← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-22429

CAT II (Medium)

The portmap or rpcbind service must not be running unless needed.

Rule ID

SV-45785r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-001336

Discussion

The portmap and rpcbind services increase the attack surface of the system and should only be used when needed. The portmap or rpcbind services are used by a variety of services using Remote Procedure Calls (RPCs).

Check Content

Check the status of the portmap and/or rpcbind service.
# rcportmap status
# rcrpcbind status

If the service is running, this is a finding.

Fix Text

Shutdown and disable the portmap and/or rpcbind service.
# rcportmap stop; insserv –r portmap
# rcrpcbind stop; insserv –r rpcbind