Software >> OS >> Unix >> Solaris >> 10 >> How to protect rpc/bind with tcp wrappers

Check whether the rpc/bind service currently have the config/enable_tcpwrappers enabled

# svcprop rpc/bind | grep wrappers

config/enable_tcpwrappers boolean false

 

Enable it by setting the property to true:

# svccfg -s svc:/network/rpc/bind setprop config/enable_tcpwrappers=true

# svcadm refresh rpc/bind

 

check the property value

# svcprop rpc/bind | grep wrappers

config/enable_tcpwrappers boolean true

or

# svcprop -p config/enable_tcpwrappers rpc/bind

true

 

Then set the /etc/hosts.deny and /etc/hosts.allow accordingly

e.g.

 /etc/hosts.deny

 ALL: ALL

 

 /etc/hosts.allow

 rpcbind: 127.0.0.1

allow only localhost to use rpc/bind service => all non-local connection to TCP port 111 will be resetted

 

References

[1] http://prefetch.net/blog/index.php/2005/12/21/protecting-rpcbind-with-tcp_wrappers/