How to secure Portmapper with NFS?

Razva

• April 09, 2018 05:30

Hello, The best way to secure a server agains Portmapper vulns/scans/ddos is to basically stop and disable the service. Unfortunately this will render NFS unusable which, in my case, is a no-go. What is the best solution in this case? Thank you, Razvan

• 

  cPanelMichael

  • April 09, 2018 15:41

  Hello, You may need to enable the service and restrict it with iptables firewall rules. However, keep in mind this is unsupported and more of an OS-related topic that's better answered on a website such as Stackoverflow or the CentOS forums. Here's a third-party URL you may find helpful: iptables rules for nfs Additionally, keep in mind that using NFS on a cPanel & WHM environment is unsupported at this time. Thank you.

  0
• 

  Razva

  • April 09, 2018 15:47

  Will cPanel complain when adding firewall rules that restrict it? Is there any other way to secure this? Thank you!

  0
• 

  cPanelMichael

  • April 09, 2018 15:52

  Hello, The "rpcbind" package isn't required unless you utilize NFS mounts on the server. No other cPanel & WHM functionality relies on it. I recommend posting on Stackoverflow or the CentOS forums for more feedback on alternatives to protect against attacks against the PortMapper service when using a NFS mount. Thank you.

  0

Please sign in to leave a comment.