Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Fedora 8 has been unsupported for at least four years. (The current release is Fedora 16, and Fedora makes a new release about every six months. Only the immediately prior release is supported one month after a new release is made. If a release is unsupported, no software or security updates are generally available for that release.)
There are a few "standard" applications that will automatically scan for network availability. IIRC, Fedora 8 often ran nmap for that purpose.
(..)The issue is that someone has been using my server to port scan other machines on the internet..
The issue is, as John noticed from your netstat output, that you are running something in your web stack (homebrewn interpreted code without proper input validation or a vulnerable versions of forum, shopping cart, statistics, web log or other software packages) that allows a remote host to control and execute commands.
- stop your web services now and disable the database, web service and other services that are not mandatory for machine maintenance from starting again,
- raise the firewall to only allow access from your maintenance IP address or range,
- make a backup and do not restore from previous backups (if any) unless you have made certain they are free of vulnerable software.
I agree it would be best to start with a clean install of Fedora 16, Centos, Scientific Linux or any other distribution. Please do harden the machine and services and enable auditing before exposing it to the 'net again.
I realised that i stopped httpd then restarted httpd. That the results changed to the above..
Based on my limited reading...it ok in some cases to have some TIME_WAIT connections..
Is this better than before?
I just found out things are even worse than I thought. Past threads show the OP has been tinkering with Fedora 8 since 2010 during which time he installed and had problems with Drupal, MySQL 5.0.45, Moodle 1.9 (CVE: Drupal, MySQL 5.0.45 and Moodle) and since yesterday SSH access. From reading these threads it seems the OP often forgets to add he's using an Amazon-provided AMI instead of using the Fedora 16 Amazon Elastic Compute Cloud (EC2) images, the Amazon Linux AMI or building his own image. The OP always hides behind the "I am new to Linux" excuse, has been given advice not to run a deprecated distribution release before and appears to disregard such advice. As such I would not be surprised if his management does not know or care either.
Let's draw the line here and keep reminding the OP in this and future threads the only way to start fixing any of his problems is to start from scratch using a recent, supported and maintained distribution image.