[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] finger on/off?
- Subject: Re: [cobalt-security] finger on/off?
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Tue, 26 Sep 2000 18:36:13 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Well, if you have killall -HUP inetd'ed (as suggested) and "finger" is
still listening, you need to find out what actually is listening (hint: it
probably isn't finger).
su to root. Do something similar to:
COMMAND: fuser -n tcp 79
OUTPUT: 79/tcp: 21977
^^ port ^^ process id
The above command will tell you what process id (pid) is listening on the
port (79, finger).
Now do:
COMMAND: ps aux | grep 21977
OUTPUT:
root 21977 0.0 0.2 4368 380 ? S Sep20 0:01 /usr/bin/perl
root 8873 0.0 0.3 1164 456 pts/30 S 18:26 0:00 grep 21977
Changing the PID to the one displayed in the previous 'fuser' ouput.
It'll tell you the process name.
In my example, I have a perl program listening on finger's port. Once
you've got the PID you can kill it until the next reboot with 'kill PID'.
Hopefully some of this will make sense :)
Gossi
> > Merci for responding. I guess my root question
is: >
> >is< finger turned on by default with a new RaQ3, or >not?<.
>
> When I did this:
>
> ps aux | fgrep finger
>
> it only revealed this:
>
> root 17110 0.0 0.0 1160 408 pts/2 S 13:45 0:00 fgrep
> finger
>
> and when I did this:
>
> fgrep finger /etc/services
>
> I got this:
>
> finger 79/tcp
> cfinger 2003/tcp # GNU Finger
>
> The later output would make me worried that finger is indeed on? It
> also reveals another question... what is this "GNU finger" ...?!
>
> Merci encore une fois,
>
> ~ Theo
>
>
>
> "Fabrice Prémel" wrote:
>
> > On Mon, 25 Sep 2000 11:02:15 -0700, cobalt-security@xxxxxxxxxxxxxxx
> > wrote:
> > >Hey Folks,
> > >
> > >When I do a "netstat -l" (list listening ports) on my Raq3i, it
> > >seems to
> > >me that it says finger is on and operating:
> > >
> > >Proto Recv-Q Send-Q Local Address Foreign Address
> > >State
> > >tcp 0 0 *:finger
> > >*:* LISTEN
> > >
> > >
> > >.... perhaps I interpret this wrong however? When I look in
> > >inetd.conf,
> > >it looks like finger is commented out by default?
> > >
> > >Can anyone clear this confusion for me?
> >
> > Do the following :
> > ps aux |fgrep finger
> >
> > to see if it runs standalone.
> >
> > Also do :
> > fgrep finger /etc/services
> >
> > to see if the services file is correct. Finger should be on port 79.
> >
> > You might also want to restart inetd in case it was forgotten :
> > kill -SIGHUP `cat /var/run/inetd.pid`
> >
> > See if that helps,
> >
> > Fabrice Prémel.
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>