RE: [PLUG] sunrpc..a few questions

Charles Stack on Thu, 24 Aug 2000 16:44:27 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] sunrpc..a few questions

From: "Charles Stack" <charles@codycomp.com>

To: <plug@lists.phillylinux.org>

Subject: RE: [PLUG] sunrpc..a few questions

Date: Thu, 24 Aug 2000 16:43:17 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

Thanks for the comprehensive answer. Unfortunately, turning off the other services isn't an option as its our internet server. Thanks again for taking the time to answer my question to thoroughly. cjs -----Original Message----- From: plug-admin@lists.phillylinux.org [mailto:plug-admin@lists.phillylinux.org]On Behalf Of Chet the Quick-drying Nairobian Death Monkey Sent: Thursday, August 24, 2000 4:30 PM To: plug@lists.phillylinux.org Subject: Re: [PLUG] sunrpc..a few questions > Okay...so do I need it? We probably can't tell you that, only you can. If you're not going to use NFSD, then you probably don't need it IMO. You may be running software that requires portmapper for some other reason that I'm not aware of. Try running your system without it and see what happens. I can't really give you any better advice than that. > How can I block access to it from the internet? Use a packet filtering filewall and start out with a restrictive policy only allowing specified ports to specified internal machines. Do what you'd usualy do. Again, only you can determine your needs. > Can I use inetd.conf or hosts allow/deny to block those ports from the > internet? I don't know. You can probably learn more from hosts.allow(5) and hosts.deny(5) as well as inetd(8) > In the past, these things were not detected by Saint. But Saint-2.2 with > NMAP indicates that the services are running. But, it doesn't flag them as > a vulnerability. Yet, everything I've read indicates that the "r" commands > are bad news. Aren't the "r" commands part of sunrpc? No, if you look at your /etc/inetd.conf file, you'll see that the 'r' commands each use their own server side programs -- which are not rpc. 'man -k rpc' gave me this list: f4rpcgen (1) - an RPC protocol compiler getrpcent, getrpcbyname, getrpcbynumber (3) - get RPC entry getrpcport (3) - get RPC port number grpck (8) - verify integrity of group files pmap_dump (8) - print a list of all registered RPC programs pmap_set (8) - set the list of registered RPC programs portmap (8) - DARPA port to RPC program number mapper pwconv, pwunconv, grpconv, grpunconv (8) - convert to and from shadow passwords and groups. rpc (3) - library routines for remote procedure calls rpc (5) - rpc program number data base rpc.mountd (8) - NFS mount daemon rpc.nfsd (8) - NFS server process rpc.rusersd (8) - logged in users server rpc.rwalld (8) - write messages to users currently logged in server rpc.statd (8) - NSM status monitor rpc.yppasswdd (8) - NIS password update daemon rpc.ypxfrd (8) - NIS map transfer server rquotad, rpc.rquotad (8) - remote quota server rstatd, rpc.rstatd (8) - kernel statistics server ypserv.conf (5) - configuration file for ypserv and rpc.ypxfrd You can probably get a good idea of what RPC is and is used for from these sources -- or by reading the late Richard Steven's books on Unix Network Programming. The 'r' commands are generaly considered to be bad news for a few reasons, they thend to lower the bar for an attacker trying to gain access to your system (if they're running), and they transmit all of their network information (including login) in clear text across the network. If misconfigured, the 'r' commands are too trusting -- when we worked togeather, I broke into one of the unix boxes simply by creating an account on my workstaion (running Linux), and running rlogin from that account against the other box. The way the 'r' commands were configured there, they just trusted you were who you said you were. Personaly, I turn off ftp, telnet, and all of the rcommands as a general rule, and use ssh in their place, as it doesn't suffer from the inherrent issues relating to the 'r' commands. Through the use of ssh-agent, you can even acheive the kind of automation that most people start out using the 'r' commands for in the first place. k -- ---------------------------------------------------------------------------- -- "From a certain point onward there is no longer any turning back. That is the point that must be reached." -- Kafka mortis@voicenet.com http://www.voicenet.com/~mortis ---------------------------------------------------------------------------- -- ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

Re: [PLUG] sunrpc..a few questions
From: Chet the Quick-drying Nairobian Death Monkey <mortis@voicenet.com>

Prev by Date: Re: [PLUG] sunrpc..a few questions

Next by Date: Re: [PLUG] Re: [tivo] Linux Sub-Presentation Question

Previous by thread: Re: [PLUG] sunrpc..a few questions

Next by thread: [PLUG] September's presentation

Index(es):

Date

Thread