This post explains how to disable rpc.quotad service on CentOS/RHEL 6 or 7 machines. The protocol used by rpc.rquotad is an unsecured and obsolete protocol and should be disabled.
For CentOS/RHEL 6 or earlier
1. Edit the configuration file /etc/sysconfig/nfs to have an entry which reads RQUOTAD=”no”. For example:
# grep RQUOTAD /etc/sysconfig/nfs # The below line disables the insecure, obsolete quota protocol used by RQUOTAD RQUOTAD="no"
2. Restart the NFS service for the changes to come in effect.
# service nfs stop # service nfs start
For CentOS/RHEL 7 or later
CentOS/RHEL 7 uses systemd to manage services. The mask operation prevents even root from starting the service:
1. Stop and disable the rpc-rquotad.service with systemctl command:
# systemctl stop rpc-rquotad.service # systemctl disable rpc-rquotad.service
2. Mask the service to completely disable it from starting even with root user access.
# systemctl mask rpc-rquotad.service
3. Take a restart of the service to verify that the service does not start.
# systemctl restart rpc-rquotad.service Failed to restart rpc-rquotad.service: Unit is masked.
# systemctl status rpc-rquotad.service ● rpc-rquotad.service Loaded: masked (/dev/null; bad) Active: inactive (dead https://nvd.nist.gov/vuln/detail/CVE-1999-0625
Conclusion
rpc.rquotad is an unsecured and obsolete protocol and it should be disabled. This post outlines the steps to disable it in CentOS/RHEL system. In the case of CentOS/RHEL 7 and later, the service is also masked in order that no user including root can start it.