Re: RH Taroon Beta Open Ports

[Steve Dickson <SteveD redhat com>]

Felipe Alfaro Solana wrote:

> On Mon, 2003-08-25 at 13:50, rhldevel assursys co uk wrote:
>  
>
> > Hi -
> >
> > I've just done a "complete" install of Taroon on a scratch box, with
> > iptables firewalling disabled. The following services are listening on
> > external network interfaces:
> >
> > Port       State       Service
> > 22/tcp     open        ssh
> > 68/udp     open        dhcpclient
> > 111/tcp    open        sunrpc
> > 111/udp    open        sunrpc
> > 123/udp    open        ntp
> > 1010/udp   open        unknown
> > 6000/tcp   open        X11
> >
> > ssh (we don't want to lock users out after an upgrade), ntp and dhcpclient
> > (both manually configured during install) are reasonably justified, IMHO,
> > but what is the justification for having rpc.statd, portmap and X11
> > listening by *default* (especially on a machine that hasn't been configured
> > to use NIS)?
> >    
>
> rpc.statd and portmap aren't the exclusive domain of NIS. Both are
> enabled by default and used by NFS as client or server. I think they
> could be disabled by default instead of being enabled by default.
>
> You can disable both services:
>
> # chkconfig --level 12345 portmap off
> # chkconfig --level 12345 nfslock off
>
> If you don't want the NFS server:
>
> # chkconfig --level 12345 nfs off
>  
statd (i.e. nfslock) probably does not need to be running if NFS is not 
configured but
tunning off portmapper is a bit extreme... Not only do local process 
expect portmapper
to be there, remote process also expect portmapper to be there ... The
point being turning off portmapper could (and probably will) cause 
unexpect process
to fail in unexpect ways making very difficult to debug especially 
during installation...

Portmapper has been around quite a long time making it pretty bullet 
proof...
So I see no reason what so ever to turn off portmapper. Lets not make a
system more difficult to deal with for simply no reason...

SteveD.