Find knowledge base article(s) by searching for keywords in the title e.g. type linux in the search box below
Find knowledge base article(s) by browsing the subject categories of articles
Technology quick references, cheatsheets, user manuals etc.
Shop Online through ShopifyLite
Tutorials on various IT applications.
Search Title    (UL:0 |SS:f)

Software >> OS >> Unix >> Solaris >> 10 >> How to protect rpc/bind with tcp wrappers

Check whether the rpc/bind service currently have the config/enable_tcpwrappers enabled

# svcprop rpc/bind | grep wrappers

config/enable_tcpwrappers boolean false

 

Enable it by setting the property to true:

# svccfg -s svc:/network/rpc/bind setprop config/enable_tcpwrappers=true

# svcadm refresh rpc/bind

 

check the property value

# svcprop rpc/bind | grep wrappers

config/enable_tcpwrappers boolean true

or

# svcprop -p config/enable_tcpwrappers rpc/bind

true

 

Then set the /etc/hosts.deny and /etc/hosts.allow accordingly

e.g.

 /etc/hosts.deny

 ALL: ALL

 

 /etc/hosts.allow

 rpcbind: 127.0.0.1

allow only localhost to use rpc/bind service => all non-local connection to TCP port 111 will be resetted

 

References

[1] http://prefetch.net/blog/index.php/2005/12/21/protecting-rpcbind-with-tcp_wrappers/
[ © 2008-2021 myfaqbase.com - A property of WPDC Consulting ]