Re: how to keep portmap from running?
Anthony Campbell [EMAIL PROTECTED] writes: On 22 Nov 2000, Christoph Simon wrote: On Wed, 22 Nov 2000 14:59:52 -0800 (PST) Peter Jay Salzman [EMAIL PROTECTED] wrote: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? Have a look at /etc/init.d/portmap -- Christoph Simon [EMAIL PROTECTED] --- Is it a good idea to stop portmap from running? I did this a long time ago and it broke a lot of things (couldn't send or receive mail, as I remember). In the past there have been a few security incidents with things associated with portmap. I definately don't run it on my 24/7 system that's connected to the internet. If you do use it make sure you use tcp wrappers to secure it. It should NOT affect email. The only thing I know of that uses portmap is NFS. Gary
Re: how to keep portmap from running?
Gary Hennigan wrote: Anthony Campbell [EMAIL PROTECTED] writes: On 22 Nov 2000, Christoph Simon wrote: On Wed, 22 Nov 2000 14:59:52 -0800 (PST) Peter Jay Salzman [EMAIL PROTECTED] wrote: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? Have a look at /etc/init.d/portmap -- Christoph Simon [EMAIL PROTECTED] --- Is it a good idea to stop portmap from running? I did this a long time ago and it broke a lot of things (couldn't send or receive mail, as I remember). In the past there have been a few security incidents with things associated with portmap. I definately don't run it on my 24/7 system that's connected to the internet. If you do use it make sure you use tcp wrappers to secure it. Hi! How is that done? (or where can I find info regarding this) TIA Thorsten It should NOT affect email. The only thing I know of that uses portmap is NFS. Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to keep portmap from running?
Manegold [EMAIL PROTECTED] writes: Gary Hennigan wrote: In the past there have been a few security incidents with things associated with portmap. I definately don't run it on my 24/7 system that's connected to the internet. If you do use it make sure you use tcp wrappers to secure it. Hi! How is that done? (or where can I find info regarding this) Look in /etc/hosts.deny and /etc/hosts.allow. Those are the files for control of tcpwrapped programs, like portmap. The man page to read would be hosts_access and you can also read about securing portmapper via this mechanism in /usr/doc/netbase/portmapper.txt.gz Gary
Re: how to keep portmap from running?
On 22 Nov 2000, Christoph Simon wrote: On Wed, 22 Nov 2000 14:59:52 -0800 (PST) Peter Jay Salzman [EMAIL PROTECTED] wrote: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? Have a look at /etc/init.d/portmap -- Christoph Simon [EMAIL PROTECTED] --- Is it a good idea to stop portmap from running? I did this a long time ago and it broke a lot of things (couldn't send or receive mail, as I remember). Anthony -- Anthony Campbell - running Linux Debian 2.2 (Windows-free zone) Over 100 book reviews: http://www.cix.co.uk/~acampbell/bookreviews/ Skeptical essays: http://www.cix.co.uk/~acampbell/freethinker/ Palo y tente tieso. (Spanish proverb) Free translation: Holdfast is your only dog.
Re: how to keep portmap from running?
* Peter Jay Salzman [EMAIL PROTECTED] [231100 09:16]: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? This is more of a question to the readers of this thread than directly to you Pete, but: What are the ramifications of turning portmapper on or off? I've gotten the (perhaps mistaken) impression that portmapper presents some security risks but it almost seems like I have to have it running to get other services to work properly. Is there an alternative to running portmapper? Any discussion is welcome, rob.jacobs (r.a.jacobs) ~one of these days I'll put this into my mutt .sig file :)~
Re: how to keep portmap from running?
On Thu, 23 Nov 2000, Robert A. Jacobs wrote: * Peter Jay Salzman [EMAIL PROTECTED] [231100 09:16]: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? This is more of a question to the readers of this thread than directly to you Pete, but: What are the ramifications of turning portmapper on or off? I've gotten the (perhaps mistaken) impression that portmapper presents some security risks but it almost seems like I have to have it running to get other services to work properly. Portmapper maps the RPC services to ports. The list of services it deals with are listed in /etc/rpc. Most of them deal with clustered computing, so you'll need to run portmap if you're using nfs, yp, or (I think) trying to do a beowulf-type setup. Otherwise, you probably don't need it. You could try doing a `rpcinfo -p localhost` to find out what your computer is making available. Is there an alternative to running portmapper? Portmap is a fairly big security risk, since it allows lots of new access to your machine. You may remember a recent rpc.statd exploit that could have been prevented if the target machine was not running portmap. Of course, if you need it, then you need it. Use TCP wrappers to protect yourself. If you're behind a firewall, this is less of an issue, but layered security is still the way to go. Damian Menscher -- --==## Grad. student Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Re: how to keep portmap from running?
