{"description": "The rpcbind utility maps RPC services to the ports on which they listen.\nRPC processes notify rpcbind when they start, registering the ports they\nare listening on and the RPC program numbers they expect to serve. The\nrpcbind service redirects the client to the proper port number so it can\ncommunicate with the requested service. If the system does not require RPC\n(such as for NFS servers) then this service should be disabled.\n\nThe <code>rpcbind</code> service can be disabled with the following command:\n<pre>$ sudo systemctl mask --now rpcbind.service</pre>", "rationale": "If the system does not require rpc based services, it is recommended that\nrpcbind be disabled to reduce the attack surface.", "severity": "low", "references": {"cis": ["2.1.12"], "pcidss4": ["2.2.4", "2.2"]}, "control_references": {"cis": ["2.1.12"], "pcidss4": ["2.2.4", "2.2"]}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_rpcbind_disabled.sh", "relative_path": "ubuntu2204/checks/sce/service_rpcbind_disabled.sh"}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Disable rpcbind Service", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml", "template": {"name": "service_disabled", "vars": {"servicename": "rpcbind"}, "backends": {}}}