HPE Community
Operating System - HP-UX
1821985 Members
3302 Online
109638 Solutions
New Discussion юеВ

how to disable RPC llockmgr and nlockmgr

 
SOLVED
Go to solution
David Connolly
Regular Advisor

тАО01-09-2003 07:44 AM

тАО01-09-2003 07:44 AM

how to disable RPC llockmgr and nlockmgr

Hi all,

We recently had a security vulnerability scan, and two suggestions came back from the testers:
1. The llockmgr is part of the file locking manager system for NFS. It generates local file locking operations in response to requests from client lock managers. The llockmgr service registers with the RPC portmapper as program 100020.
This service should be disabled if your system is not acting as either an NFS client or server.


2. The RPC nlockmgr service has been detected as running. The nlockmgr is part of the file locking manager system for NFS. It forwards local file locking requests to the lock manager on the server system. The nlockmgr service registers with the RPC portmapper as program 100021.
This service should be disabled if your system is not acting as either an NFS client or server.

My system is not acting as NFS client or server.

Does anybody know how to disable those services ?

Thanks

Dave

PS - Thomas Pohlen had the same issue on June 07, 2001 but no resolution was posted.
0 Kudos
Reply
6 REPLIES 6
Stefan Farrelly
Honored Contributor

тАО01-09-2003 08:06 AM

тАО01-09-2003 08:06 AM

Solution

Re: how to disable RPC llockmgr and nlockmgr


you can disable is using /var/adm/inetd.sec
see man inetd.sec
and /etc/rpc (where service name is defined)
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
David Connolly
Regular Advisor

тАО01-10-2003 02:06 AM

тАО01-10-2003 02:06 AM

Re: how to disable RPC llockmgr and nlockmgr

Thanks Stefan,

1 last question: Do I put rpc in inetd.sec or llockmgr?
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

тАО01-10-2003 02:22 AM

тАО01-10-2003 02:22 AM

Re: how to disable RPC llockmgr and nlockmgr

you have to put the service name in inetd.sec, as defined in column 1 in /etc/rpc, so you need to put in llockmgr
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
David Connolly
Regular Advisor

тАО01-10-2003 07:54 AM

тАО01-10-2003 07:54 AM

Re: how to disable RPC llockmgr and nlockmgr

Thanks Stefan
0 Kudos
Reply
Sean OB_1
Honored Contributor

тАО05-13-2003 09:15 AM

тАО05-13-2003 09:15 AM

Re: how to disable RPC llockmgr and nlockmgr

On this topic, is llockmgr required for NFS?

I can disable this RPC/service and still mount an NFS mount if needed?

We don't typically use NFS mounts, but on occasion I need to nfs mount a CD drive from another machine.

Could I do that if llockmgr was disabled?

TIA,

Sean
0 Kudos
Reply
Kiran N. Mehta
Advisor

тАО05-20-2003 03:31 AM

тАО05-20-2003 03:31 AM

Re: how to disable RPC llockmgr and nlockmgr

=== On May 13, 2003 Sean O'Brien wrote:
> > Is this service required for NFS? Can I
> > disable llockmgr and still NFS mount a CD
> > drive from another machine?

I suppose so, as long as your applications won't need file-locking semantics off any of the mounted filesystems; the reason why I surmise a non-llockmgr NFS configuration
to not break NFS mounting functionality is because of the 'statelessness' of the protocol...

=== On January 09, 2003 David Connolly wrote:
> two suggestions came back from the testers
> of a security vulnerability scan

A counter-query: can you throw some light on how [nl]lockmgr processes make a system vulnerable? Thanks.

Kiran -kirannmehta@yahoo.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.