Re: Port 32768/tcp
From: David López Moreno (dave@dec.usc.es)Date: 08/29/01
- Previous message: Magic Phibo: "Re: Port 32768/tcp"
- In reply to: Kent Crispin: "Re: Port 32768/tcp"
- Next in thread: gminick: "Re: Port 32768/tcp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B8CD0AE.AB634EF7@dec.usc.es> Date: Wed, 29 Aug 2001 13:23:26 +0200 From: David López Moreno <dave@dec.usc.es> To: focus-linux@securityfocus.com Subject: Re: Port 32768/tcp
Kent Crispin wrote:
> > 475/rpc.statd
>
> ...but is that the *real* rpc.statd? :-)
>
Hum, good point, let's see ...
[root@myhost /root]# /usr/sbin/tripwire --check -v -c /etc/tripwire/tw.cfg
/sbin/rpc.statd
< snip >
Integrity checking objects specified on command line...
Checking: /sbin/rpc.statd
< snip >
Rule Name Severity Level Added Removed Modified
--------- ----------- ----- ------ -------
System Administration Programs 100 0 0
0
(/sbin/rpc.statd)
Total objects scanned: 1
Total violations found: 0
< snip >
Integrity check complete.
Tripwire says this file hasn't been corrupted since I installed it, and ..
[root@myhost 475]# pwd
/proc/475
[root@myhost 475]# ls -l
<snip>
lrwxrwxrwx 1 root root 0 Aug 29 12:14 exe -> /sbin/rpc.statd
<snip>
This means that the process running with PID 475 listening on port
32768/tcp and named rpc.statd is the same that Tripwire has checked
(useful information about the /proc filesystem: man proc)
:-)
Cheers,
Dave
P.S: On Tripwire,
http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/tripwireASR.html
- Previous message: Magic Phibo: "Re: Port 32768/tcp"
- In reply to: Kent Crispin: "Re: Port 32768/tcp"
- Next in thread: gminick: "Re: Port 32768/tcp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
