← Back to Solaris 11 X86 Security Technical Implementation Guide

V-216059

CAT II (Medium)

The rpcbind service must be configured for local only services unless organizationally defined.

Rule ID

SV-216059r959010_rule

STIG

Solaris 11 X86 Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

The portmap and rpcbind services increase the attack surface of the system and should only be used when needed. The portmap or rpcbind services are used by a variety of services using remote procedure calls (RPCs). The organization may define and document the limited use of services (for example NFS) that may use these services with approval from their Authorizing Official.

Check Content

Check the status of the rpcbind service local_only property.
# svcprop -p config/local_only network/rpc/bind

If the state is not "true", this is a finding, unless it is required for system operations, then this is not a finding.

Fix Text

The Service Management profile is required.

If services such as portmap or rpcbind are required for system operations, the operator must document the services used and obtain approval from their Authorizing Official. They should also document the method(s) of blocking all other remote accesses through tools like a firewall or tcp_wrappers.
Otherwise, configure the rpc/bind service for local only access. 

# svccfg -s network/rpc/bind setprop config/local_only=true