ARG: Xinetd is listening on port tcp:514????@
Keg
redhat at zulu420.com
Sat May 22 15:45:56 UTC 2004
Jason Staudenmayer wrote:
>Syslog-ng is still running. Check you conf file for udp{} or tcp{} and
>remove them.
>
>-----Original Message-----
>From: Keg [mailto:redhat at zulu420.com]
>Sent: Saturday, May 22, 2004 11:11 AM
>To: General Red Hat Linux discussion list
>Subject: Re: ARG: Xinetd is listening on port tcp:514????@
>
>
>Ben Russo wrote:
>
>
>
>>Keg wrote:
>>
>>
>>
>>>I have shutdown syslog and looked at everything in /etc/xinetd.conf
>>>and /etc/xinetd.d/* and cannot find what is listening on TCP port 514.
>>>
>>>
>>
>>
>>>What is binding to this port???
>>>
>>>
>>It is probably your syslog daemon.
>>Try "netstat -nap | grep 514"
>>or
>>
>>[root at nms log]# grep 514 /etc/services
>>shell 514/tcp cmd # no passwords used
>>syslog 514/udp
>>[root at nms log]# netstat -nap | grep 514
>>tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN
>>29964/syslog-ng
>>udp 288 0 0.0.0.0:514 0.0.0.0:*
>>29964/syslog-ng
>>[root at nms log]# lsof -i | grep syslog
>>syslog-ng 29964 root 3u IPv4 1083907377 TCP *:shell (LISTEN)
>>syslog-ng 29964 root 5u IPv4 1083907378 UDP *:5050
>>syslog-ng 29964 root 6u IPv4 1083907379 UDP *:syslog
>>syslog-ng 29964 root 8u IPv4 1083907383 UDP
>>nms.myco.com:42822->otherhost:5050
>>
>>
>>
>>
>
>I forgot to mention I shut syslogd down.
>
>??
>
>-Chcuk
>
>
>
>
Yea, syslog-ng is what I am trying to install.
Here are the processeses running and listening sockets with xinetd NOT
running:
syslog:~ #ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 May19 ? 00:00:05 init
root 2 0 0 May19 ? 00:00:00 [migration/0]
root 3 0 0 May19 ? 00:00:00 [migration/1]
root 4 1 0 May19 ? 00:00:00 [keventd]
root 5 1 0 May19 ? 00:00:02 [ksoftirqd_CPU0]
root 6 1 0 May19 ? 00:00:00 [ksoftirqd_CPU1]
root 11 1 0 May19 ? 00:00:00 [bdflush]
root 7 1 0 May19 ? 00:00:00 [kswapd]
root 8 1 0 May19 ? 00:00:00 [kscand/DMA]
root 9 1 0 May19 ? 00:03:18 [kscand/Normal]
root 10 1 0 May19 ? 00:01:31 [kscand/HighMem]
root 12 1 0 May19 ? 00:00:01 [kupdated]
root 13 1 0 May19 ? 00:00:00 [mdrecoveryd]
root 21 1 0 May19 ? 00:00:01 [kjournald]
root 79 1 0 May19 ? 00:00:00 [khubd]
root 1143 1 0 May19 ? 00:00:00 [kjournald]
root 1155 1 0 May19 ? 00:00:00 [kjournald]
root 1165 1 0 May19 ? 00:00:00 [kjournald]
root 1456 1 0 May19 ? 00:00:00 syslogd -m 0
root 1460 1 0 May19 ? 00:00:00 klogd -x
root 1470 1 0 May19 ? 00:00:11 irqbalance
rpc 1487 1 0 May19 ? 00:00:00 portmap
rpcuser 1506 1 0 May19 ? 00:00:00 rpc.statd
root 1567 1 0 May19 ? 00:00:00 [rpciod]
root 1568 1 0 May19 ? 00:00:00 [lockd]
root 1583 1 0 May19 ? 00:00:00 /usr/sbin/sshd
root 1618 1 0 May19 ? 00:00:01 gpm -t ps/2 -m /dev/mouse
root 1627 1 0 May19 ? 00:00:00 crond
xfs 2169 1 0 May19 ? 00:00:00 xfs -droppriv -daemon
daemon 2187 1 0 May19 ? 00:00:00 /usr/sbin/atd
root 2198 1 0 May19 tty1 00:00:00 /sbin/mingetty tty1
root 2199 1 0 May19 tty2 00:00:00 /sbin/mingetty tty2
root 2200 1 0 May19 tty3 00:00:00 /sbin/mingetty tty3
root 2201 1 0 May19 tty4 00:00:00 /sbin/mingetty tty4
root 2202 1 0 May19 tty5 00:00:00 /sbin/mingetty tty5
root 2203 1 0 May19 tty6 00:00:00 /sbin/mingetty tty6
root 9236 1583 0 08:13 ? 00:00:00 /usr/sbin/sshd
root 9238 9236 0 08:13 pts/0 00:00:00 -bash
root 9288 9238 0 08:14 pts/0 00:00:00 ps -ef
syslog:~ #netstat -anp | grep LIST
tcp 0 0 0.0.0.0:32768 0.0.0.0:*
LISTEN 1506/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 1487/portmap
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 1583/sshd
unix 2 [ ACC ] STREAM LISTENING 1902
1618/gpm /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 3576
2169/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 16909
