From 25438666015dc5ea9695f5172b0f4925c3ae2d9a Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Wed, 15 Oct 2008 13:30:57 -0700
Subject: Block remote access to rpc-bind port

Use hosts.deny to block access to portmapper
Bugfix 3767
---
 debian/vyatta-cfg-system.postinst.in | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'debian')

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 21d7ff32..498e431f 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -80,8 +80,17 @@ EOF
             cp $sysconfdir/$f /etc/ssh/$f
         fi
     done
+
+    # block external rpc access
+    if ! grep -q "^portmap" /etc/hosts.deny
+    then cat <<-EOF >>/etc/hosts.deny
+	# Disable rpc access from other hosts
+	portmap: ALL
+	EOF
+    fi
 fi
 
+
 # update crontab for logrotate
 grep -v logrotate /etc/crontab>/etc/crontab.$$
 echo "*/10 *	* * *	root	/usr/sbin/logrotate /etc/logrotate.conf" >> /etc/crontab.$$
-- 
cgit v1.2.3