topic Re: Disabling rpcbind in Operating System - HP-UX

Disabling rpcbind

Matt Hearn — Mon, 06 Jul 2009 12:48:57 GMT

Hi all! Our security auditors would like us to disable rpcbind on our Unix servers. We don't use NFS or telnet, so I don't think there's really a problem with turning it off. The problem is that I can't figure out how to do it.

I opened a case with HP, and they've recommended commenting out the "portmap 111" lines in /etc/services, but my understanding is that that doesn't really DO anything. It certainly doesn't stop the actual rpcbind process, which is what the auditors want to see.

I see that rpcbind is started by /sbin/init.d/nfs.core, but there's no "NFS_CORE" boolean in /etc/rc.config.d/nfsconf (like there are for NFS_SERVER and NFS_CLIENT). It's starting to look like the only way to disable rpcbind is to move all the S400nfs.core entries to s400nfs.core, but I think that if we install a patch bundle it will probably put those links back in place.

Is there any permanent way to disable rpcbind from starting? The servers in question are all 11.11.

Thanks!

Re: Disabling rpcbind

Michal Kapalka (mikap) — Tue, 13 Dec 2022 14:51:19 GMT

hi,

check this link from HP :

~~http://docs.hp.com/en/9524/README.html~~

and go to : ISSUE #7

mikap

Re: Disabling rpcbind

Steven E. Protter — Tue, 13 Dec 2022 14:55:28 GMT

Shalom,

Disable /sbin/init.d/nfs.client

There are three deamons

nfs.core
nfs.start
nfs.client

If you want rpcbind not to run, and you have no NFS connections our servers to run, you should disable all three services.

There is a control file /etc/rc.config.d/nfsconf

~~http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=196885~~

[Moderator edit: The above links are no longer valid. Please refer to https://support.hpe.com/]

SEP

Re: Disabling rpcbind

TTr — Mon, 06 Jul 2009 13:22:16 GMT

/etc/services is a lookup file just like /etc/hosts. It is used to convert port numbers to port names. Some daemons will not start if they can't find the name in /etc/services but that is not a guarantee for rpcbind not starting up. The rpcbind service is started out of any one of the NFS, NIS and NIS+ service start-up scripts. If you turn all those off, the rpcbind will not start.
> the only way to disable rpcbind is to move all the S400nfs.core entries to s400nfs.core
You should not change any names, you can disable these services in /etc/rc.config.d/namesvrs and nfs.conf.

Re: Disabling rpcbind

Matt Hearn — Mon, 06 Jul 2009 16:59:17 GMT

--------------------------------------------
There are three deamons

nfs.core
nfs.start
nfs.client

If you want rpcbind not to run, and you have no NFS connections our servers to run, you should disable all three services.

There is a control file /etc/rc.config.d/nfsconf
--------------------------------------------

I can't find anything in nfsconf to disable "nfs.core", only NFS_CLIENT and NFS_SERVER. Those two are already disabled on all our servers, as is NIS. If there's a config file in /etc/rc.config.d for nfs.core, it's hidden very cleverly. It still looks to me like the only way to get rid of rpcbind is to keep /sbin/init.d/nfs.core from starting in the first place, so I can either rename that file or any of the links going to it. I'll just have to make sure that happens again every time we patch. I might script something to check for it out of cron and remind us if we forget.

Re: Disabling rpcbind

Mel Burslan — Mon, 06 Jul 2009 17:14:06 GMT

Unfortunately, there is no control file in /etc/rc.config.d regarding controlling the start of rpcbind daemon as far as I know (I can only speak of v11.11. In later OS revisions, this might have changed but I did not have much chance to play) So, the only way to accomplish this is to rename the rpcbind binary to something else.

As you have said, this is a problem when the system gets patched but you can always build a custom rc script to check existence of rpcbind at the boot time and rename it again when it creeps back up.