Cheat Sheets

Security - No public portmap

Description

The portmap port must no be visible on external IPs.

Check Script: security-no-public-portmap.sh

#!/bin/bash

if netstat -tlpn | egrep -q "0.0.0.0:(111|836).*LISTEN.*(portmap|rpcbind)"; then ext_ips=$(ip a | grep "inet " | egrep -v "inet (172|10|192|127)") if [ "$ext_ips" != "" ]; then result_failed "Portmap port bound on 0.0.0.0" fi fi
Comment on Disqus