HPE Community
Operating System - HP-UX
1819719 Members
2894 Online
109606 Solutions
New Discussion юеВ

Re: rpc.statd

 
yc_2
Regular Advisor

тАО07-20-2003 09:04 PM

тАО07-20-2003 09:04 PM

rpc.statd

Hi,

(1) How to find out what service is using rpc.statd.

(2) How to stop rpc.statd as my security personnel advice that it is an security hole.

(3) I used lsof and traced the rpc.statd process was ran from /usr/sbin/rp.statd in one machine and /etc/inetd in another machine. I actually had commented out the statement in /etc/inetd.conf for both machine as follows:

#rpc dgram udp wait root /usr/lib/netsvc/rstat/rpc.rstatd 100001 2-4 rpc.rstatd


Thanks in advance,
YC
0 Kudos
Reply
5 REPLIES 5
Con O'Kelly
Honored Contributor

тАО07-20-2003 10:09 PM

тАО07-20-2003 10:09 PM

Re: rpc.statd

The /usr/sbin/rpc.statd process is started by the nfs.client & nfs.server scripts in /sbin/init.d.

To stop it running:
#/sbin/init.d/nfs.client stop
If you're not using NFS then disable them in /etc/rc.config.d/nfsconf so doesn't start up at boot.

Cheers
Con
0 Kudos
Reply
Suresh Patoria
Super Advisor

тАО07-20-2003 10:14 PM

тАО07-20-2003 10:14 PM

Re: rpc.statd

Hi,

If you don't want any rpc.statd or any other servicce related to rpc then you just uninstall the nfs package

if u want only the block than you stop the nfs.client and nfs.server service also you put the comment in /etc/inetd.conf file

Also rename the file /etc/rpc to some else

It wan't use the any of the rpc service
0 Kudos
Reply
yc_2
Regular Advisor

тАО07-20-2003 10:23 PM

тАО07-20-2003 10:23 PM

Re: rpc.statd

Hi Con O'Kelly,

Based on your advice, managed to stop in the machine that using /usr/sbin/rpc.statd but not the machine using inetd.
0 Kudos
Reply
Con O'Kelly
Honored Contributor

тАО07-20-2003 10:28 PM

тАО07-20-2003 10:28 PM

Re: rpc.statd

One other thing I noticed, you are talking about 2 different services. Its a little confusing as they have very similar names.

/usr/sbin/rpc.statd is NFS related and is controlled by the nfs.clinet script.

/usr/lib/netsvc/rstat/rpc.rstatd gathers kernel stats.

Do a man on statd & rstatd & you'll see the difference.

I believe the one you're concerned about is rpc.statd and as I mnentioned you should disable it through using the scripts in /sbin/init.d and updating the /etc/rc.config.d/nfsconf file.

If you're using NFS then you need to keep this service enabled.

Cheers
Con

0 Kudos
Reply
Michael Tully
Honored Contributor

тАО07-20-2003 10:37 PM

тАО07-20-2003 10:37 PM

Re: rpc.statd

If the service is disabled in /etc/inetd.conf you must run 'inetd -c' so that the inetd daemon re-reads the config file.

You cannot completely dismantle NFS, the system will not let you. Search for the 'bastion' server whitepaper, it will give many hints on disabling services.
Anyone for a Mutiny ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.