Felipe Alfaro Solana wrote:
On Mon, 2003-08-25 at 13:50, rhldevel(a)assursys.co.uk wrote:
>Hi -
>
>I've just done a "complete" install of Taroon on a scratch box, with
>iptables firewalling disabled. The following services are listening on
>external network interfaces:
>
>Port State Service
>22/tcp open ssh
>68/udp open dhcpclient
>111/tcp open sunrpc
>111/udp open sunrpc
>123/udp open ntp
>1010/udp open unknown
>6000/tcp open X11
>
>ssh (we don't want to lock users out after an upgrade), ntp and dhcpclient
>(both manually configured during install) are reasonably justified, IMHO,
>but what is the justification for having rpc.statd, portmap and X11
>listening by *default* (especially on a machine that hasn't been configured
>to use NIS)?
>
>
rpc.statd and portmap aren't the exclusive domain of NIS. Both are
enabled by default and used by NFS as client or server. I think they
could be disabled by default instead of being enabled by default.
You can disable both services:
# chkconfig --level 12345 portmap off
# chkconfig --level 12345 nfslock off
If you don't want the NFS server:
# chkconfig --level 12345 nfs off
statd (i.e. nfslock) probably does not need to be running if NFS is not
configured but
tunning off portmapper is a bit extreme... Not only do local process
expect portmapper
to be there, remote process also expect portmapper to be there ... The
point being turning off portmapper could (and probably will) cause
unexpect process
to fail in unexpect ways making very difficult to debug especially
during installation...
Portmapper has been around quite a long time making it pretty bullet
proof...
So I see no reason what so ever to turn off portmapper. Lets not make a
system more difficult to deal with for simply no reason...
SteveD.