LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-08-2008, 07:47 PM   #1
tieuphongvan
LQ Newbie
 
Registered: Apr 2008
Posts: 14

Rep: Reputation: 0
Disable RPC nlockmgr service on RHEL AS 4 - How?


I was running a network security scan on my server and got the following warning message:


---------------------------------------------
"nlockmgr: RPC nlockmgr service

The RPC nlockmgr service has been detected as running. The nlockmgr is part of the file locking manager system for NFS. It forwards
local file locking requests to the lock manager on the server system. The nlockmgr service registers with the RPC portmapper as program
100021.

Remedy:
This service should be disabled if your system is not acting as either an NFS client or server."
------------------------------------------------


And this is what I got when I do a # rpcinfo -p command:

program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 32780 nlockmgr
100021 3 udp 32780 nlockmgr
100021 4 udp 32780 nlockmgr
100021 1 tcp 33007 nlockmgr
100021 3 tcp 33007 nlockmgr
100021 4 tcp 33007 nlockmgr
100024 1 udp 928 status
100024 1 tcp 931 status



My server is not a NFS client or server, so I need to disable the nlockmgr service that is currently running but not sure how. Any hint? Please help! Appreciate it.
 
Old 04-08-2008, 10:56 PM   #2
mcd
Member
 
Registered: Aug 2003
Location: Boulder, CO
Distribution: Slackware, RHEL, CentOS
Posts: 825

Rep: Reputation: 33
well, on red hat you can check the list of services and when they are configured to start like this:

Code:
/sbin/chkconfig --list
usually I want to only look at the ones that are set to start automatically, so I filter that list for ones with n in there:

Code:
/sbin/chkconfig --list | grep ':on'

now, I'm not really sure which service is the one you're worried about. I seem to remember disabling portmapper on a bunch of RHEL4 servers in the past, but I don't see it on my fedora core 8 box. anyway, to disable it, do this:

Code:
/sbin/chkconfig portmapper off
 
Old 04-09-2008, 12:19 PM   #3
tieuphongvan
LQ Newbie
 
Registered: Apr 2008
Posts: 14

Original Poster
Rep: Reputation: 0
Smile

Kewl, thanks mcd for your response!

I think the whole point of disabling RPC nlockmgr service is to prevent the system from exporting files to other clients, which is just the same as NFS service. But I still have some questions:

First, I don't think NFS service is active on this server, but the nlockmgr is. Is that possible when nlockmgr should be part of the NFS service.

Code:
# chkconfig --list | grep nfs
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off


Second, will stopping the portmapper service stop the NFS or affect any other service? Will I still be able to mount other directories from other servers to this server if I disable the portmapper?
 
Old 04-09-2008, 01:44 PM   #4
mcd
Member
 
Registered: Aug 2003
Location: Boulder, CO
Distribution: Slackware, RHEL, CentOS
Posts: 825

Rep: Reputation: 33
I'm not an expert in NFS. But yes, I think they are two separate services, and even though NFS is disabled, nfslock is clearly not. As to the second question, I believe nfslock IS required if you are going to mount remote NFS shares. If you're just mounting remote windows file shares, or some other protocol you'd be fine. But if you want to act as an NFS client I believe nfslock needs to be running.
 
Old 04-18-2008, 01:50 AM   #5
tieuphongvan
LQ Newbie
 
Registered: Apr 2008
Posts: 14

Original Poster
Rep: Reputation: 0
Just an update for this issue. As I read more, I found out that NFS service was handled by the portmapper and five daemons: rpc.nfsd, rpc.lockd, rpc.statd, rpc.mountd, and rpc.rquotad. By running the following commands you will at least disable some of them

Code:
/sbin/service nfs stop
/sbin/service nfs status
rpc.mountd is stopped
rpc.nfsd is stopped
rpc.rquotad is stopped

Code:
/sbin/service nfslock stop
/sbin/service nfslock status
rpc.statd is stopped

For rpc.lockd, I am not sure which command will disable it besides directly killing the PID. However, as I know, the 2.4 up kernel version will handle that service atomatically. So I upgraded my kernel, and rebooted the machine after disabling the NFS service, and it came out clean.

Code:
rpcinfo -p
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper

No more nlockmgr and no need to disable the portmapper. Cheer!

Last edited by tieuphongvan; 04-18-2008 at 01:52 AM.
 
  


Reply

Tags
nfs, rpc, service


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to disable mDNS service? vandevegt Linux - Networking 1 04-13-2009 06:46 PM
rpc and portmapper service / security question uncle-c Linux - Newbie 2 12-12-2007 06:24 AM
How to disable snmp service on T3. UltraSoul Solaris / OpenSolaris 4 03-19-2007 02:48 AM
Register rpc service on a remote machine? sokar Programming 1 07-26-2005 05:49 PM
How to disable service linuxturtle Linux - Security 1 09-23-2003 10:30 PM


All times are GMT -5. The time now is 07:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration