Folks,
I was reading Linux Firewalls, and it mentioned that if
I did not need the portmap deamon, that I should not be running it.
Sound advice, and it's pretty standard practice that if one doesn't
use a given service, one should remove it. However, I am not sure
about how or if I should remove portmap. Doing an "rpcinfo -p"
gives:
> rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
So it looks like the portmap deamon is only providing a mapping
for itself. I have no plans on providing any of the r*d services,
and was wondering what you folks suggest.
Should I:
1) Rename all the /etc/rcX.d/S18portmap files to K18portmap to stop
portmapper from ever running?
2) Set up IPchains and /etc/hosts.allow(deny) to refuse all external
attempts to access the portmap deamon, but leave it running?
3) Handle it some other way?
I realize that portmapper is rarely a security hazard in and of itself,
but rather used to get info about other security holes on a system.
I don't have any programs that register with portmap, but I don't want
to cooperate with some cracker's scans.
Thanks's in advance,
Bryan
Here's two other debian systems that I know of...
> rpcinfo -p slashdot.org
No remote programs registered.
> rpcinfo -p debian.org
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
