[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ps -aux sendmail and netstat
- Subject: Re: [cobalt-security] ps -aux sendmail and netstat
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Thu, 24 May 2001 04:20:01 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thu, 24 May 2001, Carrie Bartkowiak wrote:
> > I think I already told you that...
> > netstat -pt
>
> You did, but it was so simple I didn't write it down because I thought
> I wouldn't forget it.
> I wrote it down this time!
>
> Is it normal to see postgres show up on a netstat? I just caught it,
> and a few seconds later it was gone.
> This is what showed up (briefly) as I was playing around with the
> different netstat options (and it wasn't anytime near the active
> monitor 15-minute fireoff, still had about 7 minutes to go before that
> would've done anything):
> unix 1 [ ] STREAM CONNECTED 221351 @00000ba7
> unix 1 [ ] STREAM CONNECTED 221780 @00000bd8
> unix 1 [ W ] STREAM CONNECTED 221781
> /tmp/.s.PGSQL.5432
> unix 1 [ W ] STREAM CONNECTED 221352
> /tmp/.s.PGSQL.5432
>
> All 4 of those were gone about 10 seconds later. The flag is
> something I've never seen before, as is the postgres directory over in
> /tmp. I mean, I've seen the directory; it's on both of my machines,
> but I've never seen it being accessed on a netstat report.
>
> CarrieB
The -t parm in my netstat is what tells him not to show sockets.
It is possible that the cobalt admserv doesn't "maturely" closes the
connection (just forget about it).
The PGSQL server is listening all the time (netstat -pl)
and yes it's normal to see it. you'll also see MySQL listening that way,
but you won't see a socket connection to it, unless you have some program
(or php) connecting to mysql via socket and not tcp/ip.
since you have many questions about the subject... try "man netstat" ;-=)
- shimi.