Ensure rpcbind Services Are Disabled and Not Running : iCompaas Support

Profile Applicability:
• Level 1

Description:
The rpcbind service maps RPC program numbers to network addresses. If not required, disabling rpcbind reduces the system’s attack surface and mitigates risks associated with unauthorized RPC access.

Rationale:
Disabling unused rpcbind services helps prevent exploitation of RPC-related vulnerabilities and limits unnecessary network exposure.

Impact:
Pros:

Minimizes network services and reduces attack vectors.
Enhances system security by limiting RPC access.

Cons:

Disabling rpcbind on systems that require RPC may disrupt functionality.

Default Value:
rpcbind service may be enabled by default on some systems.

Pre-requisites:

Root or sudo privileges to manage system services.

Remediation:

Test Plan:

Using Linux command line:

1. Check if rpcbind service is enabled:

systemctl is-enabled rpcbind

2. Check if rpcbind service is running:

systemctl status rpcbind

Implementation Plan:

Using Linux command line:

1. Disable the rpcbind service:

systemctl disable rpcbind

2. Stop the running rpcbind service:

systemctl stop rpcbind

3. Verify service is disabled and stopped:

systemctl is-enabled rpcbind  
systemctl status rpcbind

Backout Plan:

Using Linux command line:

1. Enable and start the rpcbind service if required:

systemctl enable rpcbind  
systemctl start rpcbind

2. Verify service status.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
Systemd Service Management

Ensure rpcbind Services Are Disabled and Not Running Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles