RH Taroon Beta Open Ports

Felipe Alfaro Solana felipe_alfaro at linuxmail.org
Mon Aug 25 12:13:21 UTC 2003


On Mon, 2003-08-25 at 13:50, rhldevel at assursys.co.uk wrote:
> Hi -
> 
> I've just done a "complete" install of Taroon on a scratch box, with
> iptables firewalling disabled. The following services are listening on
> external network interfaces:
> 
> Port       State       Service
> 22/tcp     open        ssh
> 68/udp     open        dhcpclient
> 111/tcp    open        sunrpc
> 111/udp    open        sunrpc
> 123/udp    open        ntp
> 1010/udp   open        unknown
> 6000/tcp   open        X11
> 
> ssh (we don't want to lock users out after an upgrade), ntp and dhcpclient
> (both manually configured during install) are reasonably justified, IMHO,
> but what is the justification for having rpc.statd, portmap and X11
> listening by *default* (especially on a machine that hasn't been configured
> to use NIS)?

rpc.statd and portmap aren't the exclusive domain of NIS. Both are
enabled by default and used by NFS as client or server. I think they
could be disabled by default instead of being enabled by default.

You can disable both services:

# chkconfig --level 12345 portmap off
# chkconfig --level 12345 nfslock off

If you don't want the NFS server:

# chkconfig --level 12345 nfs off





More information about the devel mailing list