HPE Community
Operating System - HP-UX
1837921 Members
5249 Online
110124 Solutions
New Discussion

Re: lockd and statd are related to nfs server or nfs client?

 
Senthil Prabu.S_1
Trusted Contributor

‎04-26-2006 11:48 PM

‎04-26-2006 11:48 PM

lockd and statd are related to nfs server or nfs client?

Hi Admins,
I need to harden my unix machine, so that unnecessary ports are to be closed. But, my machine needs to act as nfs server, so i am disabling nfs client. And enabling only nfs server. So here my doubt is whether what are the processes should be enabled.

portmap
mountd,
nfsd
statd,
lockd, and
rquotad

I prefer to enable nfsd,rquotad and mountd. Close the portmap. Can anyone suggest whether what I am doing is correct?. And suggest whether statd and lockd are really needed by nfs server.


Advanced Thanks,
Prabu.S

One man's "magic" is another man's engineering. "Supernatural" is a null word.
0 Kudos
Reply
5 REPLIES 5
RAC_1
Honored Contributor

‎04-26-2006 11:54 PM

‎04-26-2006 11:54 PM

Re: lockd and statd are related to nfs server or nfs client?

What version of NFS? till version 3, you could not define certains ports for portmapper and nfs. With NFS 4, you can.

I think, you can not disable, portmapper.
There is no substitute to HARDWORK
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎04-27-2006 12:04 AM

‎04-27-2006 12:04 AM

Re: lockd and statd are related to nfs server or nfs client?

Hi Senthil,

You can't disable portmap when using NFS and (or) NIS. If you want to harden your system, you can use Bastile for HP-UX. Here is a great tutorial on that,

http://www.windowsecurity.com/whitepaper/Building_a_Bastion_Host_Using_HPUX_11.html

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Senthil Prabu.S_1
Trusted Contributor

‎04-27-2006 12:10 AM

‎04-27-2006 12:10 AM

Re: lockd and statd are related to nfs server or nfs client?

Hi,

RAC, I am using version 4.

Arun, unfortunarely I have to do it on solaris.
Please do give specific info for solaris.

Basicall, my hardening is done by disabling the rc scripts /etc/rc0.d/K41nfs.client

Thanks,
Prabu.S
One man's "magic" is another man's engineering. "Supernatural" is a null word.
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎04-27-2006 12:12 AM

‎04-27-2006 12:12 AM

Re: lockd and statd are related to nfs server or nfs client?

Hi Senthil,

If it is Solaris, this should be useful

http://www.sun.com/solutions/blueprints/browsesubject.html#security
http://www.sun.com/software/solutions/blueprints/1299/network.pdf
http://www.sun.com/solutions/blueprints/0601/jass_quick_start-v03.pdf
http://www.sun.com/solutions/blueprints/0601/jass_release_notes-v03.pdf
http://www.sun.com/solutions/blueprints/tools


-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Senthil Prabu.S_1
Trusted Contributor

‎04-27-2006 12:18 AM

‎04-27-2006 12:18 AM

Re: lockd and statd are related to nfs server or nfs client?

Hi Arun,
Thanks for the links. Basically, we have customized the JASS tool to do this.
One man's "magic" is another man's engineering. "Supernatural" is a null word.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.