Quote:
Originally Posted by 4pr3nd1z
sorry, I did not specify my linux distribution "Debian".
|
That's only a partial answer - presumably a web server is running Debian Stable (i.e. not Debian Testing or Debian Unstable), but which version? (i.e. v10 buster or v11 bullseye) What desktop environments are you using, or did you do a custom install and explicitly not install any GUIs?
Inxi is a convenient tool for providing version info; e.g. "
$ inxi -SGxx" will confirm OS info, as well as whether there's a graphics server / display manager running, even if accessing over a tty.
Anyhow, the very first option in your netstat command is
-p which outputs "the PID and name of the program to which each socket belongs" - and the sample output you show includes "
2093/chrome" suggesting the culprit is Google.
Does "
pstree -as 2093" or "
ps -F 2093" give any clues as to why? (Changing the pid in accordance to what netstat shows, since it may not always be the same process.)
Depending on the function of the web server, maybe you can configure the firewall to block all outgoing HTTP/HTTPS traffic and manually whitelist expected traffic?