Support to secure rpcbind

Hello everyone,

In SLES 12 SP2, when I start rpcbind (version 0.2.3) through rpcbind.service, then I do netstat

udp 0 0 0.0.0.0:111 0.0.0.0:* 10408/rpcbind
udp 0 0 0.0.0.0:831 0.0.0.0:* 10408/rpcbind
udp6 0 0 :::111 :::* 10408/rpcbind
udp6 0 0 :::831 :::* 10408/rpcbind

The rpcbind does not only listen on port 111 but also on a random udp port “831” in this case, this port is changed every time the rpcbind service retstarts. And it listens on 0.0.0.0 so it opens a hole on security. Could you let me know what this port is for and is there any way to avoid that like force it listen on a internal interface rather than on any interfaces like that? As the rpcbind is started from systemd so “-h” option is invalid as the man page says:

-h Specify specific IP addresses to bind to for UDP requests. This option may be specified multiple times and can be used to restrict the interfaces rpcbind will respond to. Note that when rpcbind is controlled via sys-
temd’s socket activation, the -h option is ignored. In this case, you need to edit the ListenStream and ListenDgram definitions in /usr/lib/systemd/system/rpcbind.socket instead.

Thanks,
Brs,
Bao

Just so I can better understand, what are you doing with rpcbind?

Also, unless you are opening a socket in the firewall for the changing
ports, I presume that is something that will not normally just happen
magically. You could check by looking at the current iptables rules
somehow, but without the firewall allowing data, the listening state of a
socket will be irrelevant to outsiders as they cannot get through the
firewall:

sudo /usr/sbin/iptables-save
sudo /usr/sbin/iptables -nvL


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.