[OPEN-ILS-DEV] Security question

Bill Erickson erickson at esilibrary.com
Mon Jun 2 10:23:23 EDT 2008


On Monday 02 June 2008 10:16 Robert wrote:
> Hi all,
>
>   I was wondering how important port 111 is to have listening? I know that
> it is linked to portmapper which has some security vulnerabilities and was
> wondering if it was blocked if I could connect to the server or not? Is it
> used to connect the staff client to the server by assigning ports for the
> connections? I'm assuming that is what it is used for. I would try to block
> it myself but there is a lot of testing going on with our Evergreen serrver
> right now and I don't want to kick everyone off of it.

Portmapper is used for managing NFS shares.  (Probably other stuff as well).  
Evergreen does not use it directly, but may rely on it in a brick/cluster 
scenario where shared directories are mounted.

As far as security goes, you can limit who has access to that service by 
adding appropriate entries in /etc/hosts.allow.  For example:

portmap: 192.168.0.0/255.255.255.0

Hope this helps,

-b

-- 
Bill Erickson
| VP, Software Development & Integration
| Equinox Software, Inc. / The Evergreen Experts
| phone: 877-OPEN-ILS (673-6457)
| email: erickson at esilibrary.com
| web: http://esilibrary.com


More information about the Open-ils-dev mailing list