sfx2000 Posted September 6, 2022 Posted September 6, 2022 Grabbed the latest Jammy download for NanoPi Neo 2 - https://redirect.armbian.com/nanopineo2/Jammy_current Have to ask - why servers preinstalled and default configured? I found NFS/rpcbind and OpenVPN preinstalled on the image - this is a security risk that can be easily avoided. 0 Quote
Igor Posted September 7, 2022 Posted September 7, 2022 6 hours ago, sfx2000 said: Have to ask - why servers preinstalled and default configured? Idea was to provide client part, so I don't know why server was also there. If you agree with the change, comment & approve: https://github.com/armbian/build/pull/4162 0 Quote
cvxx Posted March 28, 2023 Posted March 28, 2023 (edited) Sorry for bumping, but I have just tried Armbian_23.02.2_Pine64_jammy_current_5.15.93.img and there is rpcbind started on boot and listening on all interfaces: root@pine64:~# netstat -atnp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 694/rpcbind tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 695/systemd-resolve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1426/sshd: /usr/sbi tcp6 0 0 :::111 :::* LISTEN 694/rpcbind tcp6 0 0 :::22 :::* LISTEN 1426/sshd: /usr/sbi I think this is a security risk Edited March 28, 2023 by cvxx 0 Quote
Werner Posted March 28, 2023 Posted March 28, 2023 Seems like nfs-common depends on rpc-bind which is the reason this is pre-installed. So multiple ways to address: - leave it as it is - remove nfs-common and therefore rpc-bind - provide custom config to make rpc-bind listen to localhost only (which could confuse users who'd expect default behavior instead on installation) 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.