We use a WDTV media player to display slides on a big screen TV. The WDTV was modded using WDLXTV to automate the downloading of the slides. I was not involved in setting it up. However, when we did a security scan, we found that there were a lot of services running and that some of the services were vulnerable to attacks. After consulting with the person who set it up initially, we determined that none of the services were needed and, instead, should be turned off.
The configuration file is in the root directory of the USB storage. The file is called S00custom-options. You can either (1) turn off WDTV and move the USB storage to your computer and edit the file on your computer or (2) [if ssh or telnet is turned on] log on to the WDTV and edit it online. I modified the file to turn off telnet, ftp, samba, ssh and mt-daapd.
# disable telnet server config_tool -c TELNETD=OFF # disable pure-ftpd server config_tool -c FTPD=OFF # disable samba share config_tool -c ENABLE_SAMBA_SHARE=0 # disable dropbear ssh server config_tool -c SSHD=OFF # Disable mt-daapd digital audio server (saves ~10MB ram) config_tool -c MT-DAAPD=OFF
Please see this page if you want to learn more about the options. After making the changes and restarting the WDTV, there was still one port open. The port was 111. The process was portmap, which is used to mount external NFS shares. I was supposed to be able to modify the S00custom-options file and add this line.
config_tool -c NFS=OFF
However, it wasn’t working. I found that there was a bug in the init file for portmap service. The service would run no matter how you configured it. My next step was to find a workaround. Reading through the main wiki page, I discovered that you could create a script to run after the machine boots up and finishes running all the other init scripts. The steps to create the S99user-script are detailed here.
My script looks like this:
#!/bin/sh killall portmap