On Mon, 29 Nov 1999, Bryan Scaringe wrote: bryan. >use a given service, one should remove it. However, I am not sure bryan. >about how or if I should remove portmap. Doing an "rpcinfo -p" bryan. >gives:
from what ive seen portmapper is only needed for RPC services such as NFS and mountd, both of which have a history of security problems. In slink to disable it i reccomend renaming /sbin/portmap to something else, as the netbase script tries to start it, but netbase loads other things as well, so its not (as) a good idea to remove the script. Or, firewall the port (111 i believe) bryan. >Should I: bryan. >1) Rename all the /etc/rcX.d/S18portmap files to K18portmap to stop bryan. > portmapper from ever running? if you got slink, this may not be enough on my machines /etc/init.d/netbase_real calls portmap as well, on potato i dont think it does, but i havent tried potato yet. bryan. >2) Set up IPchains and /etc/hosts.allow(deny) to refuse all external bryan. > attempts to access the portmap deamon, but leave it running? if your not planning on using it, shut it down, there are ways around firewalls(i remember reading about some hole in ipchains firewall in an early 2.2.x kernel i think) and of course ways around tcp_wrappers too..but both are for sure better then nothing. bryan. >to cooperate with some cracker's scans. one of my machines(slackware3.2) was cracked last year..got in thru portmapper..or nfs..or mountd i forgot which..no damage done though, they just made a few accounts, eventually caught em and locked them out, a few weeks later our sister isp got hacked(slackware too) and rm -rf /'d ..a few days/week after that a guy was arrested for it. since then my learning curve for security on *nix systems is going way up :) nate ----------------------------------------[mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336 http://www.linuxpowered.net/ Powered By: http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMP http://yahoo.aphroland.org/ -----------------------------------------[mailto:[EMAIL PROTECTED] ]-- 9:54pm up 102 days, 9:34, 1 user, load average: 1.91, 1.59, 1.54
