« qmail error resolution: sorry, although i'm listed as a best-preference mx for that host, it isn't in my control/locals file. | Main | paranoid iptables: block that IP range for good. »

port utilization checkup.

i run nmap on localhost on a nightly basis and compare the results (which are emailed to me) against the previous night's. this way, i can tell if something happened at a certain time if a new port mysteriously opens itself.

today, i encountered an open port on 6010. i investigated who was using them by running the following useful commands, which i am posting here for reference:

# /usr/sbin/lsof -i TCP:6010
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 21176 user 9u IPv4 13084094 TCP localhost:x11-ssh-offset (LISTEN)

guess he was using X11, which opens an additional port.

i further broke this down by looking into the following:

# /sbin/fuser -name tcp 6010
here: 6010
6010/tcp: 24345

this indicated that process ID (pid) 24345 was doing something funny.

so i looked into the pid:

# /usr/sbin/lsof -p 24345
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 24345 user cwd DIR 8,5 4096 2 /
sshd 24345 user rtd DIR 8,5 4096 2 /
sshd 24345 user txt REG 8,5 309200 20922628 /usr/sbin/sshd
sshd 24345 user mem REG 8,5 941024 23234362 /lib/libcrypto.so.0.9.7a
sshd 24345 user mem REG 8,5 14542 23234382 /lib/libutil-2.3.4.so
sshd 24345 user mem REG 8,5 63624 3069543 /usr/lib/libz.so.1.2.1.2
sshd 24345 user mem REG 8,5 56328 23232671 /lib/libselinux.so.1
[snip]

point being: i now knew the source of the open port, and it was harmless.

on the other hand, if it was something to wonder about, i'd have killed the process using kill -9 24345 and have figured out the entry point to the server in order to better secure it.

TrackBack

TrackBack URL for this entry:
http://www.ramblingsofasysadmin.com/cgi-bin/mt/mt-tb.cgi/27

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)