Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I typed users and it shows that I have 4 roots logged in. I should be the only person logged in. Should I be worried? Are there services that log in as root?
How do I find out where they're logging in from?
For some reason, I have this thing listening on a port:
/tmp/ssh-XXJaxpng.agent
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328
Rep:
netstat -l |grep LISTEN should help you identify ports that are bieng listened on. If you find an output showing only port number and not a recognised service then I think theres a site you can check what ports are set for certain services.
Also to check if services are running as root do a
ps aux
or if you know of services running on your machine use
ps aux|grep Servicename
also use Dmesg to check what services start on boot up.
Also check your /etc/inetd file to see what services are set to run thru inetd.
If your not running inetd but instead xinetd check each of the config files set for the services running.
If you find anything suspicious then post results here or disable the service.
As far as having several root logins you havent logged in as root on the other tty terminals have you????
use Alt+F1 thru to F6 to check (or in X Ctrl+ALt+F1 etc)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.