Jump to content

22.08 Jammy Downloads - why are NFS and OpenVPN servers installed?


sfx2000

Recommended Posts

Sorry for bumping, but I have just tried Armbian_23.02.2_Pine64_jammy_current_5.15.93.img and there is rpcbind started on boot and listening on all interfaces:

 

root@pine64:~# netstat -atnp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      694/rpcbind         
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      695/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1426/sshd: /usr/sbi 
tcp6       0      0 :::111                  :::*                    LISTEN      694/rpcbind         
tcp6       0      0 :::22                   :::*                    LISTEN      1426/sshd: /usr/sbi 

 

I think this is a security risk

Edited by cvxx
Link to comment
Share on other sites

Seems like nfs-common depends on rpc-bind which is the reason this is pre-installed. So multiple ways to address:

 

- leave it as it is

- remove nfs-common and therefore rpc-bind

- provide custom config to make rpc-bind listen to localhost only (which could confuse users who'd expect default behavior instead on installation)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines