4.1.2.11 portmap

Information

If all RPC services are disabled, disable the portmap daemon itself.

The portmap daemon is required for the RPC service. It converts the RPC program numbers into Internet port numbers. The daemon may be disabled if the server is not:

An NFS server

A NIS (YP) or NIS+ server

Running the CDE GUI

Running a third-party software application that relies on RPC support

Rationale:

If no RPC services are required then there is no need to start the portmap daemon at boot time.

A start of portmap can be done either manually, or scripted, should RPC port-mapping support be needed post-IPL.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Review any active RPC services:

rpcinfo -p localhost

Run the program above (in Audit) with the argument fix

check exit status (should be 0)

Default Value:

Enabled

Additional Information:

Reversion:

Restore in portmap startup in /etc/rc.tcpip:

chrctcp -a portmap

startsrc -s portmap

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 55520aab40f81480d35807acb2ee85021c1abd8c5cb3fe9fecd56ac84780470a