6

After installing new debian server, i made intense scan on it to check that it does not have redudant software/open ports.

I found that port 111 is used via rpcbind daemon (debian wheezy installs rpcbind package by default).

I found that they are used for NFS. Does they affect anything else? Can i remove this package, and will my server keep safe after that?

avasin
  • 279
  • 1
  • 5
  • 12

2 Answers2

8

Actually rpcbind included with the nfs-client package isn't installed by default. It's installed by default if you choose the "standard system utilities" in the tasksel menu during installation.

It's safe to remove everything from this list if you don't want a "bloated distribution". As example it will not install Exim4 MTA, which in my opinion is a waste of time on small server.

If you need NFS Client services just install the nfs-client package after the installation and you'll keep a low footprint on your server box.

Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
1

Yes, you can safely remove rpcbind if you don't plan on using NFS on your server.

thor
  • 648
  • 1
  • 7
  • 18
  • I use NFS as a client, not as a server (/var/git is mounted as an NFS share from another server on my LAN). Can I still remove rpcbind? – Cyrille Dec 06 '13 at 09:55
  • @Cyrille yes, I think you can still remove it. From https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-methodology-portmap.html: "RPC processes notify rpcbind when they start, registering the ports they are listening on and the RPC program numbers they expect to serve. The client system then contacts rpcbind on the server with a particular RPC program number. The rpcbind service redirects the client to the proper port number so it can communicate with the requested service". There are no services on a client. But, test first. – thor Dec 09 '13 at 06:55
  • 1
    I confirm mounting a NFS share works without rpcbind on the client. Thanks @Thor. – Cyrille Dec 09 '13 at 07:45