9236/sshd /tmp/ssh-XXqFMQ1t/agent.9236
Here are the running processes and listenning sockets when xinetd IS
running:
syslog:~ #ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 May19 ? 00:00:05 init
root 2 0 0 May19 ? 00:00:00 [migration/0]
root 3 0 0 May19 ? 00:00:00 [migration/1]
root 4 1 0 May19 ? 00:00:00 [keventd]
root 5 1 0 May19 ? 00:00:02 [ksoftirqd_CPU0]
root 6 1 0 May19 ? 00:00:00 [ksoftirqd_CPU1]
root 11 1 0 May19 ? 00:00:00 [bdflush]
root 7 1 0 May19 ? 00:00:00 [kswapd]
root 8 1 0 May19 ? 00:00:00 [kscand/DMA]
root 9 1 0 May19 ? 00:03:18 [kscand/Normal]
root 10 1 0 May19 ? 00:01:31 [kscand/HighMem]
root 12 1 0 May19 ? 00:00:01 [kupdated]
root 13 1 0 May19 ? 00:00:00 [mdrecoveryd]
root 21 1 0 May19 ? 00:00:01 [kjournald]
root 79 1 0 May19 ? 00:00:00 [khubd]
root 1143 1 0 May19 ? 00:00:00 [kjournald]
root 1155 1 0 May19 ? 00:00:00 [kjournald]
root 1165 1 0 May19 ? 00:00:00 [kjournald]
root 1456 1 0 May19 ? 00:00:00 syslogd -m 0
root 1460 1 0 May19 ? 00:00:00 klogd -x
root 1470 1 0 May19 ? 00:00:11 irqbalance
rpc 1487 1 0 May19 ? 00:00:00 portmap
rpcuser 1506 1 0 May19 ? 00:00:00 rpc.statd
root 1567 1 0 May19 ? 00:00:00 [rpciod]
root 1568 1 0 May19 ? 00:00:00 [lockd]
root 1583 1 0 May19 ? 00:00:00 /usr/sbin/sshd
root 1618 1 0 May19 ? 00:00:01 gpm -t ps/2 -m /dev/mouse
root 1627 1 0 May19 ? 00:00:00 crond
xfs 2169 1 0 May19 ? 00:00:00 xfs -droppriv -daemon
daemon 2187 1 0 May19 ? 00:00:00 /usr/sbin/atd
root 2198 1 0 May19 tty1 00:00:00 /sbin/mingetty tty1
root 2199 1 0 May19 tty2 00:00:00 /sbin/mingetty tty2
root 2200 1 0 May19 tty3 00:00:00 /sbin/mingetty tty3
root 2201 1 0 May19 tty4 00:00:00 /sbin/mingetty tty4
root 2202 1 0 May19 tty5 00:00:00 /sbin/mingetty tty5
root 2203 1 0 May19 tty6 00:00:00 /sbin/mingetty tty6
root 9236 1583 0 08:13 ? 00:00:00 /usr/sbin/sshd
root 9238 9236 0 08:13 pts/0 00:00:00 -bash
root 9313 1 0 08:16 ? 00:00:00 xinetd -stayalive
-pidfile /var/run/xinetd.pid
root 9316 9238 0 08:16 pts/0 00:00:00 ps -ef
syslog:~ #netstat -anp | grep LIST
tcp 0 0 0.0.0.0:512 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:32768 0.0.0.0:*
LISTEN 1506/rpc.statd
tcp 0 0 0.0.0.0:513 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:514 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:5666 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 127.0.0.1:32776 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:873 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 1487/portmap
tcp 0 0 0.0.0.0:13782 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 1583/sshd
tcp 0 0 0.0.0.0:13783 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:23 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:13722 0.0.0.0:*
LISTEN 9313/xinetd
tcp 0 0 0.0.0.0:13724 0.0.0.0:*
LISTEN 9313/xinetd
unix 2 [ ACC ] STREAM LISTENING 1902
1618/gpm /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 3576
2169/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 16909
9236/sshd /tmp/ssh-XXqFMQ1t/agent.9236
As you can see that xinetd is the process bound to port 514. If I look
at the xinetd config, here are the only entries that are enabled:
syslog:/etc/xinetd.d #grep -i disable * | grep no
bpcd: disable = no
bpjava-msvc: disable = no
nrpe: disable = no
rexec: disable = no
rlogin: disable = no
rsh: disable = no
rsync: disable = no
telnet: disable = no
vnetd: disable = no
vopied: disable = no
syslog:/etc/xinetd.d #cat /etc/xinetd.conf
#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
I am at a loss. I don't see how the services that are enabled in xinetd
are binding to 514, but something is. This is also a vanilla install of
RH9 with all update including kernel.
Any ideas anyone?
Thx,
Chuck
More information about the redhat-list
mailing list