[Courses] [Security] Telsa's netstat (was: The useful netstat)

Raven, corporate courtesan raven at oneeyedcrow.net
Thu Mar 7 18:33:48 EST 2002 

Heya --

Quoth hobbit at aloss.ukuu.org.uk (Thu, Mar 07, 2002 at 02:25:10PM +0000):
> Proto Recv-Q Send-Q Local Address Foreign Address State   PID/Program name 
> tcp        0      0 *:printer     *:*             LISTEN  968/lpd Waiting
> tcp        0      0 *:sunrpc      *:*             LISTEN  19825/portmap
> tcp        0      0 *:x11         *:*             LISTEN  1661/X
> tcp        0      0 *:ssh         *:*             LISTEN  912/sshd
> tcp        0      0 *:smtp        *:*             LISTEN  989/exim
> udp        0      0 *:800         *:*                     -
> udp        0      0 *:697         *:*                     945/xinetd
> udp        0      0 *:sunrpc      *:*                     19825/portmap
> 
> I think lpd is needed: the printer is attached to my machine and we 
> send jobs to it from various machines on the LAN. 

	Then yes, that sounds necessary.  (Love your formatting; it's
neater than mine!)

> I get mail to this box and send directly from the box. So I reckon I
> need exim. :)

	Yep.

> I do mess about with X servers on one machine and clients on the others.
> I am not sure how and whether I'd do this with ssh involved too. I
> shall look at your http://www.oneeyedcrow.net/tech/securex.html page :)

	That's just getting it to listen only on the local machine;
there's not a lot about X forwarding over ssh there.  We can get into
that if you like, though.  (I'd suggest right after firewalls.) 

	UDP 697 is mountd, which it sounds like you need for your music.
[grin]  A worthy cause.  Looks like your mountd is managed by xinetd,
whih is fine.  Do you need portmap for your mounting the remote drive?
Try turning it off and mounting/unmounting.  I'm curious to see if it
makes a difference.  If it turns out you don't need it, you can get rid
of that too. 
 
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags       Type       State         I-Node PID/Program name Path
> unix  2      [ ACC ]     STREAM     LISTENING     3423   1661/X              /tmp/.X11-unix/X0
> unix  2      [ ACC ]     STREAM     LISTENING     1310   1077/xfs            /tmp/.font-unix/fs7100
> unix  2      [ ACC ]     STREAM     LISTENING     1260   1009/gpm            /dev/gpmctl
> 
> Looking at the above, it's fairly obvious I'm running GNOME :)
> I know from messing with it that oafd, gnome-*, *_applet, panel,
> screenshooter and esd are all associated with GNOME. That leasve
> XFS and gpm, which I think are both things I need. 

	XFS is the X font server.  If it's not listening on a port and
is just a socket internal to the machine (i.e. is in the second half of
the netstat -pl output), it's much less of a worry.  GPM is the program
that allows you to cut and paste and such with your mouse while in
console mode.  

> So I'd appreciate a run-through on tripwire, too.

	[adds it to the to-do list]

Cheers,
Raven
 
"Sed, sed, awk.  Like duck, duck, goose.  Sync, sync, halt.  It's the
 order of nature."
  -- me, after too long a day at work

More information about the Courses mailing list