Unneeded open ports can be costly for your business!
If you have unneeded and unexplained ports open on your server, you are calling for trouble.
nmap -p 1-65535 localhost
This programming one liner allows you to look for all open ports (ports that are currently listening) on your Linux server.
Programming "One Liner" lookup terms:
nmap fuser
Output of running the above command will produce something similar to:
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on localhost.localdomain (127.0.0.1):
(The 65517 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
110/tcp open pop-3
143/tcp open imap2
199/tcp open smux
443/tcp open https
631/tcp open ipp
783/tcp open hp-alarm-mgr
953/tcp open rndc
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
5981/tcp open unknown
6001/tcp open X11:1
Nmap run completed -- 1 IP address (1 host up) scanned in 155 seconds
Investigating a port
Which process is using the port? Programming One Liner 19
If you are interested in looking up which process is using the port, use the following fuser command. We are investigating port 783 which is currently open for the service named hp-alarm-mgr.
fuser -n tcp 783
The output of fuser is as follows
783/tcp: 2385
Finding the process owner
Who owns the process? Programming One Liner 20
Now that we know the process id (pid), we can find out details about the process.
cat /proc/2385/status
The status information will include a lot of details about the process.
Name: spamd
State: S (sleeping)
Tgid: 2385
Pid: 2385
PPid: 1
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 32
Groups:
VmSize: 22920 kB
VmLck: 0 kB
VmRSS: 716 kB
VmData: 16664 kB
VmStk: 72 kB
VmExe: 12 kB
VmLib: 3944 kB
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000010080
SigCgt: 0000000080005002
CapInh: 0000000000000000
CapPrm: 00000000fffffeff
CapEff: 00000000fffffeff
We can see the software package running the process is spamd and its owned by uid 0 (super user).
What command was used to run the process? Programming One Liner 21
The status information will include a lot of details about the process.
To find further details, such as the command used to invoke the process:
ps 2385
We can see the following details:
PID TTY STAT TIME COMMAND
2385 ? S 0:00 /usr/bin/spamd -d -c -a
Programming "One Liner" lookup terms:
nmap fuser cat
If you would like more information on any of the commands, please feel free to contact me with your programming questions. You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.
No comments:
Post a Comment