Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
05-23-2005, 09:04 PM
|
#1
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Rep: 
|
Proftpd is DEAD?!?!
Thios is probably a stupid question but I shutdown my server to upgrade the RAM in it. Everything was working great before I shut it down. I didn't have Proftpd set to start on boot (I was getting to it but just kept forgetting to turn that on).
The server came back up fine and I was very pleased at the increase in performance after the RAM upgrade. I wanted to start my ftp server so I did:
Code:
service proftpd start
Cannot find proftpd service
Usage: service -[Rfshv] SERVICE ARGUMENTS
-f|--full-restart: Do a fullrestart of the service.
-R|--full-restart-all: Do a fullrestart of all services currently running.
-s|--status-all: Print a status of all services.
-d|--debug: Launch with debug.
-h|--help: This help.
-v|--version: Print version.
version 1.12
So then tried to start the service through the Webmin service module and got:
Code:
Executing /etc/rc.d/init.d/proftpd start ..
/bin/sh: line 1: /etc/rc.d/init.d/proftpd: Permission denied
How can a server just vanish?
Last edited by AudioMechanic; 05-24-2005 at 07:09 PM.
|
|
|
|
|
05-24-2005, 06:43 AM
|
#2
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
I tried displaying a list of all known services and got this:
Code:
# service -s
portmap (pid 968) is running...
master is stopped
prelude (pid 1323) is running...
1322 (pid 1320) is running...
prelude_report (pid 1321) is running...
1309 (pid ) is running...
/sbin/service: line 118: /etc/init.d/proftpd: Permission denied
The random data source exists
routed is stopped
rwhod (pid 1238) is running...
1237 (pid ) is running...
saslauthd is stopped
How can the permision be denied if I'm the root user? I thought the root user had permsion of all.
God, I'm such a n00b. 
Well, thanks in advance!
PS, my OS is Mandrake 9.0. |
|
|
|
|
05-24-2005, 11:16 AM
|
#3
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
Is there a way that I can change the permisions of this server so I can start/stop/get status of it? I don't know how the permisions changed in the first place. Crazy.
|
|
|
|
|
05-24-2005, 07:20 PM
|
#4
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
Ok, check it out. I found the execution script for proftpd (I know, what took me so long) and tried to execute it from a shell. I tried a couple different commands and got this:
Code:
[root@cpe-xx-xx-xx-xx admin]# /etc/init.d/proftpd start
Starting proftpd: [ OK ]
[root@cpe-xx-xx-xx-xx admin]# /etc/init.d/proftpd restart
Shutting down proftpd: [FAILED]
Starting proftpd: [ OK ]
[root@cpe-xx-xx-xx-xx admin]# /etc/init.d/proftpd status
proftpd dead but subsys locked
[root@cpe-xx-xx-xx-xx admin]#
Proftpd DEAD?!?!?! What does that mean?
Hee's the startup script for your viewing pleasure:
Code:
#!/bin/sh
#
# Startup script for ProFTPd
#
# chkconfig: 345 85 15
# description: ProFTPD is an enhanced FTP server with \
# a focus toward simplicity, security, and ease of configuration. \
# It features a very Apache-like configuration syntax, \
# and a highly customizable server infrastructure, \
# including support for multiple 'virtual' FTP servers, \
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftpd.conf
#
# By: Osman Elliyasa <osman@Cable.EU.org>
# $Id: proftpd.init.d,v 1.2 2001/01/26 23:10:55 flood Exp $
# modified by vdanen@mandrakesoft.com
# Source function library.
. /etc/rc.d/init.d/functions
# Get config.
. /etc/sysconfig/network
# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
[ -x /usr/sbin/proftpd ] || exit 0
FTPSHUT=/usr/sbin/ftpshut
RETVAL=0
# See how we were called.
case "$1" in
start)
gprintf "Starting proftpd: "
daemon proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
;;
stop)
gprintf "Shutting down proftpd: "
killproc proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
;;
status)
status proftpd
RETVAL=$?
;;
restart)
$0 stop
$0 start
RETVAL=$?
