<div>
<div class="content wysiwyg-content">
Hi, 
 
From my PCI vulnerability scan i have discovered that i need to close down the service sunrpcportmap on my dedicated web server. &nbsp; 
 
I've found some iptable instructions to this end: . 
 
iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP 
iptables -A INPUT -p udp -s! 192.168.0.0/24 &nbsp;--dport 111 -j DROP 
 
iptables -A INPUT -p tcp -s 127.0.0.1 &nbsp;--dport 111 -j ACCEPT 
 
but am a wee bit confused about what IP/IP range to allow? 
 
If it helps, here's what rpcinfo -p pumps out 
 
&nbsp; &nbsp;program vers proto &nbsp; port &nbsp;service 
&nbsp; &nbsp; 100000 &nbsp; &nbsp;4 &nbsp; tcp &nbsp; &nbsp;111 &nbsp;portmapper 
&nbsp; &nbsp; 100000 &nbsp; &nbsp;3 &nbsp; tcp &nbsp; &nbsp;111 &nbsp;portmapper 
&nbsp; &nbsp; 100000 &nbsp; &nbsp;2 &nbsp; tcp &nbsp; &nbsp;111 &nbsp;portmapper 
&nbsp; &nbsp; 100000 &nbsp; &nbsp;4 &nbsp; udp &nbsp; &nbsp;111 &nbsp;portmapper 
&nbsp; &nbsp; 100000 &nbsp; &nbsp;3 &nbsp; udp &nbsp; &nbsp;111 &nbsp;portmapper 
&nbsp; &nbsp; 100000 &nbsp; &nbsp;2 &nbsp; udp &nbsp; &nbsp;111 &nbsp;portmapper 
 
Can someone explain this to me/advise, please?
</div>
</div>

Hi,

From my PCI vulnerability scan i have discovered that i need to close down the service sunrpcportmap on my dedicated web server.  

I've found some iptable instructions to this end: .

iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
iptables -A INPUT -p udp -s! 192.168.0.0/24  --dport 111 -j DROP

iptables -A INPUT -p tcp -s 127.0.0.1  --dport 111 -j ACCEPT

but am a wee bit confused about what IP/IP range to allow?

If it helps, here's what rpcinfo -p pumps out

   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper

Can someone explain this to me/advise, please?

How to secure Portmapper on Centos server

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Linux Security

A web server refers to the software that helps to deliver web content that can be accessed either through the Internet or through an intranet. The primary function of a web server is to store, process and deliver web pages to clients. The communication between client and server takes place using the Hypertext Transfer Protocol (HTTP). The most common use of web servers is to host websites, but there are other uses such as gaming, data storage, running enterprise applications, handling email, FTP, etc.