Home > Articles > Operating Systems, Server > Linux/UNIX/Open Source

  • Print
  • + Share This

Checking Out Your System's Content

Let's take a look at the output of tcpdchk on a sample system:

# tcpdchk

warning: /etc/inetd.conf, line 75: in.tftpd: not found in /usr/sbin: No such file or directory

Well, that's not good. The output tells me that on line 75, the TFTP daemon is enabled, but it doesn't exist on the system. Good thing, because I didn't install it. In fact, I don't want TFTP enabled. Commenting out line 75 and the output from tcpdchk becomes nothing. That's good. The tcpdchk utility checks for programs and also ensures that an entry for the program can be found in /etc/services. After all, inetd has to know which port to bind. If nothing's wrong, you get no output.

This brings me to my next point. I didn't want TFTP enabled at all. Good thing I didn't install it. But tcpdchk won't tell me what is enabled; I have to check that myself. The tool I use for this is netstat. In this case, I'll use netstat -a to show me not just current connections, but servers listening on ports for connections (this is a partial listing):

# netstat -a
tcp        0      0 *:smtp                  *:*                     LISTEN      
tcp        0      0 *:7110                  *:*                     LISTEN      
tcp        0      0 volcan.pananix.c:domain *:*                     LISTEN      
tcp        0      0 localhost:domain        *:*                     LISTEN      
tcp        0      0 *:www                   *:*                     LISTEN      
tcp        0      0 *:printer               *:*                     LISTEN      
tcp        0      0 *:auth                  *:*                     LISTEN      
tcp        0      0 *:swat                  *:*                     LISTEN      
tcp        0      0 *:finger                *:*                     LISTEN      
tcp        0      0 *:uucp                  *:*                     LISTEN      
tcp        0      0 *:imap2                 *:*                     LISTEN      
tcp        0      0 *:pop3                  *:*                     LISTEN      
tcp        0      0 *:pop2                  *:*                     LISTEN      
tcp        0      0 *:exec                  *:*                     LISTEN      
tcp        0      0 *:login                 *:*                     LISTEN      
tcp        0      0 *:shell                 *:*                     LISTEN      

Here's the first mystery—what's that listening on 7110? Let's use the fuser command (specifying the TCP namespace) to find out:

# fuser -n tcp 7110
7110/tcp:             2967

And the winner is: process ID 2967. Okay, let's see what it is:

# ps awx | grep 2967
 2967 ?        S      0:02 /usr/opt/applix/axdata/fontmetrics/gallium/fs/axfontfs -cf /usr/opt/applix/axdata/fontmetrics/gallium/fs/

Well, this looks like it's the Applix font server. That's okay with me, so let's look a little further. Most look innocuous enough—SMTP, DNS, HTTP, LP, AUTH, SWAT, and so on. But then we get down to EXEC, LOGIN, and SHELL. I don't think I want those "r" commands running. They're a bit too unsecure even for this system, which dials in to the Internet only infrequently.

So where are they running from? Let's use fuser, ps, and grep to find out (just like we did previously):

# fuser -n tcp shell
shell/tcp:             617

Our grep of ps awx shows this:

  617 ?        SW     0:00 [inetd]

This is our old friend inetd. So, we need to find the shell line, comment it out, save the file, and restart inetd.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.