How to secure Portmapper with NFS?

Razva

Member
Aug 30, 2012
16
1
3
cPanel Access Level
Root Administrator
Hello,

The best way to secure a server agains Portmapper vulns/scans/ddos is to basically stop and disable the service. Unfortunately this will render NFS unusable which, in my case, is a no-go.

What is the best solution in this case?

Thank you,
Razvan
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Hello,

You may need to enable the service and restrict it with iptables firewall rules. However, keep in mind this is unsupported and more of an OS-related topic that's better answered on a website such as Stackoverflow or the CentOS forums. Here's a third-party URL you may find helpful:

iptables rules for nfs

Additionally, keep in mind that using NFS on a cPanel & WHM environment is unsupported at this time.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Hello,

The "rpcbind" package isn't required unless you utilize NFS mounts on the server. No other cPanel & WHM functionality relies on it. I recommend posting on Stackoverflow or the CentOS forums for more feedback on alternatives to protect against attacks against the PortMapper service when using a NFS mount.

Thank you.