Hi, I've just spent a day or so finding a script that was using up all the ports on a cluster of machines opening outgoing connections; I'd come to the box after the fact when all the connections were in TIME_WAIT and thus there was no process left to look at to figure out what happened; from the ports it was obviously NIS, and I ended up modifying libc to syslog the tcp cases of the NIS client - but..... There feels like there should be an easier way to find out what processes opened outgoing ports - my current thoughts are that you might be able to use SELinux or AppArmour - but can anyone else suggest an easier way I could have found this? (In the end it turned out to be 'sudo' that with NIS (and without NSCD?) opens a TCP connection for every sudo so that it can do 'initgroups' which requires reading the whole of the group.byname map; it is a real pity that there is no group.byuser map.) Dave -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux on Alpha,68K| Happy \ \ gro.gilbert @ treblig.org | MIPS,x86,ARM,SPARC,PPC & HPPA | In Hex / \ _________________________|_____ http://www.treblig.org |_______/ - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
