Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Ubuntu 22.04
Services
NFS and RPC
Disable All NFS Services if Possible
Disable Services Used Only by NFS
Disable Services Used Only by NFS
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Disable Services Used Only by NFS
1 Rule
If NFS is not needed, disable the NFS client daemons nfslock, rpcgssd, and rpcidmapd.
All of these daemons run with elevated privileges, and many listen for network connections. If they are not needed, they should be disabled to improve system security posture.
Uninstall rpcbind Package
Low Severity
The rpcbind utility maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start, registering the ports they are listening on and the RPC program numbers they expect to serve. The rpcbind service redirects the client to the proper port number so it can communicate with the requested service. If the system does not require RPC (such as for NFS servers) then this service should be disabled. The
rpcbind
package can be removed with the following command:
$ apt-get remove rpcbind