AIXThis forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I am running AIX 4.3.3...i just tried nmap'ing this rs/6000 box from another machine and the
following ports appear to be open:
PORT STATE SERVICE
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
22/tcp open ssh
25/tcp open smtp
37/tcp open time
199/tcp open smux
587/tcp open submission
683/tcp open unknown
684/tcp open unknown
2049/tcp open nfs
2401/tcp open cvspserver
6112/tcp open dtspc
32777/tcp open sometimes-rpc17
Now I know that ssh (22) and nfs (2049) should be running...but what the heck are the rest of
these? Any thoughts, using aix commands, on how to decipher them?? I know that i should not
be running any kind of cvs server...
I ran rkhunter (v: 1.1.2) and nothing indicated a rooted hit of any kind...all the typical commands
looked fine (ps, w, ls, etc...)
I also wanted to look at the routing table: netstat -rn
# netstat -rn
Destination Gateway Flags Refs Use If PMTU Exp Groups
Route Tree for Protocol Family 2 (Internet):
default 1XX.XXX.XX.X UGc 0 0 en1 - -
--- some lines deleted... ----
188.8.131.52 1XX.XXX.XX.X UGHW 1 17 en1 - -
127/8 127.0.0.1 U 3 114956 lo0 - -
note: 1XX.XXX.XX.X = my normal gateway IP address.
The IP ADDRESS: 184.108.40.206 seems odd...i did a whois -v on it and it came up in ITALY...
and I am NOT in Italy. Does this mean that the machine is 'routed' through this italian ip
The entry you're looking at is a host entry (the H flag in UGHW), so all that routing entry is doing is telling the system that for traffic to 220.127.116.11, use your normal gateway as the gateway for the connection (the second field of the routing table is the gateway to use). Why you have a routing entry for some random host in Italy, I really couldn't tell you. You can always delete the entry from the routing table and keep an eye on it to see if it re-appears. But by itself, it isn't doing anything malicious that your system wouldn't normal do.
Take a look at /etc/inetd.conf and comment out all the un-needed services (time,daytime,echo,chargen,etc are common services in *nix that you can usually shutoff). I'm not an AIX-guy, so I'm not that familiar with it or it's NFS implementation. You might have some luck identifying the unknowns using lsof -i or netstat -pa and track them down by their PID number. This might give you a little more AIX-centric help than I can offer:
Capt once again provides THIS user with a wealth of useful information.
I have closed many of the open ports and look forward to a better night sleep (this
time with just one eye open... )
If anyone else can provide further references/help with the aix security I am very
eager to learn...this os has constantly been a source of thorns in the side regarding
its security...largely due to inexperience. Thanks
(Un)fortunately i haven't had alot of experience with other Unixes...I've used IRIX
a bit, but haven't spent alot of time with it.
One other question:
after commenting out several lines in the /etc/inetd.conf file...i typed: refresh -s
and i got the error:
# 0513-056 Timeout waiting for command response. If you specified a foreign host, see the /etc/inittab file on the foreign host to verify that the SRC daemon
(srcmstr) was started with the -r flag to accept remote requests.
I've never seen this error before...I tried uncommenting the lines i commented
in /etc/inetd.conf and no luck...it remains there.