I found this article about RPCbind vulnerability:
Quote disable rpcbind/rpc/portmapper service on centos 7 server
Lately I received an email from "German Federal office for information security (BSI)" informing me about an open port which included this
=================
> the Portmapper service (portmap, rpcbind) is required for mapping RPC
> requests to a network service. The Portmapper service is needed e.g.
> for mounting network shares using the Network File System (NFS).
> The Portmapper service runs on port 111 tcp/udp.
>
> In addition to being abused for DDoS reflection attacks, the
> Portmapper service can be used by attackers to obtain information
> on the target network like available RPC services or network shares.
================
so I checked and got this
------------------
[]# rpcinfo
program version netid address service owner
100000 4 tcp6 ::.0.111 portmapper superuser
100000 3 tcp6 ::.0.111 portmapper superuser
100000 4 udp6 ::.0.111 portmapper superuser
100000 3 udp6 ::.0.111 portmapper superuser
100000 4 tcp 0.0.0.0.0.111 portmapper superuser
100000 3 tcp 0.0.0.0.0.111 portmapper superuser
100000 2 tcp 0.0.0.0.0.111 portmapper superuser
100000 4 udp 0.0.0.0.0.111 portmapper superuser
100000 3 udp 0.0.0.0.0.111 portmapper superuser
100000 2 udp 0.0.0.0.0.111 portmapper superuser
100000 4 local /var/run/rpcbind.sock portmapper superuser
100000 3 local /var/run/rpcbind.sock portmapper superuser
-------------------
So here is how I closed that port and disabled rpc service on my centos 7 server
-----------------------------
# yum install rpcbind
# systemctl disable rpcbind
# systemctl disable rpcbind.socket
# systemctl stop rpcbind
# systemctl stop rpcbind.socket
----------------------------
now rpcinfo shows this
----------------------------
[]# rpcinfo
rpcinfo: can't contact rpcbind: RPC: Remote system error - Connection refused
----------------------------
that's it
I hope this will solve the problem
|