Re: [ldm-users] Turning off RPC

One could reduce portmapper/rpcbind exposure by configuring hosts.deny
and hosts.allow to disable access to ports 111 and 388 to ALL, and
enabling access to 111 and 388 to upstream/downstream sites.  (I'm
confident that rpcbind is generally TCPwrappers-enabled on supported
platforms; anyone know if LDM is?)

Bret

On Mon, 2009-09-28 at 16:21 -0500, Peter Laws wrote:
> Tyler Allison wrote:
> > I've run LDM without portmapper/rpcbind given they are both ginormous
> > security risks. It delays the startup/shutdown and other admin functions
> > since LDM tries to RPC but fails, then it tries again, etc...until it
> > figures out it is never going to work and defaults to 388 and everything
> > works fine afterwards.
> > 
> > Personally, I'd rather see it assume 388 and fall back to
> > portmapper/rpcbind in the event of 388 failure, but that's just me :)
> 
> Actually, Steve E wrote to me off-list and indicated that this is exactly 
> how it works.  Change in the code at some point??
> 
> I'd still like to disable it.  :-)
> 



  • 2009 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the ldm-users archives: