Arch Linux

drakosha

Member

Registered: 2006-01-03

Posts: 253

Website

famd and portmap open ports - are they safe to use?

recently i added famd to my setup (xfce4/thunar know to update views with it). However, ports were opened which made me cautious - is it safe to use it?

>sudo netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 *:876                   *:*                     LISTEN      22324/famd          
tcp        0      0 *:sunrpc                *:*                     LISTEN      22314/portmap       
tcp        0      0 *:6000                  *:*                     LISTEN      22409/X             
tcp        0      0 *:ssh                   *:*                     LISTEN      10136/sshd          
udp   108088      0 *:bootpc                *:*                                 450/dhcpcd          
udp        0      0 *:sunrpc                *:*                                 22314/portmap       
raw        0      0 *:icmp                  *:*                     7           22371/vmnet-natd

oliv

Member

Registered: 2005-04-17

Posts: 58

Re: famd and portmap open ports - are they safe to use?

In my view, it's safe but not secure.

It's not really dangerous but someone on your network can use this services to enumerate your system.

What is usually done is that tcpwrapper (using /etc/hosts.deny and hosts.allow), or your firewall rules use of this service.

The issue is that portmap isnt' linked with tcpwrapper. Maybe it's a bug, I'll check it.

ataraxia

Member

From: Pittsburgh

Registered: 2007-05-06

Posts: 1,553

Re: famd and portmap open ports - are they safe to use?

You can stop famd from opening ports by changing "local_only" to be true in /etc/fam/fam.conf.

It's curious that portmap isn't linked with libwrap - the manpage is wrong.

attila

Member

Registered: 2006-11-14

Posts: 293

Re: famd and portmap open ports - are they safe to use?

What is usually done is that tcpwrapper (using /etc/hosts.deny and hosts.allow), or your firewall rules use of this service.

Why not all three options? On my server i have line for deny all in in hosts.deny and a deny rule in hosts.allow and a running firewall without opening the custom ports. It is only bad if you do nothing.-)

The issue is that portmap isnt' linked with tcpwrapper. Maybe it's a bug, I'll check it.

I see your report (http://bugs.archlinux.org/task/7096). The solution for it is easy and you can do this workaround until the package will be updated.