Re: Compromised FBSD/Apache

From: Skip Carter (skip@taygeta.com)
Date: 11/25/02

  • Next message: Charles Blackburn: "Re: Compromised FBSD/Apache" 
    To: "Thomas C. Meggs" <tom@plik.net>
Date: Mon, 25 Nov 2002 10:08:36 -0800
From: Skip Carter <skip@taygeta.com>

    > Out of curiosity what is the Linux and Solaris equivalents for doing
    > this? I did a quick check under Linux and didn't see any similarly named
    > programs, and the UNIX Rosetta Stone wasn't much help either. Thanks!

    > > >"fstat" is your friend -- it can tell you which process holds the
    > > >listening socket descriptor. On FreeBSD you have to use 'netstat -aAn'
    > > >first to find the address of the protocol control block (PCB), and then
    > > >grep for that in the output of 'fstat'. For example:
    > > >
    > > >12:44 [6] $ netstat -aAn | fgrep '*.80'
    > > >c49e0a40 tcp4 0 0 *.80 *.*
    > > LISTEN
    > > >12:44 [7] $ fstat | fgrep c49e0a40
    > > >wwwsrvr thttpd 137 5* internet stream tcp c49e0a40

    For Linux you can use 'fuser' as an equivalent:

            fuser -n tcp 80
    returns a list of processes that have TCP port 80 open.

    'lsof' ('list of open files') is also suitable for doing this and is available
    on practially
    any *nix OS.

            lsof -n | grep TCP | grep http

    Skip 

    -- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip@taygeta.com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    Relevant Pages

    • Re: Compromised FBSD/Apache
      ... On Fri, 22 Nov 2002, Thomas C. Meggs wrote: ... > Out of curiosity what is the Linux and Solaris equivalents for doing ... I did a quick check under Linux and didn't see any similarly named ...
      (Incidents)
    • Re: Compromised FBSD/Apache
      ... > Out of curiosity what is the Linux and Solaris equivalents for doing ... With Linux net-tools, netstat has a -p option for this. ... and tracking system please see: http://aris.securityfocus.com ...
      (Incidents)
    • Oracle Text :: Linux :: "Too many open files"
      ... "Too many open files" error. ... I am skeptical that Oracle would try to open all the files ... Linux Error: 24: Too many open files ... * soft nofile 1024 ...
      (comp.databases.oracle.server)
    • Re: [SLE] Rant -- SuSE 9.1 is Not a Home Desktop solution at all
      ... it kid, you're just as bad, and some Linux guys are worse. ... and certainly not enough to keep a buisness up. ... and peoples "curiosity" for new stuff won't linger on ... listening to that complaining "winblower" than you. ...
      (SuSE)
    • Re: c++ complier
      ... any suggestions on backing up a server that ... Linux systems, including RH 9, come with the GNU ... The file system used by Linux and other Unix-like OS's does not suffer ... There is no way to back up open files consistently regardless of what OS ...
      (alt.os.linux.redhat)