https://community.hpe.com/t5/operating-system-linux/rpc-security/m-p/4174030#M32131 Hello all<BR />After an intrusion detection session, the security team suggested som operation to perfomr on the RH AS4U4 box.<BR />one of this is to disable the RPC service (ports 755/UDP and 758/TCP) if not used or allow access only to trusted host/networks.<BR /><BR />I cannot disable RPC service, but how to restrict access to a list of IPs and NETWORKs?<BR /><BR />Same issue for RPC lockmanager (1026/UDP).<BR /><BR />Thanks in advance<BR /><BR /><BR />RV Fri, 04 Apr 2008 12:03:33 GMT Roberto Volsa 2008-04-04T12:03:33Z https://community.hpe.com/t5/operating-system-linux/rpc-security/m-p/4174030#M32131 Hello all<BR />After an intrusion detection session, the security team suggested som operation to perfomr on the RH AS4U4 box.<BR />one of this is to disable the RPC service (ports 755/UDP and 758/TCP) if not used or allow access only to trusted host/networks.<BR /><BR />I cannot disable RPC service, but how to restrict access to a list of IPs and NETWORKs?<BR /><BR />Same issue for RPC lockmanager (1026/UDP).<BR /><BR />Thanks in advance<BR /><BR /><BR />RV Fri, 04 Apr 2008 12:03:33 GMT https://community.hpe.com/t5/operating-system-linux/rpc-security/m-p/4174030#M32131 Roberto Volsa 2008-04-04T12:03:33Z https://community.hpe.com/t5/operating-system-linux/rpc-security/m-p/4174031#M32132 Using an iptables firewall would be your best option. Fri, 04 Apr 2008 13:22:26 GMT https://community.hpe.com/t5/operating-system-linux/rpc-security/m-p/4174031#M32132 Ivan Ferreira 2008-04-04T13:22:26Z https://community.hpe.com/t5/operating-system-linux/rpc-security/m-p/4174032#M32133 I agree with Ivan on iptables, but there might be another option: many Linux distributions compile their RPC services with built-in libwrap support. <BR /><BR />Any libwrap-enabled services can be restricted using /etc/hosts.allow and /etc/hosts.deny, just like when using TCP wrappers on inetd services. Read the man page of your RPC service processes and/or the associated documentation in /usr/share/doc directory to find out if this is available.<BR /><BR />To get multiple layers of defense, you could of course use both iptables and libwrap features together.<BR /><BR />MK Sat, 05 Apr 2008 11:37:44 GMT https://community.hpe.com/t5/operating-system-linux/rpc-security/m-p/4174032#M32133 Matti_Kurkela 2008-04-05T11:37:44Z