Fixer les ports NFS pour pouvoir les filtrer (etch)

Doc : http://wiki.debian.org/?SecuringNFS

/etc/default/nfs-common :

STATDOPTS="--port 32775 --outgoing-port 32776"

/etc/default/nfs-kernel-server :

RPCMOUNTDOPTS="--port 32778"

/etc/default/quota :

RPCRQUOTADOPTS="--port 32779"

/etc/sysctl.conf (prochain reboot) :

fs.nfs.nlm_tcpport=32777
fs.nfs.nlm_udpport=32777

/etc/services (pour mieux s'y retrouver) :

rpc.statd-bc    32775/tcp                       # RPC statd broadcast (LOCAL)
rpc.statd-bc    32775/udp                       # RPC statd broadcast (LOCAL)
rpc.statd       32776/tcp                       # RPC statd listen (LOCAL)
rpc.statd       32776/udp                       # RPC statd listen (LOCAL)
rcp.lockd       32777/tcp                       # RPC lockd/nlockmgr (LOCAL)
rcp.lockd       32777/udp                       # RPC lockd/nlockmgr (LOCAL)
rpc.mountd      32778/tcp                       # RPC mountd (LOCAL)
rpc.mountd      32778/udp                       # RPC mountd (LOCAL)
rpc.quotad      32779/tcp                       # RPC quotad (LOCAL)
rpc.quotad      32779/udp                       # RPC quotad (LOCAL)

Pour finir :

#> sysctl fs.nfs.nlm_tcpport=32777
fs.nfs.nlm_tcpport = 32777

#> sysctl fs.nfs.nlm_tcpport=32777
fs.nfs.nlm_tcpport = 32777

#> /etc/init.d/nfs-common restart
Stopping NFS common utilities: statd.
Starting NFS common utilities: statd.

#> /etc/init.d/nfs-kernel-server restart
Stopping NFS kernel daemon: mountd nfsd.
Unexporting directories for NFS kernel daemon....
Exporting directories for NFS kernel daemon....
Starting NFS kernel daemon: nfsd mountd.

#> rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   udp  32777  nlockmgr
    100021    3   udp  32777  nlockmgr
    100021    4   udp  32777  nlockmgr
    100021    1   tcp  32777  nlockmgr
    100021    3   tcp  32777  nlockmgr
    100021    4   tcp  32777  nlockmgr
    100005    1   udp  32778  mountd
    100005    1   tcp  32778  mountd
    100005    2   udp  32778  mountd
    100005    2   tcp  32778  mountd
    100005    3   udp  32778  mountd
    100005    3   tcp  32778  mountd
    100024    1   udp  32775  status
    100024    1   tcp  32775  status
 
debian/security.txt · Dernière modification: 2009/02/21 14:42 par ltaulell