Linux policy's `Ensure NFS and RPC are stopped and not enabled` check needs to include rpcbind.socket

mondoohq / cnspec-policies

This repository contains security policies for cnspec maintained by Mondoo and the cnspec community.

Other

42 stars 17 forks source link

Linux policy's `Ensure NFS and RPC are stopped and not enabled` check needs to include rpcbind.socket #398

Open tas50 opened 4 months ago

tas50 commented 4 months ago

Describe the bug On Debian systems rcp cannot be disabled due to a dep from rpcbind.socket. We should include stopping and disabling rpcbind.socket as well in the remediation.

systemctl disable rpcbind
Warning: Stopping rpcbind.service, but it can still be activated by:
  rpcbind.socket