> -----Original Message----- > From: shrike-list-admin@xxxxxxxxxx > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Jake McHenry > Sent: Sunday, October 12, 2003 12:11 AM > To: shrike-list@xxxxxxxxxx > Subject: RE: Port Question > > > > -----Original Message----- > > From: shrike-list-admin@xxxxxxxxxx > > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Jake McHenry > > Sent: Sunday, October 12, 2003 12:02 AM > > To: shrike-list@xxxxxxxxxx > > Subject: RE: Port Question > > > > > > > -----Original Message----- > > > From: shrike-list-admin@xxxxxxxxxx > > > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of jdow > > > Sent: Saturday, October 11, 2003 11:39 PM > > > To: shrike-list@xxxxxxxxxx > > > Subject: Re: Port Question > > > > > > > > > Jake, that's "chkrootkit" rather than "chkconfig". They have two > > > quite different functions. He should look for it (for > > > RH9) here: > > > http://download.fedora.us/fedora/redhat/9/i386/RPMS.stable/chk > > rootkit-0.42-0.fdr.1.b.rh90.i386.rpm > > > > Change directories modulo what version you are running. > > > > {^_-} > > ----- Original Message ----- > > From: "Jake McHenry" <linux@xxxxxxxxxxxxxxxxx> > > > > > Jake McHenry > > > > > > -----Original Message----- > > > > From: shrike-list-admin@xxxxxxxxxx > > > > [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Michael > > Schwendt > > > > Sent: Saturday, October 11, 2003 10:22 PM > > > > To: shrike-list@xxxxxxxxxx > > > > Subject: Re: Port Question > > > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA1 > > > > > > > > On Sat, 11 Oct 2003 22:11:37 -0400, Jake McHenry wrote: > > > > > > > > > I have vsftpd as my ftp server. I don't have any files on my > > > system > > > > > called chkrootkit. > > > > > > > > You can download a ready-to-use chkconfig rpm from > > http://fedora.us > > > > > > -- > > Shrike-list mailing list > > Shrike-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/shrike-list > > > > > > I think everthing is fine. Here is the output: > > The only thing I don't know about is xinetd running on 50629 and > named > > running on 58861. Ports 616 and 618 are drac. > > > > I'll have to get those packages and let you know, unless someone > knows > > of xinetd and named running on those ports.. I don't really want to > > install anything new, the machine is working just fine. > > > > > > Jake > > > > > > [root@ntlh root]# netstat -anp > > Active Internet connections (servers and established) > > Proto Recv-Q Send-Q Local Address Foreign Address > > State PID/Program name > > tcp 0 0 127.0.0.1:50629 0.0.0.0:* > > LISTEN 30519/xinetd > > tcp 0 0 0.0.0.0:618 0.0.0.0:* > > LISTEN 28423/rpc.dracd > > tcp 0 0 0.0.0.0:110 0.0.0.0:* > > LISTEN 30519/xinetd > > tcp 0 0 0.0.0.0:143 0.0.0.0:* > > LISTEN 30519/xinetd > > tcp 0 0 0.0.0.0:111 0.0.0.0:* > > LISTEN 17774/portmap > > tcp 0 0 0.0.0.0:80 0.0.0.0:* > > LISTEN 7934/httpd > > tcp 0 0 192.168.1.98:53 0.0.0.0:* > > LISTEN 6408/named > > tcp 0 0 127.0.0.1:53 0.0.0.0:* > > LISTEN 6408/named > > tcp 0 0 0.0.0.0:21 0.0.0.0:* > > LISTEN 590/vsftpd > > tcp 0 0 0.0.0.0:22 0.0.0.0:* > > LISTEN 552/sshd > > tcp 0 0 127.0.0.1:953 0.0.0.0:* > > LISTEN 6408/named > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > > LISTEN 29975/sendmail: acc > > tcp 0 48 192.168.1.98:22 24.229.162.18:4078 > > ESTABLISHED 24724/sshd > > tcp 0 0 192.168.1.98:110 24.229.162.18:4140 > > TIME_WAIT - > > tcp 0 0 192.168.1.98:110 24.229.162.18:4139 > > TIME_WAIT - > > tcp 0 0 192.168.1.98:110 24.229.162.18:4133 > > TIME_WAIT - > > udp 0 0 192.168.1.98:53 0.0.0.0:* > > 6408/named > > udp 0 0 127.0.0.1:53 0.0.0.0:* > > 6408/named > > udp 0 0 0.0.0.0:616 0.0.0.0:* > > 28423/rpc.dracd > > udp 0 0 0.0.0.0:58861 0.0.0.0:* > > 6408/named > > udp 0 0 0.0.0.0:111 0.0.0.0:* > > 17774/portmap > > udp 0 0 192.168.1.98:123 0.0.0.0:* > > 436/ntpd > > udp 0 0 127.0.0.1:123 0.0.0.0:* > > 436/ntpd > > udp 0 0 0.0.0.0:123 0.0.0.0:* > > 436/ntpd > > > > > > -- > > Shrike-list mailing list > > Shrike-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/shrike-list > > > > There has been some output of tethereal on port 58861. I shut down > named and xinetd services, the ports went away. > > The only thing I have enabled in xinetd is fam, imap, and qpopper. > > Jake > > > -- > Shrike-list mailing list > Shrike-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/shrike-list > I just installed procinfo: here is the result of socklist [root@ntlh root]# socklist type port inode uid pid fd name tcp 618 4188228 0 28423 4 rpc.dracd tcp 110 5496379 0 3792 6 xinetd tcp 143 5496378 0 3792 5 xinetd tcp 111 943192 0 17774 4 portmap tcp 80 5294586 0 29482 3 httpd tcp 57521 5496380 0 3792 8 xinetd tcp 53 5496932 25 3809 10 named tcp 53 5496930 25 3809 8 named tcp 21 1301 0 590 3 vsftpd tcp 22 1217 0 552 3 sshd tcp 953 5496934 25 3809 11 named tcp 25 4212156 0 29975 4 sendmail tcp 22 5415752 0 24726 4 sshd udp 33028 5496933 25 3809 6 named udp 53 5496931 25 3809 9 named udp 53 5496929 25 3809 7 named udp 616 4188225 0 28423 3 rpc.dracd udp 111 943191 0 17774 3 portmap udp 123 5468828 0 436 6 ntpd udp 123 5468827 0 436 5 ntpd udp 123 5468826 0 436 4 ntpd Jake -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