;;
reload)
gprintf "Re-reading proftpd config: "
killproc proftpd -HUP
RETVAL=$?
echo
;;
suspend)
if [ -f $FTPSHUT ]; then
if [ $# -gt 1 ]; then
shift
gprintf "Suspending proftpd with '$*' "
$FTPSHUT $*
else
gprintf "Suspending proftpd NOW "
$FTPSHUT now "Maintanance in progress"
fi
else
gprintf "No way to suspend, shutting down instead "
fi
killproc proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
;;
resume)
if [ -f /etc/shutmsg ]; then
gprintf "Allowing proftpd sessions again "
rm -f /etc/shutmsg
else
gprintf "Starting proftpd; was not suspended "
fi
daemon proftpd
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
;;
*)
gprintf "Usage: %s {start|stop|status|restart|reload|resume" "$0"
if [ "$FTPSHUT" = "" ]; then
gprintf "}\n"
else
gprintf "|suspend}\n"
gprintf "suspend accepts additional arguments which are passed to ftpshut(8)\n"
fi
exit 1
esac
if [ $# -gt 1 ]; then
shift
$0 $*
fi
exit $RETVAL
and the config file:
Code:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Allow FTP resuming.
# Remember to set to off if you have an incoming ftp for upload.
AllowStoreRestart on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User admin
Group admin
# Normally, we want files to be overwriteable.
<Directory /ftp>
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores on
HiddenStor on
HideNoAccess on
<limit DELE>
DenyAll
</limit>
HideGroup adm
</Directory>
# Needed for NIS.
PersistentPasswd off
# Default root can be used to put users in a chroot environment.
# As an example if you have a user foo and you want to put foo in /home/foo
# chroot environment you would do this:
#
# DefaultRoot /home/foo foo
<Global>
AllowForeignAddress on
AllowRetrieveRestart on
AllowStoreRestart on
DeferWelcome on
IdentLookups on
MaxClients 10 "Check this out, too many people are gang bangin my server, yo. Check back when there"
MaxClientsPerHost 20
ServerIdent on "Welcome! You sick freak you."
tcpNoDelay on
DeleteAbortedStores on
HiddenStor on
ShowSymlinks off
DirFakeGroup on
DirFakeUser on
ShowDotFiles on
LoginPasswordPrompt off
AccessDenyMsg "Try again, fumblefingers."
AccessGrantMsg "Ooo! You pushed all my right buttons!"
AllowOverwrite off
RootLogin on
AuthAliasOnly off
MaxLoginAttempts 3
RequireValidShell off
UseFtpUsers off
AuthPAM on
AuthPAMAuthoritative on
DefaultChdir /ftp
DefaultRoot /ftp admin
DefaultRoot / root
GroupPassword ftp 11ktk1UwLbY2c
UserAlias underground admin
UserAlias root root
UserAlias elizabeth admin
UserPassword admin 11vdYqY/iXMOI
</Global>
MultilineRFC2228 on
SocketBindTight on
TimeoutIdle 600
UseReverseDNS on
AllowForeignAddress on
AllowRetrieveRestart on
DeferWelcome on
IdentLookups on
MaxClients 10 "Check it out, too many people are gang bangin my server. Check back when there"
MaxClientsPerHost 10 "Come on MAN! My bandwidth aint free!"
ServerIdent on "Welcome to the party! Ya herd?"
tcpNoDelay on
LoginPasswordPrompt off
AccessDenyMsg "Try again, fumblefingers."
AllowOverwrite off
Classes on
TimeoutLogin 60
DefaultChdir /ftp
RootLogin off
GroupPassword admin 11ktk1UwLbY2c
MaxLoginAttempts 3
RequireValidShell off
UseFtpUsers off
UserAlias underground admin
DefaultRoot /ftp
UserPassword admin 11vdYqY/iXMOI
Please dear God someone have an answer for me. I will kiss your feet, walk your dog, mow your lawn...just help me! Thank you in advance for ANY replies. I will post as much info as you need. |
|
|
|
|
05-24-2005, 10:37 PM
|
#5
|
|
Senior Member
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Rep:
|
You have any log messages in /var/log dealing with proftpd?
What are the permissions for the proftpd executable?
|
|
|
|
|
05-25-2005, 04:55 AM
|
#6
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
Well, I checked the daemons log and found about 7 of these lines:
Quote:
May 24 18:54:06 cpe-xx-xx-xx-xx proftpd[16463]: cpe-xx-xx-xx-xx.houston.res.rr.com - Failed binding to xx.xx.xx.xx port 21: Address already in use
May 24 18:54:06 cpe-xx-xx-xx-xx proftpd[16463]: cpe-xx-xx-xx-xx.houston.res.rr.com - Check the ServerType directive to ensure you are configured correctly.
|
Looks like another program is hogging the port. But I wonder what program that could be. How do I see what programs are using what ports?
I tried a shutdown and restart to get any other programs to release that port but no such luck.
BTW, thank you very much for the reply. I know I've been pestering about this and most likely annoying a lot of people. My apologies for posting in more than one thread and for being a pest.
Last edited by AudioMechanic; 05-25-2005 at 05:07 AM.
|
|
|
|
|
05-25-2005, 05:42 AM
|
#7
|
|
Senior Member
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Rep:
|
When you first bootup does "netstat -ta" show you listening on port 21?
If so, do a "ps aux" and let me see the output.
|
|
|
|
|
05-25-2005, 09:12 PM
|
#8
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
I got home really late today and am really tired. I will definately give you everything you need tomorrow though.
Thank you once again for your help. It does not go unappreaciated!
|
|
|
|
|
05-25-2005, 09:27 PM
|
#9
|
|
Member
Registered: Jan 2005
Location: /dev/input/chair0
Distribution: Slackware, Gentoo, Vector, Roll-your-own-with-GNU binutils
Posts: 174
Rep:
|
I'd unplug the nic until you get it resolved. Sounds mighty fishy
|
|
|
|
|
05-26-2005, 05:13 PM
|
#10
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
Ok, the result of netstat -ta directly after a reboot is the following:
Code:
> netstat -ta
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.localdo:32768 *:* LISTEN
tcp 0 0 *:swat *:* LISTEN
tcp 0 0 *:8200 *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:10000 *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 *:squid *:* LISTEN
tcp 0 0 *:7741 *:* LISTEN
tcp 0 0 localhost.localdo:10000 10.10.69.204:1056 TIME_WAIT
tcp 0 0 localhost.localdo:10000 10.10.69.204:1058 TIME_WAIT
tcp 0 0 localhost.localdo:10000 10.10.69.204:1059 TIME_WAIT
tcp 0 0 localhost.localdo:10000 10.10.69.204:1060 TIME_WAIT
tcp 0 0 localhost.localdo:10000 10.10.69.204:1063 TIME_WAIT
tcp 0 1565 localhost.localdo:10000 10.10.69.204:1064 ESTABLISHED
tcp 0 0 localhost.localdo:10000 10.10.69.204:1065 ESTABLISHED
and the output of ps aux is this:
Code:
> ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 1.5 0.0 1288 484 ? S 17:08 0:04 init [5]
root 2 0.0 0.0 0 0 ? SW 17:08 0:00 [keventd]
root 3 0.0 0.0 0 0 ? SW 17:08 0:00 [kapmd]
root 4 0.0 0.0 0 0 ? SWN 17:08 0:00 [ksoftirqd_CPU0]
root 5 0.0 0.0 0 0 ? SW 17:08 0:00 [kswapd]
root 6 0.0 0.0 0 0 ? SW 17:08 0:00 [bdflush]
root 7 0.0 0.0 0 0 ? SW 17:08 0:00 [kupdated]
root 8 0.0 0.0 0 0 ? SW< 17:08 0:00 [mdrecoveryd]
root 12 0.0 0.0 0 0 ? SW 17:08 0:00 [kjournald]
root 137 0.0 0.0 0 0 ? SW 17:08 0:00 [khubd]
root 253 0.0 0.0 0 0 ? SW 17:08 0:00 [kjournald]
root 254 0.0 0.0 0 0 ? SW 17:08 0:00 [kjournald]
root 255 0.0 0.0 0 0 ? SW 17:08 0:00 [kjournald]
root 539 0.0 0.0 0 0 ? SW 17:08 0:00 [eth0]
root 536 0.0 0.0 0 0 ? SW 17:08 0:00 [eth1]
root 871 0.0 0.0 1280 456 ? S 17:09 0:00 /sbin/dhcpcd -Y -
root 912 0.0 0.1 1292 516 ? S 17:09 0:00 /sbin/dhcpcd -Y -
rpc 968 0.0 0.1 1416 532 ? S 17:09 0:00 portmap
root 982 0.1 0.1 1388 592 ? S 17:09 0:00 syslogd -m 0
root 990 0.0 0.2 1940 1148 ? S 17:09 0:00 klogd -2
root 1021 0.0 0.0 1336 500 ? S 17:09 0:00 gpm -t ps/2 -m /d
xfs 1056 0.0 0.7 5076 3632 ? S 17:09 0:00 xfs -port -1 -dae
daemon 1108 0.0 0.0 1312 504 ? S 17:09 0:00 /usr/sbin/atd
root 1127 0.0 0.2 2660 1244 ? S 17:09 0:00 /usr/sbin/sshd
root 1148 0.0 0.1 2092 968 ? S 17:09 0:00 xinetd -stayalive
root 1163 0.2 0.1 2368 936 ? S 17:09 0:00 ptal-mlcd mlc:par
root 1165 0.0 0.1 2464 760 ? S 17:09 0:00 ptal-printd mlc:p
root 1194 0.0 0.4 5188 2168 ? S 17:09 0:00 cupsd
root 1237 0.0 0.0 1296 488 ? S 17:09 0:00 rwhod
root 1241 0.0 0.1 1300 540 ? S 17:09 0:00 rwhod
root 1309 0.0 0.1 2688 888 ? S 17:09 0:00 /usr/bin/prelude_
root 1320 0.0 0.4 12336 2216 ? S 17:09 0:00 /usr/bin/prelude
root 1321 0.0 0.1 2688 900 ? S 17:09 0:00 /usr/bin/prelude_
root 1322 0.0 0.4 12336 2216 ? S 17:09 0:00 /usr/bin/prelude
root 1323 0.0 0.4 12336 2216 ? S 17:09 0:00 /usr/bin/prelude
root 1452 0.0 0.7 7592 4076 ? S 17:09 0:00 httpd-perl -f /et
apache 1467 0.0 0.7 7640 4096 ? S 17:09 0:00 httpd-perl -f /et
apache 1468 0.0 0.7 7640 4096 ? S 17:09 0:00 httpd-perl -f /et
apache 1469 0.0 0.7 7640 4096 ? S 17:09 0:00 httpd-perl -f /et
apache 1470 0.0 0.7 7640 4096 ? S 17:09 0:00 httpd-perl -f /et
root 1472 0.0 0.3 4668 1748 ? S 17:09 0:00 httpd -DPERLPROXI
root 1480 0.0 0.2 3416 1488 ? S 17:09 0:00 /usr/bin/perl /us
apache 1481 0.0 0.3 4704 1768 ? S 17:09 0:00 httpd -DPERLPROXI
apache 1482 0.0 0.3 4704 1768 ? S 17:09 0:00 httpd -DPERLPROXI
apache 1483 0.0 0.3 4704 1768 ? S 17:09 0:00 httpd -DPERLPROXI
apache 1484 0.0 0.3 4704 1768 ? S 17:09 0:00 httpd -DPERLPROXI
root 1550 0.0 0.1 1516 648 ? S 17:09 0:00 crond
root 1587 0.0 0.2 4040 1276 ? S 17:09 0:00 squid -D
squid 1589 0.4 0.8 6364 4468 ? S 17:09 0:01 (squid) -D
root 1590 0.0 1.1 8272 5948 ? S 17:09 0:00 /usr/bin/perl /us
squid 1602 0.0 0.0 1244 264 ? S 17:09 0:00 (unlinkd)
root 1610 0.0 0.3 5012 1936 ? S 17:09 0:00 smbd -D
root 1620 0.0 0.3 3780 1708 ? S 17:09 0:00 nmbd -D
root 1644 0.0 0.2 2476 1068 ? S 17:09 0:00 /usr/bin/lisa -c
root 1696 0.1 0.2 2300 1248 ? S 17:09 0:00 login -- admin
root 1697 0.0 0.0 1244 360 tty2 S 17:09 0:00 /sbin/mingetty tt
root 1698 0.0 0.0 1244 360 tty3 S 17:09 0:00 /sbin/mingetty tt
root 1699 0.0 0.0 1244 360 tty4 S 17:09 0:00 /sbin/mingetty tt
root 1700 0.0 0.0 1244 360 tty5 S 17:09 0:00 /sbin/mingetty tt
root 1701 0.0 0.0 1244 360 tty6 S 17:09 0:00 /sbin/mingetty tt
admin 1708 0.0 0.3 2756 1652 tty1 S 17:10 0:00 -bash
root 1778 1.6 1.7 11172 8828 ? S 17:12 0:01 /usr/bin/perl /us
root 1789 0.0 0.2 2224 1052 ? S 17:13 0:00 sh -c (ps aux) 2>
root 1790 0.0 0.1 2528 712 ? R 17:13 0:00 ps aux
What does all this mean? |
|
|
|
|
05-26-2005, 05:18 PM
|
#11
|
|
Senior Member
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Rep:
|
Well, according to that netstat you already have something bound and listening to your ftp port.... but it sure doesn't look like it is proftpd.... some of those ps lines got cut off, do any of them look like an ftp daemon or look like they could be running on port 22?
|
|
|
|
|
05-26-2005, 05:50 PM
|
#12
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
Well, I scanned it over and don't see anything relating to an ftp or anything on port 21 but here is the expanded file in case you see something that I didn't (please excuse the hugeness  ):
Code:
[admin@cpe-67-10-146-38 admin]$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.1 0.0 1288 484 ? S 17:08 0:04 init [5]
root 2 0.0 0.0 0 0 ? SW 17:08 0:00 [keventd]
root 3 0.0 0.0 0 0 ? SW 17:08 0:00 [kapmd]
root 4 0.0 0.0 0 0 ? SWN 17:08 0:00 [ksoftirqd_CPU0]
root 5 0.0 0.0 0 0 ? SW 17:08 0:00 [kswapd]
root 6 0.0 0.0 0 0 ? SW 17:08 0:00 [bdflush]
root 7 0.0 0.0 0 0 ? SW 17:08 0:00 [kupdated]
root 8 0.0 0.0 0 0 ? SW< 17:08 0:00 [mdrecoveryd]
root 12 0.0 0.0 0 0 ? SW 17:08 0:00 [kjournald]
root 137 0.0 0.0 0 0 ? SW 17:08 0:00 [khubd]
root 253 0.0 0.0 0 0 ? SW 17:08 0:00 [kjournald]
root 254 0.0 0.0 0 0 ? SW 17:08 0:00 [kjournald]
root 255 0.0 0.0 0 0 ? SW 17:08 0:00 [kjournald]
root 539 0.0 0.0 0 0 ? SW 17:08 0:00 [eth0]
root 536 0.0 0.0 0 0 ? SW 17:08 0:00 [eth1]
root 871 0.0 0.0 1280 456 ? S 17:09 0:00 /sbin/dhcpcd -Y -N eth1
root 912 0.0 0.1 1292 516 ? S 17:09 0:00 /sbin/dhcpcd -Y -N eth1
rpc 968 0.0 0.1 1416 532 ? S 17:09 0:00 portmap
root 982 0.0 0.1 1388 592 ? S 17:09 0:00 syslogd -m 0
root 990 0.0 0.2 1940 1148 ? S 17:09 0:00 klogd -2
root 1021 0.0 0.0 1336 500 ? S 17:09 0:00 gpm -t ps/2 -m /dev/psaux
xfs 1056 0.0 0.9 6452 5144 ? S 17:09 0:00 xfs -port -1 -daemon -droppriv -user xfs
daemon 1108 0.0 0.0 1312 504 ? S 17:09 0:00 /usr/sbin/atd
root 1127 0.0 0.2 2660 1244 ? S 17:09 0:00 /usr/sbin/sshd
root 1148 0.0 0.1 2092 968 ? S 17:09 0:00 xinetd -stayalive -reuse -pidfile /var/run/xinetd.pid
root 1163 0.0 0.1 2368 936 ? S 17:09 0:00 ptal-mlcd mlc:par:OfficeJet_G55 -devidmatch MDL:OfficeJet G55; -devidmatch SERN
root 1165 0.0 0.1 2464 760 ? S 17:09 0:00 ptal-printd mlc:par:OfficeJet_G55 -morepipes 9 -like /dev/lp0
root 1194 0.0 0.4 5188 2168 ? S 17:09 0:00 cupsd
root 1237 0.0 0.0 1296 488 ? S 17:09 0:00 rwhod
root 1241 0.0 0.1 1300 544 ? S 17:09 0:00 rwhod
root 1309 0.0 0.1 2688 888 ? S 17:09 0:00 /usr/bin/prelude_report -qd -P /var/run/prelude_report.pid
root 1320 0.0 0.4 12348 2228 ? S 17:09 0:00 /usr/bin/prelude -qd -P /var/run/prelude.pid -i eth0
root 1321 0.0 0.1 2688 900 ? S 17:09 0:00 /usr/bin/prelude_report -qd -P /var/run/prelude_report.pid
root 1322 0.0 0.4 12348 2228 ? S 17:09 0:00 /usr/bin/prelude -qd -P /var/run/prelude.pid -i eth0
root 1323 0.0 0.4 12348 2228 ? S 17:09 0:00 /usr/bin/prelude -qd -P /var/run/prelude.pid -i eth0
root 1452 0.0 0.7 7592 4076 ? S 17:09 0:00 httpd-perl -f /etc/httpd/conf/httpd-perl.conf -DPERLPROXIED -DHAVE_PROXY -DHAVE
apache 1467 0.0 0.7 7640 4096 ? S 17:09 0:00 httpd-perl -f /etc/httpd/conf/httpd-perl.conf -DPERLPROXIED -DHAVE_PROXY -DHAVE
apache 1468 0.0 0.7 7640 4096 ? S 17:09 0:00 httpd-perl -f /etc/httpd/conf/httpd-perl.conf -DPERLPROXIED -DHAVE_PROXY -DHAVE
apache 1469 0.0 0.7 7640 4096 ? S 17:09 0:00 httpd-perl -f /etc/httpd/conf/httpd-perl.conf -DPERLPROXIED -DHAVE_PROXY -DHAVE
apache 1470 0.0 0.7 7640 4096 ? S 17:09 0:00 httpd-perl -f /etc/httpd/conf/httpd-perl.conf -DPERLPROXIED -DHAVE_PROXY -DHAVE
root 1472 0.0 0.3 4668 1748 ? S 17:09 0:00 httpd -DPERLPROXIED -DHAVE_PROXY -DHAVE_ACCESS -DHAVE_ACTIONS -DHAVE_ALIAS -DHA
root 1480 0.0 0.2 3416 1488 ? S 17:09 0:00 /usr/bin/perl /usr/sbin/advxsplitlogfile
apache 1481 0.0 0.3 4704 1768 ? S 17:09 0:00 httpd -DPERLPROXIED -DHAVE_PROXY -DHAVE_ACCESS -DHAVE_ACTIONS -DHAVE_ALIAS -DHA
apache 1482 0.0 0.3 4704 1768 ? S 17:09 0:00 httpd -DPERLPROXIED -DHAVE_PROXY -DHAVE_ACCESS -DHAVE_ACTIONS -DHAVE_ALIAS -DHA
apache 1483 0.0 0.3 4704 1768 ? S 17:09 0:00 httpd -DPERLPROXIED -DHAVE_PROXY -DHAVE_ACCESS -DHAVE_ACTIONS -DHAVE_ALIAS -DHA
apache 1484 0.0 0.3 4704 1768 ? S 17:09 0:00 httpd -DPERLPROXIED -DHAVE_PROXY -DHAVE_ACCESS -DHAVE_ACTIONS -DHAVE_ALIAS -DHA
root 1550 0.0 0.1 1516 648 ? S 17:09 0:00 crond
root 1587 0.0 0.2 4040 1276 ? S 17:09 0:00 squid -D
squid 1589 0.0 0.8 6364 4468 ? S 17:09 0:01 (squid) -D
root 1590 0.0 1.1 8276 5952 ? S 17:09 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf
squid 1602 0.0 0.0 1244 264 ? S 17:09 0:00 (unlinkd)
root 1610 0.0 0.3 5012 1940 ? S 17:09 0:00 smbd -D
root 1620 0.0 0.3 3784 1724 ? S 17:09 0:00 nmbd -D
root 1644 0.0 0.2 2476 1068 ? S 17:09 0:00 /usr/bin/lisa -c /etc/lisarc
root 1696 0.0 0.2 2300 1248 ? S 17:09 0:00 login -- admin
root 1697 0.0 0.0 1244 360 tty2 S 17:09 0:00 /sbin/mingetty tty2
root 1698 0.0 0.0 1244 360 tty3 S 17:09 0:00 /sbin/mingetty tty3
root 1699 0.0 0.0 1244 360 tty4 S 17:09 0:00 /sbin/mingetty tty4
root 1700 0.0 0.0 1244 360 tty5 S 17:09 0:00 /sbin/mingetty tty5
root 1701 0.0 0.0 1244 360 tty6 S 17:09 0:00 /sbin/mingetty tty6
admin 1708 0.0 0.3 2756 1652 tty1 S 17:10 0:00 -bash
root 2073 0.0 0.5 5552 2608 ? S 17:36 0:00 smbd -D
root 2134 0.0 1.1 8272 5972 ? S 17:42 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.conf
root 2144 0.0 0.1 2288 1008 tty1 S 17:43 0:00 su
root 2145 0.0 0.3 2760 1640 tty1 S 17:43 0:00 bash
root 2192 0.0 0.1 2292 664 tty1 S 17:43 0:00 /usr/bin/kdm -nodaemon
root 2195 5.2 3.6 45340 18908 ? S< 17:43 0:10 /etc/X11/X -deferglyphs 16 -nolisten tcp -auth /var/run/xauth/A:0-Pswrrh
root 2196 0.0 0.2 3240 1384 tty1 S 17:43 0:00 -:0
admin 2219 0.1 0.2 2392 1248 tty1 S 17:43 0:00 /bin/sh /usr/bin/startkde
admin 2319 0.0 1.5 19500 7780 ? S 17:44 0:00 kdeinit: Running...
admin 2322 0.0 1.5 19424 7960 ? S 17:44 0:00 kdeinit: dcopserver --nosid
admin 2325 0.0 1.7 20476 9012 ? S 17:44 0:00 kdeinit: klauncher
admin 2327 0.4 1.9 20632 10244 ? S 17:44 0:00 kdeinit: kded
admin 2336 0.3 0.9 7796 4728 ? S 17:44 0:00 /usr/bin/artsd -F 10 -S 4096 -s 60 -m artsmessage -l 3 -f
admin 2352 0.1 2.3 24508 12300 ? S 17:44 0:00 kdeinit: knotify
admin 2353 0.0 0.0 1324 312 tty1 S 17:44 0:00 kwrapper ksmserver --restore
admin 2355 0.1 1.9 20760 10224 ? S 17:44 0:00 kdeinit: ksmserver --restore
admin 2356 0.3 2.2 21388 11508 ? S 17:44 0:00 kdeinit: kwin -session 1118dbcc6e000111180776600000019330000
admin 2358 0.8 2.9 26168 15416 ? S 17:44 0:01 kdeinit: kdesktop
admin 2361 0.8 2.7 23608 13980 ? S 17:44 0:01 kdeinit: kicker
admin 2362 0.0 1.6 19628 8300 ? S 17:44 0:00 kdeinit: kio_file file /tmp/ksocket-admin/klaunchery0F4Lb.slave-socket /tmp/kso
admin 2363 0.0 1.6 19620 8292 ? S 17:44 0:00 kdeinit: kio_file file /tmp/ksocket-admin/klaunchery0F4Lb.slave-socket /tmp/kso
admin 2366 0.2 2.1 21488 11168 ? S 17:44 0:00 kdeinit: klipper -icon klipper -miniicon klipper
admin 2370 0.2 2.1 21404 11068 ? S 17:44 0:00 kdeinit: kwrited
admin 2373 0.2 2.1 20720 10984 ? S 17:44 0:00 korgac --miniicon korganizer
admin 2374 0.2 1.9 20504 9816 ? S 17:44 0:00 kalarmd -session 11430a9226000111697851900000163430004
admin 2376 0.5 0.7 6696 3768 ? S 17:44 0:00 /usr/bin/Eterm
admin 2379 0.0 0.3 2748 1628 pts/1 S 17:44 0:00 -bash
admin 2428 1.5 2.6 23212 13448 ? R 17:46 0:00 kdeinit: konsole -icon konsole.png -miniicon konsole.png
admin 2430 0.3 0.3 2752 1632 pts/2 S 17:46 0:00 /bin/bash
admin 2463 0.0 0.1 2600 780 pts/2 R 17:47 0:00 ps aux
[admin@cpe-67-10-146-38 admin]$
|
|
|
|
|
05-26-2005, 05:58 PM
|
#13
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
Here's something else I found peculiar. I was going through the system logs and came across this in my /var/log/secure file:
Quote:
May 23 20:27:09 cpe-67-10-146-38 xinetd[1149]: START: ftp pid=2289 from=10.10.69.204
May 23 20:27:09 cpe-67-10-146-38 xinetd[2289]: FAIL: ftp libwrap from=10.10.69.204
May 23 20:27:09 cpe-67-10-146-38 xinetd[1149]: EXIT: ftp status=0 pid=2289 duration=0(sec)
|
The date and time mean that this was logged right after I rebooted from installing the RAM. The 10.10.69.204 IP address means that I was manually starting proftpd from my laptop using webmin.
Also, it looks like "sshd" is listening on port 22. I have no idea what's listening on port 21.
Last edited by AudioMechanic; 05-26-2005 at 05:59 PM.
|
|
|
|
|
05-26-2005, 06:13 PM
|
#14
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
This is definately a port issue. A fishy one at that. I changed the listen port for proftpd from 21 to 10001. Then tried to start proftpd and it started right up. Got into it from my laptop.
For the mean time, I have port 21 blocked from the external interface (eth1) by my firewall. I also have port 10001 blocked as well so proftpd is off limits to the internet.
Wonder how I can figure out what is running on port 21 and if this is an attack or just some mischief, how can I prevent it next time?
Thank you for the help thus far! I'm learning!
Last edited by AudioMechanic; 05-26-2005 at 06:21 PM.
|
|
|
|
|
05-26-2005, 07:38 PM
|
#15
|
|
Member
Registered: Jun 2003
Distribution: OpenSUSE 12.3, CentOS 6, Xubuntu 13.04
Posts: 125
Original Poster
Rep:
|
I'm just finding all kinds of stuff (either that or stumbling across things that everyone already knew). The program that is hogging port 21 is "xinetd." I found this out by running "netstat -tanp" which yielded this result:
Code:
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1148/xinetd
I then ran "ps aux" and found the process ID:
Code:
root 1148 0.0 0.1 2092 968 ? S 17:09 0:00 xinetd -stayalive
Question is, what is xinetd, can I disable it, and why is it using port 21?
I hope I'm making progress here. I'm still a n00b.
EDIT: Well, I googled xinetd and it looks like an intrusion detector. Seems to be pretty important. I'll leave it active. New question: can xinetd and proftpd share the same port? If not, can I disable xinetd from port 21 and still keep my ftp safe?
Last edited by AudioMechanic; 05-26-2005 at 08:42 PM.
|
|
|
|
All times are GMT -5. The time now is 01:08 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
