HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

rpcinfo queries

 
yc_2
Regular Advisor

rpcinfo queries

Hi,

Our auditor is asking what program is required under rpcinfo -p.

How to check what program is running for the output of rpcinfo -p?

# rpcinfo -p
program vers proto port service
100000 4 tcp 111 rpcbind
100000 3 tcp 111 rpcbind
100000 2 tcp 111 rpcbind
100000 4 udp 111 rpcbind
100000 3 udp 111 rpcbind
100000 2 udp 111 rpcbind
100068 2 udp 49153 cmsd
100068 3 udp 49153 cmsd
100068 4 udp 49153 cmsd
100068 5 udp 49153 cmsd
805306352 1 tcp 772
805502976 2 tcp 854
805502976 1 tcp 855


Thanks in advacne.
3 REPLIES

Re: rpcinfo queries

So looking down that list, the first 6 entries are for the rpcbind process itself, and will always be there if rpcbind is running.

The entry for cmsd is I suspsect for the calendar message service daemon rpc.cmsd, which is probably started by this line in /etc/inetd.conf :

rpc dgram udp wait root /usr/dt/bin/rpc.cmsd 100068 2-5 rpc.cmsd

I very much doubt you require this service (have a read of the man page to understand what it's for), so you can probably comment it out of inetd.conf and then run "inetd -c" to re-eread the config file.

The last three entries are more of a mystery and will take some detective work on your part - I'd get a copy of lsof from here:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/lsof-4.82/

and then see what processes are listening on those ports using:

lsof -i :772 -i :854 -i :855

HTH

Duncan

HTH

Duncan
yc_2
Regular Advisor

Re: rpcinfo queries

- Mgt to disable cmsd since it is not in use and remove the last 3 entry since no return with lsof -i :

- What is rpcbind use for? Is it OK to remove?

- I tried lsof -i :111 but there is nothing return

Re: rpcinfo queries

Think of rpcbind as a bit like inetd, but for remote procedure calls - certain appalications (like some of the CDE tools, and NFS) use rpcbind, so you have to be sure than no processes are using its services, before you could consider diabling it.

In your cases you have a few services which appear to be using rpcbind - you need to determine what they are first before you disable it. If you can get the system to a state where you only see the first 6 lines from "rpcinfo -p", then you can potentially disable it.

Personally I'd leaver rpcbind there though, and concentrate on those other items...

HTH

Duncan

HTH

Duncan