On Thu, 23 Nov 2000 10:02:38 -0600 (CST), Damian Menscher said: Portmapper maps the RPC services to ports. The list of services it deals with are listed in /etc/rpc. Most of them deal with clustered computing, so you'll need to run portmap if you're using nfs, yp, or (I think) trying to do a beowulf-type setup. Otherwise, you probably don't need it. You could try doing a `rpcinfo -p localhost` to find out what your computer is making available. Is it needed for Samba servers? -- Andrew
Re: how to keep portmap from running?
On Thu, Nov 23, 2000 at 04:21:13PM +, Pollywog wrote: On Thu, 23 Nov 2000 10:02:38 -0600 (CST), Damian Menscher said: Portmapper maps the RPC services to ports. The list of services it deals with are listed in /etc/rpc. Most of them deal with clustered computing, so you'll need to run portmap if you're using nfs, yp, or (I think) trying to do a beowulf-type setup. Otherwise, you probably don't need it. You could try doing a `rpcinfo -p localhost` to find out what your computer is making available. Is it needed for Samba servers? Nope. -- ---+- Change is inevitable. | A n d r e j M a r j a n Progress is not. | [EMAIL PROTECTED] ---+-
how to keep portmap from running?
bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? pete
Re: how to keep portmap from running?
On Wed, 22 Nov 2000 14:59:52 -0800 (PST) Peter Jay Salzman [EMAIL PROTECTED] wrote: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? Have a look at /etc/init.d/portmap -- Christoph Simon [EMAIL PROTECTED] --- ^X^C q quit :q ^C end x exit ZZ ^D ? help shit .
Re: how to keep portmap from running?
On Wed, 22 Nov 2000 14:59:52 -0800 (PST), Peter Jay Salzman said: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? I have a portmap script in /etc/init.d Are you sure you don't have one? Just put exit 0 on a line by itself near the top of the script, after the #!/bin/sh That will keep it from starting. -- Andrew
Re: how to keep portmap from running?
well, the thing is that /etc/init.d/portmap doesn't get run. symlinks to it from within the rc.\.d directories do. i guess i could just blow away the portmap script, and that might do it once and for all. but it's wierd how the thing gets run but isn't mentioned in the rc directories. there was no symlink to /etc/init.d/portmap from /etc/rc2.d, and no mention of portmap or rpc in /etc/inetd.conf a mystery... portmap is a wierd thing for debian to force on people. i notice it's in the netbase package, which i'm not going to uninstall any time soon... pete On Wed, 22 Nov 2000, Pollywog wrote: On Wed, 22 Nov 2000 14:59:52 -0800 (PST), Peter Jay Salzman said: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? I have a portmap script in /etc/init.d Are you sure you don't have one? Just put exit 0 on a line by itself near the top of the script, after the #!/bin/sh That will keep it from starting. -- Andrew
Re: how to keep portmap from running?
Peter Jay Salzman wrote: well, the thing is that /etc/init.d/portmap doesn't get run. symlinks to it from within the rc.\.d directories do. They're just symlinks to the files in /etc/init.d. The files in /etc/init.d *are* the ones actually being run. i guess i could just blow away the portmap script, and that might do it once and for all. but it's wierd how the thing gets run but isn't mentioned in the rc directories. there was no symlink to /etc/init.d/portmap from /etc/rc2.d, and no mention of portmap or rpc in /etc/inetd.conf a mystery... If you haven't done anything strange to your startup files, there should be a link somewhere. Keep looking. If you want to assure yourself that the portmap script is being run, put some echo statements at the beginning of the script (after the #!/bin/sh line) and see if they come up when you boot. Otherwise just put 'exit 0' there, as someone already said. You could also put 'echo $0' there, to print out how portmap is being called. That should tell you where the symlink is. portmap is a wierd thing for debian to force on people. i notice it's in the netbase package, which i'm not going to uninstall any time soon... Apparently portmap has been moved into its own package in Woody. Matthew
Re: how to keep portmap from running?
Search the list archives. I suggested a (relatively clean) method no more than a couple of weeks ago. On Wed, Nov 22, 2000 at 14:59, Peter Jay Salzman wrote: bleah. how do i keep this program from starting on boot? i looked in /etc/init.d. can't even find a startup script for this thing! it's not in inetd.conf either. how does this thing get started? pete Luck, Pann -- geek by nature, Linux by choice L I N U X .~. The Choice /V\ http://www.ourmanpann.com/linux/ of a GNU /( )\ Generation ^^-^^
Re: how to keep portmap from running?
In article [EMAIL PROTECTED], Peter Jay Salzman [EMAIL PROTECTED] wrote: well, the thing is that /etc/init.d/portmap doesn't get run. symlinks to it from within the rc.\.d directories do. i guess i could just blow away the portmap script, and that might do it once and for all. but it's wierd how the thing gets run but isn't mentioned in the rc directories. There are 2 ways portmap can get started: 1. Through a Sxxportmap symlink in /etc/rc?.d 2. Through /etc/init.d/mountnfs.sh If you have an NFS mount in /etc/fstab, mountnfs.sh will start portmapper at bootup because it's needed for the NFS mount. If you don't want portmap, don't use NFS mounts. Mike.
