Our default setup creates and opens rpcbind.
This might be dangerous and used for DDoS Attacks if open to the general, but the service is needed for some parts of our infra.
The current solution of security.rpcbind doesn't seem to work as expected, need triaging and some work to fix it permanently.
#1 Updated by Christian Lohmaier about 2 years ago
Found the reason why rpcbind did reappear on vm172-vm172:
disabling the service via salt, does indeed disable systemd based config, but debian has additional
/etc/init/rpcbind-boot.conf (and /etc/init/rpcbind.conf ) - those nevertheless trigger starting of rpcbind when the machine is rebooted.
However, when disabling rpcbind on the host itself using
sudo systemctl disable rpcbind a file
/etc/init/rpcbind.override with content "manual" is created.
So solution for salt-based setup is to either find out why the override file is not triggered (probably it doesn't call systemctrl but manually removes the service from the wants target), or just create that file using a file.managed.