound to fixed ports, you can use external firewalls or the optional HP-UX IPFilter to restrict the connections to these ports to between your NFS server and legitimate NFS clients only. You'll also need to allow the portmapper/rpcinfo service (port 111, both TCP and UDP), since it is used to find the other NFS-related services (because the client will not know that you've specified fixed port numbers on the server, and vice versa).

MK