Does rpcbind need to be running

And running on 192.169.x.x instead of loopback? It popped up in an nmap scan and it seems like a large security risk.

I don’t use anything that needs RPC calls, is there anything in a default install that needs it? I want to be sure it is safe to disable in the services manager.

For reference I don’t require it and it is disabled

# systemctl status rpcbind.service
rpcbind.service - RPC Bind
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; disabled)
   Active: inactive (dead)
     Docs: man:rpcbind(8)

Also, I note that is required by ypbind

# systemctl show rpcbind.service |grep Required
RequiredBy=ypbind.service

So, check that it is not enabled fro some reason.

I am running 13.1, but I think in this case that it is germane to the topic:

Standard install, and rpcbind is also reported as disabled on my system, so I can confirm it is not necessarily running on a normal install.

When I setup “autofs”, it (rpcbind) was not running so I had to enable it. So I’m pretty sure that simple use as a desktop does not need “rpcbind” unless you use something like NIS or NFS or “autofs”.

I’m pretty sure that “systemd” is smart enough to start “rpcbind” if another service requires it, even if you have it configured as disabled.