From owner-freebsd-questions Tue Mar 12 22:11:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by hub.freebsd.org (Postfix) with ESMTP id 2563237B404 for ; Tue, 12 Mar 2002 22:11:43 -0800 (PST) Received: from tarmap.nospam.schulte.org (tarmap.schulte.org [209.134.156.198]) by clink.schulte.org (Postfix) with ESMTP id A701C24410; Wed, 13 Mar 2002 00:11:38 -0600 (CST) Message-Id: <5.1.0.14.0.20020313000322.03970688@pop3s.schulte.org> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 13 Mar 2002 00:11:29 -0600 To: Steve 1 , From: Christopher Schulte Subject: Re: RPC - any needed? In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 09:53 PM 3/12/2002 -0800, Steve 1 wrote: >Hi all, > >I'm looking to secure my server as much as possible and wondered if any of >the RPCs are actually needed... From what I've read so far I can't see any >need for them if I just want a very simple DNS/WEB/MAIL server. The most common need would be if you're running nfs or nis services. Execute this to see if any rpc services have registered themselves with your portmapper: # rpcinfo -p if all you see is something like this, then you can probably kill portmap program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper If you have other services registered, then decide if they're needed. If not, kill them and your portmap process. At the very least you should apply some kind of packet filtering if you do run rpc services. -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message