Jake McHenry Nittany Travel MIS Coordinator http://www.nittanytravel.com > -----Original Message----- > From: shrike-list-admin@xxxxxxxxxx > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Michael Schwendt > Sent: Saturday, October 11, 2003 10:22 PM > To: shrike-list@xxxxxxxxxx > Subject: Re: Port Question > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sat, 11 Oct 2003 22:11:37 -0400, Jake McHenry wrote: > > > I have vsftpd as my ftp server. I don't have any files on my system > > called chkrootkit. > > You can download a ready-to-use chkconfig rpm from http://fedora.us > > As alternative to netstat, socklist from the procinfo package > is useful. If it also doesn't display the process name that > listens on those ports, you may have a problem. > > > What are those SCO administration services? I don't recall having > > anything running pertaining to system administration, other > than ssh. > > There could be any service listening on those ports. Whether > or not a port is listed in /etc/services or registered at > IANA, doesn't matter. > > - -- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > > iD8DBQE/iLqv0iMVcrivHFQRAox0AJ4/1f3t4Ikhb3wmGZ8vi7luG2+yvgCdGOsE > JDYNTv2tvZVNMpGLt1r0sRA= > =I9rG > -----END PGP SIGNATURE----- > > > -- > Shrike-list mailing list > Shrike-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/shrike> -list > Here is what is listen in /proc/*pid/status: Name: init Name: kupdated Name: httpd Name: mdrecoveryd Name: kjournald Name: kjournald Name: portmap Name: kjournald Name: kjournald Name: kjournald Name: kjournald Name: keventd Name: sshd Name: sshd Name: bash Name: su Name: bash Name: procinfo grep: /proc/2516/status: No such file or directory Name: MailScanner Name: rpc.dracd Name: httpd Name: httpd Name: sendmail Name: sendmail Name: sendmail Name: kapmd Name: MailScanner Name: xinetd Name: MailScanner Name: MailScanner Name: MailScanner Name: MailScanner Name: ksoftirqd_CPU0 Name: ntpd Name: syslogd Name: tethereal Name: klogd Name: tethereal Name: kswapd Name: crond Name: tethereal Name: tethereal Name: sshd Name: vsftpd Name: kscand/DMA Name: named Name: kscand/Normal Name: khubd Name: xfs Name: atd Name: rhnsd Name: httpd Name: httpd Name: httpd Name: httpd Name: httpd Name: httpd Name: httpd Name: httpd Name: httpd Name: kscand/HighMem Name: mingetty Name: mingetty Name: mingetty Name: mingetty Name: mingetty Name: httpd Name: bdflush Name: mingetty Name: grep Procinfo the script I created, it uses grep, and I currently have those tethereal processes running in the background listening to the previously mentioned undefined ports. So far nothing has accessed them. Does anyone see anything that shouldn't be running? That proc/2516 I'm almost certain is qpopper starting, and by the time my script gets to the directory, it's done running. I have some people in the office that don't close their email clients before they leave. Thanks, Jake -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
