Support Questions
Find answers, ask questions, and share your expertise

HDFS NFS gateway service using rpcbind service is a server security vulnerability

Explorer

Hi All,

 

is the HDFS NFS Gateway service really important for a hadoop cluster to function properly. We received a security vulnerability report for the rpcbind service which is used by this NFS gateway service of HDFS. 

 

The security team wants us to disable the rpcbind service on the server. when we disable the rpcbind service on the server, the nfs gateway service goes down on HDFS and shows as red in the cluster. 

 

We want to know if we can run hdfs or do all other operations of the hadoop cluster without any issues by disabling the rpcbind service . can we remove this nfs service ?. or this nfs gateway service is really critical for the cluster. 

 

Solution given by the Security team:

"Configure the host's "mount" daemon to disallow root and other mount points with sensitive content that should not be publically accessible. Typically, the configuration file for the "rpc.mountd" daemon is "/etc/exports"."

 

Please advice on this. If you had faced the same situation , please let us know if there is any workaround. 

 

Thank you 

0 REPLIES 0