Jump to content

22.08 Jammy Downloads - why are NFS and OpenVPN servers installed?


Recommended Posts

Posted (edited)

Sorry for bumping, but I have just tried Armbian_23.02.2_Pine64_jammy_current_5.15.93.img and there is rpcbind started on boot and listening on all interfaces:

 

root@pine64:~# netstat -atnp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      694/rpcbind         
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      695/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1426/sshd: /usr/sbi 
tcp6       0      0 :::111                  :::*                    LISTEN      694/rpcbind         
tcp6       0      0 :::22                   :::*                    LISTEN      1426/sshd: /usr/sbi 

 

I think this is a security risk

Edited by cvxx
Posted

Seems like nfs-common depends on rpc-bind which is the reason this is pre-installed. So multiple ways to address:

 

- leave it as it is

- remove nfs-common and therefore rpc-bind

- provide custom config to make rpc-bind listen to localhost only (which could confuse users who'd expect default behavior instead on installation)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines