Disable rpcbind service?
- Inicie sesión o regístrese para enviar comentarios
$ nmap -v localhost
PORT STATE SERVICE
111/tcp open rpcbind
Hello, when I run the above command, it shows rpcbind listening to port 111.
RPC is a remote procedure call, when a computer program causes a procedure (subroutine) to execute in a different address space (commonly on another computer on a shared network).
Link: https://en.wikipedia.org/wiki/Remote_procedure_call
I can disable rpcbind with
$ systemctl stop rpcbind
$ systemctl stop rpcbind.socket
$ systemctl disable rpcbind
Should I do so?
"listening to port 111."
But only on localhost, it seems, so not open to other machines.
Yes, only on localhost.
So that means it can only be accessed by programs that you're already running on your own computer and nothing remotely over a network.
That's interesting, when I run 'nmap -v localhost' on Trisquel 11, I get this output:
All 1000 scanned ports on localhost (127.0.0.1) are closed
The command
apt policy rpcbind
shows that rpcbind is not installed on my system.
If you have it installed, I'm wondering if it got installed with a networking service that needs to use rpc? For instance, if you are running a Network File System on your local network, you are probably using rpcbind.
Thanks everyone for the answers, I have found a video explaining a little more about what rpcbind does. I have no idea why it is installed on my system, maybe it is a dependency of some other package. It seems, portmapper uses it.
$ rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
I have no idea why is portmapper installed either.
Video, 20 megabytes:
https://archive.org/download/rpcbind/rpcbind.mp4
> I have no idea why it is installed on my system, maybe it is a dependency of some other package.
This should tell you:
apt-cache rdepends --installed rpcbind
$ apt-cache rdepends --installed rpcbind
rpcbind
Reverse Depends:
quota
Thanks, I remember installing quota this summer, don't remember why. Something about creating a separate user for an untrusted mail account. Never made that happen.
This package provides the standard set of utilities for manipulating file system usage caps via the Linux Diskquota system. It can set hard or soft limits with adjustable grace periods on block or inode usage for users and groups.
A mail account where you can receive viruses, or this nice file:
https://en.wikipedia.org/wiki/Zip_bomb
Very interesting thread, it was great to read how the answers evolved!
I was curious and that is what I've got:
$ nmap -v localhost
PORT STATE SERVICE
631/tcp open ipp
After a bit of digging, I realised this relates to the printer driver I installed a while ago.
Now wondering how to close that port!
If you close that port, your printer will stop working.
Article about IPP-over-USB:
https://wiki.debian.org/CUPSDriverlessPrinting#IPP-over-USB:_The_Basics
Thank you Alice, that link is very helpful! I'll go back to re-read it. There is a lot of good info to digest there, including answers to questions I wasn't quite sure how to formulate!
"Now wondering how to close that port!"
Perhaps you need it for printing? Why close it, if it's only listening on localhost? Yes it would show up in a local port scan of yourself but if you do a port scan from another computer it shows as closed. A port being "open" on localhost is not the same as being "open" on a public interface and accessible from other computers.
A port being "open" on localhost is not the same as being "open" on a public interface and accessible from other computers.
Thank you jxself! So glad I asked, I had an inkling that was the case, but you helped clarify what exactly localhost means, and how it works.
Localhost is a hostname that refers to the current computer used to access it.
Your local IP address is 127.0.0.1, only you can access it.
Link: https://en.wikipedia.org/wiki/Localhost
More thanks Alice!