Skip to content

2.1.12 Ensure rpcbind services are not in use

Audit#

Run the following command to verify rpcbind package is not installed: 

# dpkg-query -s rpcbind &>/dev/null && echo "rpcbind is installed"
Nothing should be returned.

- OR - - IF - the rpcbind package is required as a dependency: Run the following command to verify rpcbind.socket and rpcbind.service are not enabled: 

# systemctl is-enabled rpcbind.socket rpcbind.service 2>/dev/null | grep 'enabled'
Nothing should be returned.

Run the following command to verify the rpcbind.socket and rcpbind.service are not active: 

# systemctl is-active cups.socket cups.service 2>/dev/null | grep '^active'
Nothing should be returned.

Note: If the package is required for a dependency - Ensure the dependent package is approved by local site policy - Ensure stopping and masking the service and/or socket meets local site policy

Remediation#

Run the following commands to stop rpcbind.socket and rpcbind.service, and remove the rpcbind package: 

# systemctl stop rpcbind.socket rpcbind.service
# apt purge rpcbind

- OR - - IF - the rpcbind package is required as a dependency: Run the following commands to stop and mask rpcbind.socket and rpcbind.service: 

# systemctl stop rpcbind.socket rpcbind.service
# systemctl mask rpcbind.socket rpcbind.service