rpcbind lingering on IP no longer specified on command line
Gavin Atkinson
gavin.atkinson at ury.york.ac.uk
Thu Jan 5 03:10:33 PST 2006
On Wed, 2006-01-04 at 15:44 -0500, Vivek Khera wrote:
> On Jan 4, 2006, at 2:41 PM, Doug Barton wrote:
>
> > What does 'sockstat | grep rpcbind' tell you?
>
> # sockstat | grep rpcbind
> root rpcbind 11382 5 stream /var/run/rpcbind.sock
> root rpcbind 11382 6 dgram -> /var/run/logpriv
> root rpcbind 11382 7 udp4 127.0.0.1:111 *:*
> root rpcbind 11382 8 udp4 192.168.100.200:111 *:*
> root rpcbind 11382 9 udp4 *:664 *:*
> root rpcbind 11382 10 tcp4 *:111 *:*
>
> As Dmitry Morozovsky points out, it seems it always listens to tcp *:
> 111 which seems to be a bad thing. I'm running 6.0-RELEASE-p1.
>
> This came up because of some security scans we're having run for some
> compliance certificates we need...
>
> Can anyone explain why rpcbind will still bind to all tcp interfaces?
Although I believe this is a bug, it is actually working as documented:
from rpcbind(8):
-h bindip
Specify specific IP addresses to bind to for UDP requests.
Gavin
More information about the freebsd-stable
mailing list