dev-sec
disable rpcbind
Is your feature request related to a problem? Please describe. I received a notice of a open rpcbind port on my fresh installed Debian 10.6 system yesterday. The rpcbind port is normally used for nfs mounts. In hacks this port 111 is mostly used for ddos reflection attacks.
Describe the solution you'd like I would like a variable which controls if the port is closed or not. The variable could set if the service is stopped and disabled or started and enabled.
Describe alternatives you've considered An alternative would be to get a list of services you want to disable by default. Maybe there is another daemon like avahi-daemon or cups.
Additional context If you need more information, just reply.
Thanks for your issue, @jpylypiw! More information on securing rpcbind:
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-securing_services#sec-Securing_rpcbind
- https://security.stackexchange.com/questions/80799/security-risk-of-opening-port-111-rpcbind
Seems like a good idea to me. What do the others think? @chris-rock, @micheelengronne, @schurzi?
I like this proposal. And I am in strong favor of disabling the service (rather that introducing a firewall rule for the port). The rpcinfo service should serve almost no other purpose than nfs servers, and if you run these kind of services, you know that it should be started.
See also BSI: https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Portmapper-Services/open-Portmapper-services_node.html
Thank you for commenting on the issue! Is there any plan on implementing this?
Currently I solved this in a simple but effective manner using ansible:
- name: Populate service facts
service_facts:
- name: "ensure rpcbind service is stopped and disabled"
ansible.builtin.service:
name: rpcbind
enabled: false
state: "stopped"
when: "'rpcbind' in services"