PasteFS logoPasteFS
Blue Light on 28 Sep, 2017
Raw Data
  1. disable rpcbind/rpc/portmapper service on centos 7 server
  2. Lately I received an email from "German Federal office for information security (BSI)" informing me about an open port which included this
  3. =================
  4. > the Portmapper service (portmap, rpcbind) is required for mapping RPC
  5. > requests to a network service. The Portmapper service is needed e.g.
  6. > for mounting network shares using the Network File System (NFS).
  7. > The Portmapper service runs on port 111 tcp/udp.
  8. >
  9. > In addition to being abused for DDoS reflection attacks, the
  10. > Portmapper service can be used by attackers to obtain information
  11. > on the target network like available RPC services or network shares.
  12. ================
  13. so I checked and got this
  14. ------------------
  15. []# rpcinfo
  16.    program version netid     address                service    owner
  17.     100000    4    tcp6      ::.0.111               portmapper superuser
  18.     100000    3    tcp6      ::.0.111               portmapper superuser
  19.     100000    4    udp6      ::.0.111               portmapper superuser
  20.     100000    3    udp6      ::.0.111               portmapper superuser
  21.     100000    4    tcp       0.0.0.0.0.111          portmapper superuser
  22.     100000    3    tcp       0.0.0.0.0.111          portmapper superuser
  23.     100000    2    tcp       0.0.0.0.0.111          portmapper superuser
  24.     100000    4    udp       0.0.0.0.0.111          portmapper superuser
  25.     100000    3    udp       0.0.0.0.0.111          portmapper superuser
  26.     100000    2    udp       0.0.0.0.0.111          portmapper superuser
  27.     100000    4    local     /var/run/rpcbind.sock  portmapper superuser
  28.     100000    3    local     /var/run/rpcbind.sock  portmapper superuser
  29. -------------------
  30. So here is how I closed that port and disabled rpc service on my centos 7 server
  31. -----------------------------
  32. # yum install rpcbind
  33. # systemctl disable rpcbind
  34. # systemctl disable rpcbind.socket
  35. # systemctl stop rpcbind
  36. # systemctl stop rpcbind.socket
  37. ----------------------------
  38. now rpcinfo shows this
  39. ----------------------------
  40. []# rpcinfo
  41. rpcinfo: can't contact rpcbind: RPC: Remote system error - Connection refused
  42. ----------------------------
  43. that's it