Hello,
I noticed on my CentOS 7 VPS that rpcbind is running. I don't really like this, but I believe my configuration of cPanel requires it now.
netstat shows rpcbind is only listening for udp connections and not TCP connections, but it does show init is listening for tcp connections on port 111 (rpcbind's portmapper port).
Every time I restart rpcbind, it still listens on port 111 but the other port changes, so I think that's random (this time, UDP / UDP6 port 831). I don't think using the firewall will work, because I can block 111 at the firewall level, but not the other port number if it keeps changing with every startup of rpcbind.
Is it safe for me to try and configure rpcbind to listen on local interfaces only? I believe the -h option will restrict the UDP connections to local hosts only (127.0.0.1 and ::1). Will this break anything in cPanel?
I see in /usr/lib/systemd/system/rpcbind.socket
I'm a little confused here. I've read what the ListenStream and BindIPv6Only options are (freedesktop.org/software/systemd/man/systemd.socket.html ). With BindIPv6Only set to ipv6-only, I'm confused as to why rpcbind is listening on both IPv6 and IPv4 UDP ports.
I wonder if I could create a custom rpcbind.socket file and modify the ListenStream values to list just local addresses ( ::1 and 127.0.0.1).
If I try to uninstall rpcbind, I see the dependencies that'll get removed as well:
So I can't really be removing rpcbind. I'd just like to secure it a bit more, if I could...
Thanks!
I noticed on my CentOS 7 VPS that rpcbind is running. I don't really like this, but I believe my configuration of cPanel requires it now.
netstat shows rpcbind is only listening for udp connections and not TCP connections, but it does show init is listening for tcp connections on port 111 (rpcbind's portmapper port).
Code:
udp 0 0 0.0.0.0:111 0.0.0.0:* 10408/rpcbind
udp 0 0 0.0.0.0:831 0.0.0.0:* 10408/rpcbind
udp6 0 0 :::111 :::* 10408/rpcbind
udp6 0 0 :::831 :::* 10408/rpcbind
netstat -tulnp|grep -i 111
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/init
tcp6 0 0 :::111 :::* LISTEN 1/init
udp 0 0 0.0.0.0:111 0.0.0.0:* 11589/rpcbind
udp6 0 0 :::111 :::* 11589/rpcbind
Is it safe for me to try and configure rpcbind to listen on local interfaces only? I believe the -h option will restrict the UDP connections to local hosts only (127.0.0.1 and ::1). Will this break anything in cPanel?
I see in /usr/lib/systemd/system/rpcbind.socket
Code:
[Unit]
Description=RPCbind Server Activation Socket
[Socket]
ListenStream=/var/run/rpcbind.sock
ListenStream=[::]:111
ListenStream=0.0.0.0:111
BindIPv6Only=ipv6-only
[Install]
WantedBy=sockets.target
I wonder if I could create a custom rpcbind.socket file and modify the ListenStream values to list just local addresses ( ::1 and 127.0.0.1).
If I try to uninstall rpcbind, I see the dependencies that'll get removed as well:
Code:
cpanel-dovecot-solr noarch 6.4.0-48.1 @cpanel-plugins 234 M
cpanel-mailman x86_64 2.1.23-9.cp1162 installed 31 M
cpanel-perl-524-Cpanel-CORE-Dependencies x86_64 1.8-1.cp1162 installed 190
cpanel-perl-524-Mail-SpamAssassin x86_64 3.004001-5.cp1162 installed 2.6 M
cpanel-perl-524-Quota x86_64 1.7.2-1.cp1162 installed 43 k
cpanel-roundcubemail noarch 1.2.4-1.cp1162 installed 15 M
dovecot x86_64 2.2.28-4.cp1162 installed 29 M
dovecot-xaps x86_64 2.2.28-1.cp1162 installed 27 k
exim x86_64 4.89-1.cp1162 installed 1.8 M
quota x86_64 1:4.01-14.el7 @base 887 k
quota-devel x86_64 1:4.01-14.el7 @base 9.2 k
Thanks!
Last edited: