LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-07-2011, 10:33 AM   #1
Flowsen
LQ Newbie
 
Registered: Sep 2011
Posts: 29

Rep: Reputation: Disabled
Question php-cgi using ports in 34xx~59xx range


Hello,

i was informed from rootkit hunter (rkhunter) that port 47108 is opened by php-cgi.
After investigating I found out, that this was a false positive. The system seems *not* to be infected.

"netstat -anp|grep php-cgi"
shows

Quote:
tcp 0 0 127.0.0.1:44279 127.0.0.1:3306 ESTABLISHED 12511/php-cgi
tcp 0 0 127.0.0.1:59826 127.0.0.1:3306 ESTABLISHED 31277/php-cgi
tcp 0 0 127.0.0.1:49386 127.0.0.1:3306 ESTABLISHED 31746/php-cgi
tcp 0 0 127.0.0.1:44277 127.0.0.1:3306 ESTABLISHED 12511/php-cgi
tcp 0 0 127.0.0.1:49388 127.0.0.1:3306 ESTABLISHED 31746/php-cgi
tcp 0 0 127.0.0.1:59825 127.0.0.1:3306 ESTABLISHED 31276/php-cgi
tcp 0 0 127.0.0.1:49385 127.0.0.1:3306 ESTABLISHED 31746/php-cgi
tcp 0 0 127.0.0.1:44276 127.0.0.1:3306 ESTABLISHED 12511/php-cgi
tcp 0 0 127.0.0.1:59822 127.0.0.1:3306 ESTABLISHED 31276/php-cgi
tcp 0 0 127.0.0.1:34342 127.0.0.1:3306 ESTABLISHED 14033/php-cgi
tcp 0 0 127.0.0.1:59820 127.0.0.1:3306 ESTABLISHED 31277/php-cgi
tcp 0 0 127.0.0.1:59819 127.0.0.1:3306 ESTABLISHED 31276/php-cgi
tcp 0 0 127.0.0.1:59821 127.0.0.1:3306 ESTABLISHED 31277/php-cgi
tcp 0 0 127.0.0.1:34345 127.0.0.1:3306 ESTABLISHED 14033/php-cgi
tcp 0 0 127.0.0.1:34343 127.0.0.1:3306 ESTABLISHED 14033/php-cgi
and "netstat -anp|grep mysql" shows

Quote:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:44277 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:34343 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:59819 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:34342 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:44276 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:59825 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:59820 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:59821 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:49385 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:59826 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:49388 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:59822 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:34345 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:49386 ESTABLISHED 29247/mysqld
tcp 0 0 127.0.0.1:3306 127.0.0.1:44279 ESTABLISHED 29247/mysqld
I am using apache with fcgi and php. It seems that every connection/fcgi process opens an internal port to handle the request and parse the result to apache.

As far as I can see this should be a normal procedure? But can anyone tell me how I can define the dynamic port range to exclude certain ports?

Kind Regards
Flowsen
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
range of Ports vinaytp Linux - Newbie 3 12-03-2009 05:38 PM
redirecting range of ports on my PC patcito Linux - Networking 1 03-12-2006 11:18 AM
iptables - Opening a range of ports DeadTaco Linux - Networking 3 08-10-2005 03:11 PM
Filtering a range of ports JMakar Linux - Security 3 04-27-2005 12:09 PM
how to open ports for an ip range xuying Linux - Networking 0 11-17-2004 01:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration