hey list! I am attempting to shore up some centos machines (ranging from centos 5 to centos 5.4) for pci compliance by changing the port that nlockdmgr listens on to function under a privileged port. So what I did was try to hardcode the port by editing /etc/sysconfig/nfs # TCP port rpc.lockd should listen on. LOCKD_TCPPORT=1011 # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=1011 # And /etc/modprobe.conf alias eth1 e1000e alias scsi_hostadapter 3w-9xxx alias scsi_hostadapter1 usb-storage alias eth0 e1000e options lockd nlm_udpport=1011 options lockd nlm_tcpport=1011 and then restarting the pormap service. I've even tried restarting the network service, but unfortunately nothing seems affected: [root at stallion:/etc/init.d] $ rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 55394 nlockmgr 100021 3 udp 55394 nlockmgr 100021 4 udp 55394 nlockmgr 100021 1 tcp 33704 nlockmgr 100021 3 tcp 33704 nlockmgr 100021 4 tcp 33704 nlockmgr 100024 1 udp 786 status 100024 1 tcp 789 status Does anyone have any tips on how to get this to work the way I'm asking it to? regards ~ GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
On Wednesday 30 March 2011 20:35:13 Tim Dunphy wrote:> hey list! > > I am attempting to shore up some centos machines (ranging from centos > 5 to centos 5.4) for pci compliance by changing the port that > nlockdmgr listens on to function under a privileged port. > > So what I did was try to hardcode the port by editing /etc/sysconfig/nfs > > > # TCP port rpc.lockd should listen on. > LOCKD_TCPPORT=1011 > # UDP port rpc.lockd should listen on. > LOCKD_UDPPORT=1011 > # > > > And /etc/modprobe.conf > > > alias eth1 e1000e > alias scsi_hostadapter 3w-9xxx > alias scsi_hostadapter1 usb-storage > alias eth0 e1000e > options lockd nlm_udpport=1011 > options lockd nlm_tcpport=1011 > > > and then restarting the pormap service. I've even tried restarting the > network service, but unfortunately nothing seems affected: > > > > [root at stallion:/etc/init.d] $ rpcinfo -p > program vers proto port > 100000 2 tcp 111 portmapper > 100000 2 udp 111 portmapper > 100021 1 udp 55394 nlockmgr > 100021 3 udp 55394 nlockmgr > 100021 4 udp 55394 nlockmgr > 100021 1 tcp 33704 nlockmgr > 100021 3 tcp 33704 nlockmgr > 100021 4 tcp 33704 nlockmgr > 100024 1 udp 786 status > 100024 1 tcp 789 status > > > Does anyone have any tips on how to get this to work the way I'm asking it > to? >How about trying to restart the nfs service ;-) Tony> regards > ~ > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110331/5f6b5926/attachment-0001.html>
oh a wise guy, eh?? nyuk nyuk nyuk nyuk! :p On Thu, Mar 31, 2011 at 3:29 AM, Tony Molloy <tony.molloy at ul.ie> wrote:> On Wednesday 30 March 2011 20:35:13 Tim Dunphy wrote: > >> hey list! > >> > >> I am attempting to shore up some centos machines (ranging from centos > >> 5 to centos 5.4) for pci compliance by changing the port that > >> nlockdmgr listens on to function under a privileged port. > >> > >> So what I did was try to hardcode the port by editing /etc/sysconfig/nfs > >> > >> > >> # TCP port rpc.lockd should listen on. > >> LOCKD_TCPPORT=1011 > >> # UDP port rpc.lockd should listen on. > >> LOCKD_UDPPORT=1011 > >> # > >> > >> > >> And /etc/modprobe.conf > >> > >> > >> alias eth1 e1000e > >> alias scsi_hostadapter 3w-9xxx > >> alias scsi_hostadapter1 usb-storage > >> alias eth0 e1000e > >> options lockd nlm_udpport=1011 > >> options lockd nlm_tcpport=1011 > >> > >> > >> and then restarting the pormap service. I've even tried restarting the > >> network service, but unfortunately nothing seems affected: > >> > >> > >> > >> [root at stallion:/etc/init.d] $ rpcinfo -p > >> program vers proto port > >> 100000 2 tcp 111 portmapper > >> 100000 2 udp 111 portmapper > >> 100021 1 udp 55394 nlockmgr > >> 100021 3 udp 55394 nlockmgr > >> 100021 4 udp 55394 nlockmgr > >> 100021 1 tcp 33704 nlockmgr > >> 100021 3 tcp 33704 nlockmgr > >> 100021 4 tcp 33704 nlockmgr > >> 100024 1 udp 786 status > >> 100024 1 tcp 789 status > >> > >> > >> Does anyone have any tips on how to get this to work the way I'm asking it > >> to? > >> > > How about trying to restart the nfs service ;-) > > Tony > >> regards > >> ~ > >> GPG me!! > >> > >> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B