LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-27-2011, 01:25 AM   #1
stellaconcepts
LQ Newbie
 
Registered: Jun 2011
Posts: 2

Rep: Reputation: Disabled
Suspicious process running under user rpc


Hi All - newbie here...

Im getting this error from LFD sent to me over the past few days quite often and its bothering me a little - I have no idea what it means or what to do about it - can anyone help?

Time: Mon Jun 27 16:07:04 2011 +1100
PID: 28258
Account: rpc
Uptime: 126188 seconds


Executable:

/sbin/portmap


Command Line (often faked in exploits):

portmap


Network connections by the process (if any):

udp: 0.0.0.0:111 -> 0.0.0.0:0
tcp: 0.0.0.0:111 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/dev/null


Memory maps by the process (if any):

b7da4000-b7dad000 r-xp 00000000 00:1a 17369080 /lib/libnss_files-2.3.4.so
b7dad000-b7dae000 r-xp 00008000 00:1a 17369080 /lib/libnss_files-2.3.4.so
b7dae000-b7daf000 rwxp 00009000 00:1a 17369080 /lib/libnss_files-2.3.4.so
b7daf000-b7db0000 rwxp b7daf000 00:00 0
b7db0000-b7ed6000 r-xp 00000000 00:1a 13142177 /lib/tls/libc-2.3.4.so
b7ed6000-b7ed8000 r-xp 00125000 00:1a 13142177 /lib/tls/libc-2.3.4.so
b7ed8000-b7eda000 rwxp 00127000 00:1a 13142177 /lib/tls/libc-2.3.4.so
b7eda000-b7edd000 rwxp b7eda000 00:00 0
b7edd000-b7ef0000 r-xp 00000000 00:1a 17369042 /lib/libnsl-2.3.4.so
b7ef0000-b7ef1000 r-xp 00012000 00:1a 17369042 /lib/libnsl-2.3.4.so
b7ef1000-b7ef2000 rwxp 00013000 00:1a 17369042 /lib/libnsl-2.3.4.so
b7ef2000-b7ef4000 rwxp b7ef2000 00:00 0
b7efd000-b7efe000 r-xp b7efd000 00:00 0 [vdso]
b7efe000-b7f14000 r-xp 00000000 00:1a 17369074 /lib/ld-2.3.4.so
b7f14000-b7f15000 r-xp 00015000 00:1a 17369074 /lib/ld-2.3.4.so
b7f15000-b7f16000 rwxp 00016000 00:1a 17369074 /lib/ld-2.3.4.so
b7f16000-b7f1d000 r-xp 00000000 00:1a 17368352 /sbin/portmap
b7f1d000-b7f1e000 rwxp 00007000 00:1a 17368352 /sbin/portmap
b8f02000-b8f23000 rwxp b8f02000 00:00 0
bfa41000-bfa57000 rw-p bfa41000 00:00 0 [stack]
 
Old 06-27-2011, 03:56 AM   #2
droyden
Member
 
Registered: Feb 2007
Location: UK
Posts: 150

Rep: Reputation: 19
It's fine if you don't use nfs or rpc services you can safely disable it.
 
Old 06-27-2011, 04:11 AM   #3
stellaconcepts
LQ Newbie
 
Registered: Jun 2011
Posts: 2

Original Poster
Rep: Reputation: Disabled
thanks for the quick reply... any tips on how to disable them?
 
Old 06-27-2011, 06:25 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,371

Rep: Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381
Tell us which distro & version you're using.
 
Old 06-28-2011, 04:19 AM   #5
droyden
Member
 
Registered: Feb 2007
Location: UK
Posts: 150

Rep: Reputation: 19
yeah need distro, if its redhat based just chkconfig portmap off
and service portmap stop
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
find out how much time an already running process is spending in user and kernel spac Valentin Linux - Newbie 3 07-05-2011 02:58 PM
Set umask for process running root user uuplunkeruu Linux - Newbie 1 11-23-2009 05:01 PM
Running a process at boot time under a regular user account geek.ksa Linux - Newbie 3 07-06-2009 02:31 PM
How can I get the context info for a thread/process running in user mode? LostInLinux4ever Programming 1 05-23-2007 04:00 PM
vsftpd : process running as user nobody left after login ? markus1982 Linux - Security 4 01-18-2003 02:49 PM


All times are GMT -5. The time now is 09:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration