Am 06/09/2007 01:58 AM, Scott Rotondo schrieb:
> Dirk Wetter wrote:
>> Hi,
>>
>> I remember a discussion a while back about the portmapper
>> still running in the secure by default configuration. IIRC
>> somebody said it is protected by tcp wrapper rules and only
>> accessible from localhost per default to allow legacy service
>> the access.
>>
>> On a freshly installed snv_65 this is not the case:
>>
>> mybox:~ # nmap -A remotehost
>>
>> Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-08 18:38 CEST
>> Interesting ports on remotehost (192.168.110.20):
>> Not shown: 1695 closed ports
>> PORT STATE SERVICE VERSION
>> 22/tcp open ssh SunSSH 1.1 (protocol 2.0)
>> 111/tcp open rpcbind 2-4 (rpc #100000)
>> MAC Address: 00:D0:59:B6:82:11 (Ambit Microsystems)
>> Device type: general purpose
>> Running: Sun Solaris 9|10
>> OS details: Sun Solaris 9 or 10
>> Uptime: 0.318 days (since Fri Jun 8 11:01:20 2007)
>> Network Distance: 1 hop
>>
>> OS and Service detection performed. Please report any incorrect
>> results at
>> http://insecure.org/nmap/submit/ .
>> Nmap finished: 1 IP address (1 host up) scanned in 53.233 seconds
>> myhost:~ # rpcinfo -p remotehost
>> program vers proto port
>> 100000 4 tcp 111 portmapper
>> 100000 3 tcp 111 portmapper
>> 100000 2 tcp 111 portmapper
>> 100000 4 udp 111 portmapper
>> 100000 3 udp 111 portmapper
>> 100000 2 udp 111 portmapper
>> myhost:~ #
>>
>>
>> Is this a regression or is my memory wrong?
>
> Your memory is correct. Secure by Default leaves rcpbind enabled (so
> nmap will show port 111 as open), but it will only accept requests from
> the local system. You can verify that rpcbind is in local-only mode as
> follows:
>
> # svccfg -s rpc/bind listprop config/local_only
> config/local_only boolean true
You hit the nail on the head: it's set to false and I didn't change it, see
below.
> So your nmap output is not surprising,
nmap -A checks amongst other things also the service behind it if a port
appears to be open. Otherwise you wouldn't get the prog# of RPC services
and the version of SSH used ;-)
> but rpcinfo from a remote system should look like this:
>
> $ rpcinfo -p remotehost
> rpcinfo: can't contact portmapper: RPC: Authentication error; why =
> Failed (unspecified error)
Well, yes, this is what I would have expected.
Which system?
> Since your system is responding to remote rpcinfo requests, it appears
> that config/local_only is set to false. This may have occurred as a side
> effect of enabling other services that require rpcbind. For example,
> mounting or exporting an NFS file system would have this effect.
That's my point. It didn't set that manually, at least not that I am
aware of.
One script during my post installation could have used the box as an NFS
client though, if this is what you meant by side effect.
But a) system configurations should not change on the fly w/ the admin's
knowledge b) NFS *clients* should not need a portmapper which is
accessible from remote.
Cheers,
Dirk
--
Dr. Wetter IT Consulting http://drwetter.org
IT Security + Open Source
Key fingerprint = 80A2 742B 8195 969C 5FA6 6584 8B6E 59C1 E41B 9153
