Thursday, January 15, 2009

[Linux] rpcinfo ... No remote programs registered

use Linux to Shared Disk by NFS protocol...  

On client (get report RPC information):
#  rpcinfo -p nfs_server
No remote programs registered.

So, Check /var/log/messages on nfs_server

Jan 15 10:54:08 nfs_server portmap[3107]: warning: cannot open /etc/hosts.allow: Permission denied
Jan 15 10:54:08 nfs_server portmap[3107]: error: bad option name: "dI]}"
Jan 15 10:54:08 nfs_server portmap[3107]: warning: cannot open /etc/hosts.allow: Permission denied
Jan 15 10:54:08 nfs_server portmap[3107]: error: bad option name: "dI]}"
Jan 15 10:54:08 nfs_server portmap[3107]: warning: cannot open /etc/hosts.allow: Permission denied
Jan 15 10:54:08 nfs_server portmap[3107]: error: bad option name: "dI]}"

the problem should be about permission files.

Check /etc/hosts.allow and hosts.deny files.
-rw-------    1 root     root          161 Jan 13  2000 /etc/hosts.allow
-rw-------    1 root     root          161 Jan 13  2000 /etc/hosts.deny

and then change mode to 644 
$ chmod 644 /etc/hosts.allow
$ chmod 644 /etc/hosts.deny

Back to client and run "rpcinfo" again.
#  rpcinfo -p nfs_server
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  32768  status
    100024    1   tcp  32772  status
    100011    1   udp    998  rquotad
    100011    2   udp    998  rquotad
    100011    1   tcp   1001  rquotad
    100011    2   tcp   1001  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100021    1   udp  32770  nlockmgr
    100021    3   udp  32770  nlockmgr
    100021    4   udp  32770  nlockmgr
    100021    1   tcp  32777  nlockmgr
    100021    3   tcp  32777  nlockmgr
    100021    4   tcp  32777  nlockmgr
    100005    1   udp   1014  mountd
    100005    1   tcp   1017  mountd
    100005    2   udp   1014  mountd
    100005    2   tcp   1017  mountd
    100005    3   udp   1014  mountd
    100005    3   tcp   1017  mountd

2 comments:

Anonymous said...

Something similar happening on a machine of mine. I think it is an attack. Repated bad option name is trying to cause buffer overflow or something. No reason for portmap to write to /etc/hosts.allow or /etc/hosts.deny.

The requests I was seeing were coming from one of my other machines. I went & rebooted the one generating the requests. Then another of my machines started doing the same thing. This is bad.

Surachart Opun said...

Thank You for your suggestion.

But I think portmaps process 's started with rpc user, So both /etc/hosts.allow and /etc/hosts.deny files need other permission to read:

$ ps -ef |grep portmaps

rpc 3107 1 0 Jan13 ? 00:00:00 portmap