rpcbind看起来比较烦,主要是有被入侵风险,为了安全考虑需要关闭相关连带服务:
操作步骤如下:
[root@iZ2zefujjas2g32dlg27giZ local]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:39627 0.0.0.0:* LISTEN 1193/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1237/rpcbind
tcp 0 0 0.0.0.0:20048 0.0.0.0:* LISTEN 1296/rpc.mountd
tcp 0 0 0.0.0.0:44025 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:55555 0.0.0.0:* LISTEN 1205/sshd
tcp6 0 0 :::41067 :::* LISTEN -
tcp6 0 0 :::111 :::* LISTEN 1237/rpcbind
tcp6 0 0 :::20048 :::* LISTEN 1296/rpc.mountd
tcp6 0 0 :::43613 :::* LISTEN 1193/rpc.statd
tcp6 0 0 :::2049 :::* LISTEN -
[root@iZ2zefujjas2g32dlg27giZ local]# which rpcbind
/usr/sbin/rpcbind
[root@iZ2zefujjas2g32dlg27giZ local]# rpm -qf /sbin/rpcbind
rpcbind-0.2.0-49.el7.x86_64
[root@iZ2zefujjas2g32dlg27giZ local]# rpm -qc rpcbind |grep bind
/etc/sysconfig/rpcbind
[root@iZ2zefujjas2g32dlg27giZ local]# systemctl stop rpcbind
Warning: Stopping rpcbind.service, but it can still be activated by:
rpcbind.socket
[root@iZ2zefujjas2g32dlg27giZ local]# cd /usr/lib/systemd/system/
[root@iZ2zefujjas2g32dlg27giZ system]# mv /usr/lib/systemd/system/rpcbind.
rpcbind.service rpcbind.socket rpcbind.target
[root@iZ2zefujjas2g32dlg27giZ system]# mv /usr/lib/systemd/system/rpcbind.socket /usr/lib/systemd/system/rpcbind.socket.bak
[root@iZ2zefujjas2g32dlg27giZ system]# mv /usr/lib/systemd/system/rpcbind.service /usr/lib/systemd/system/rpcbind.service.bak
[root@iZ2zefujjas2g32dlg27giZ system]# mv /usr/lib/systemd/system/rpcbind.target /usr/lib/systemd/system/rpcbind.target.bak
[root@iZ2zefujjas2g32dlg27giZ system]# reboot