Christian Seiler wrote: > Bill wrote: > > what uses them and why shouldn't I close them? > > (I'm assuming there must be a good reason to have wide open ports.)
It is debatable whether the old Sun RPC services should be installed by default. I do use and manage NFS but I wouldn't install it by default on any machine not using it. If you are not serving NFS then you don't need it. If you are serving NFS then it will get installed as a matter of course. > rpcbind is started from /etc/init.d/rpcbind. If you don't use NFS or NIS > at all, you don't need to have that running. To disable it under Wheezy, > use: > > update-rc.d rpcbind disable > > After that, it won't be started anymore at boot. Instead of disabling it I am of the opinion that it should be removed if it isn't going to be used. If in the future someone were going to set up an NFS server on the system then it can trivially be installed again. So easy to install that removing it instead of disabling it seems like the better way to go in my opinion. One less package that might need a security upgrade at some point. One less package on the disk to manage. Just simplify. # apt-get purge rcpbind Bob
signature.asc
Description: Digital signature
