Turn off RPC. On Linux systems Method of statd service

Time:2022-1-12

In order to make the Linux host less hidden dangers, we should cancel or delete some unnecessary services as much as possible.
We can first see which ports are open

Copy code

The code is as follows:

[[email protected] linsc]# nmap 127.0.0.1
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-12-05 21:28 CST
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1652 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
766/tcp open unknown
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
Nmap run completed — 1 IP address (1 host up) scanned in 0.194 seconds

You can see that port 766 is open and an unknown service is running. What service is this? I don’t know at this time.

Copy code

The code is as follows:

[[email protected] linsc]# netstat -lp

You can see the following:,

Copy code

The code is as follows:

tcp 0 0 *:766 *:* LISTEN 3128/rpc.statd

The description is RPC Statd is running.
Just look at 766. It’s another way to listen to the port for command execution

Copy code

The code is as follows:

[[email protected] linsc]# lsof -i:766
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
rpc.statd 3128 rpcuser 8u IPv4 6467 TCP *:766 (LISTEN)

View RPC The command statd is the documentation of the installation package

Copy code

The code is as follows:

[[email protected] linsc]# rpm -qf /sbin/rpc.statd
nfs-utils-1.0.6-80.EL4

Check what’s at the beginning of NFS

Copy code

The code is as follows:

[[email protected] linsc]# ls /etc/init.d/nfs*
/etc/init.d/nfs /etc/init.d/nfslock

View nfslock status

Copy code

The code is as follows:

[[email protected] linsc]# /etc/init.d/nfslock status
rpc. Statd (PID 3128) is running
[[email protected] linsc]# vi /etc/services

Find the NFS in it, add # comments in front of it, and restart it,

Copy code

The code is as follows:

[[email protected] linsc]# nmap 127.0.0.1
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-12-05 21:55 CST
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1653 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
Nmap run completed — 1 IP address (1 host up) scanned in 0.194 seconds