Disable portmapper in CentOS 7
If you don’t have any other network services running on your Linux system, you probably don’t need portmapper running. Here are the steps to check and to disable portmap.
What portmapper does
Portm apper is a special Unix/Linux service that runs on networked systems that provide RPC (Remote Procedure Call) based services, like NFS.
Port mapper service is called portmapper and always runs on TCP and UDP ports 111.
IMPORTANT: back in 2015 portmapper was confirmed as vulnerable for Distributed Denial of Service attacks (DDoS) – so it’s considered a good practice to disable it or at least protect using firewall.
List RPC services
You can use rpcinfo command to list currently active RPC services on your system.
In my example below there’s nothing else running RPC, just the portmapper itself:
root@s5:~ # rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper
Stop portmapper in CentOS 7
Somewhat confusing, the service providing portmapper functionality is always called rpcbind.
First, let’s stop the portmapper service:
root@s5:~ # systemctl stop rpcbind Warning: Stopping rpcbind.service, but it can still be activated by: rpcbind.socket root@s5:~ # systemctl stop rpcbind.socket
Prevent portmapper from restarting upon reboot
Now, let’s make sure the service is also disabled:
root@s5:~ # systemctl disable rpcbind Removed symlink /etc/systemd/system/multi-user.target.wants/rpcbind.service.
And just to confirm it’s all done correctly, let’s run rpcinfo again, it will return an error now:
root@s5:~ # rpcinfo -p rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused