Project

General

Profile

Actions
Copy link

Task #1889

closed

Portmap issues

Added by Alexander Werner about 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Alexander Werner
Category:
-
Target version:
Team - Pool
Start date:
Due date:
% Done:

0%

Tags:
Salt
URL:

Description

Our default setup creates and opens rpcbind.
This might be dangerous and used for DDoS Attacks if open to the general, but the service is needed for some parts of our infra.
The current solution of security.rpcbind doesn't seem to work as expected, need triaging and some work to fix it permanently.

Actions
Copy link
 #1

Updated by Christian Lohmaier almost 8 years ago

Found the reason why rpcbind did reappear on vm172-vm172:

disabling the service via salt, does indeed disable systemd based config, but debian has additional /etc/init/rpcbind-boot.conf (and /etc/init/rpcbind.conf ) - those nevertheless trigger starting of rpcbind when the machine is rebooted.

However, when disabling rpcbind on the host itself using sudo systemctl disable rpcbind a file /etc/init/rpcbind.override with content "manual" is created.

So solution for salt-based setup is to either find out why the override file is not triggered (probably it doesn't call systemctrl but manually removes the service from the wants target), or just create that file using a file.managed.

Actions
Copy link
 #2

Updated by Alexander Werner almost 8 years ago

  • Status changed from New to Closed

Fixed in salt

Actions
Copy link

Also available in: Atom PDF