1748285 Members
4063 Online
108761 Solutions
New Discussion юеВ

RPC Security

 
Roberto Volsa
Frequent Advisor

RPC Security

Hello all
After an intrusion detection session, the security team suggested som operation to perfomr on the RH AS4U4 box.
one of this is to disable the RPC service (ports 755/UDP and 758/TCP) if not used or allow access only to trusted host/networks.

I cannot disable RPC service, but how to restrict access to a list of IPs and NETWORKs?

Same issue for RPC lockmanager (1026/UDP).

Thanks in advance


RV
2 REPLIES 2
Ivan Ferreira
Honored Contributor

Re: RPC Security

Using an iptables firewall would be your best option.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Matti_Kurkela
Honored Contributor

Re: RPC Security

I agree with Ivan on iptables, but there might be another option: many Linux distributions compile their RPC services with built-in libwrap support.

Any libwrap-enabled services can be restricted using /etc/hosts.allow and /etc/hosts.deny, just like when using TCP wrappers on inetd services. Read the man page of your RPC service processes and/or the associated documentation in /usr/share/doc directory to find out if this is available.

To get multiple layers of defense, you could of course use both iptables and libwrap features together.

MK
MK