The Portmap service is used to map RPC services to ports they are listening on. RPC processes notify Portmap when they start, registering the ports they are listening on and the RPC program numbers they expect to serve.

While the service is useful for NFS, it is also commonly used by attackers for Denial of Service attacks, potentially crippling systems through the use of public-facing Portmap services.

If you are not using NFS services on your cPanel server, it may be beneficial to disable the Portmap service to improve security.

To test if the Portmap service is enabled on your system, run the below command:

rpcinfo -T udp -p YOUR_IP_ADDRESS

You should see output similar to this:

program vers proto   port  service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper

To disable the Portmap service on CentOS 7 systems:

systemctl disable rpcbind
systemctl disable rpcbind.socket
systemctl stop rpcbind
systemctl stop rpcbind.socket

To verify the service is disabled, systemctl list-unit-files should list "disabled" next to the entries:

rpcbind.service                               disabled
rpcbind.socket disabled static

More reading

Hackers exploiting wide-open Portmap to amp up DDoS attacks

Need help?