-   Debian (
-   -   lpd port 515 reopens itself (

11-19-2003 01:09 PM

lpd port 515 reopens itself
as part of the process of securing a debian box, I've closed every port that was open except 22 for ssh. I ran nmap on this computer a few days ago and discovered that port 515 was open. So, I ran /etc/rc2.d/s20lpd stop and that closed it. But yesterday I checked again and the lpd port was open again.

So my question is, how can I go about tracking down whatever it is that's starting the printer daemon?

I have renamed the startup script from S20lpd to s20lpd so it wont restart if the machine reboot - but this computer has actually been up for 60 days :)
I am running in X, so the only thing I can think of is that some program is trying to print and that's starting the demon.

thanks in advance for any advice.

debaholic 11-24-2003 10:33 AM

port 515 opened itself again this weekend. lsof -i :515 shows that it is /usr/sbin/lpd listening (I was worried that the machine might have been hacked).

Can anyone offer any suggestions on how I might track down what's starting this service? The machine has not been rebooted since the last time I shut down the service. I've looked for cron jobs an anything else that I could think of but I haven't had any luck figuring it out. So, any ideas would be greatly appreciated.

Over the weekend, I left an account logged into an X session with just mozilla and an xterm running. Could X be starting the printer daemon?

debaholic 11-26-2003 09:29 AM

I'm going to indulge myself with a single bump.

Maybe if nobody can help me someone can point me to another place to ask this question.

All times are GMT -5. The time now is 11:55 PM.