Portmap



I did a search of the archives and didn't see this.
Why do I need to have the portmap service running?  I don't like the fact
that it opens port 111 on ALL interfaces.  Yeah, I know how to block it with
iptables, and use hosts.allow and hosts.deny, but the fact is, it is still a
hole that simply isn't necessary.  If I stop the portmap service, I get
bunches of FAM errors whenever I run gedit.  Is there a way to stop the
errors and not have the portmap service running?

Now, I wouldn't mind running this service if I could run it through xinetd,
because then I could force it to bind only to the loopback interface (and
maybe my internal network interface, if necessary), but I haven't figured
out a way to do that yet, either.  Perhaps someone could show me ho to do
this.  Here's what I've tried:

# /etc/xinetd.d/portmap
# description: portmap

service portmapper
{
	disable   = no
#	bind	         = 127.0.0.1
	port	         = 111
	socket_type   = stream
	type	         = RPC
	rpc_version   = 2
	rpc_number    = 100000
	protocol      = tcp
	wait          = yes
#	only_from     = 127.0.0.1
	user	         = root
	server        = /sbin/portmap
	log_on_failure	+= USERID
}

I commented out the "bind" and "only_from" because first I just want to get
it working, but I haven't had any luck yet at all.

I restarted xinetd and did a netstat, and it doesn't even show port 111 open
at all.  Nothing unusual in var/log/messages either.

Thanks guys.
Skip

You can't have everything...Where would you put it?
- Steven Wright




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]