LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   rwhod error messages (https://www.linuxquestions.org/questions/linux-security-4/rwhod-error-messages-92641/)

MJatIFAD 09-14-2003 07:07 AM
rwhod error messages
 
My syslog gets a lot of these messages:

rwhod[13350]: sendto(192.168.1.255): Operation not permitted

I found little usefull info about rwhod, but it seems to be sending UDP broadcasting packets. My system seems otherwise to work fine, network is running smoothly both with firewall and Samba.

I wonder whether I need to enable some permissions to get rid of these messages or maybe is worse than I think.

Is there someone that could enlighten me about this?

Cheers.

unSpawn 09-14-2003 05:07 PM
Maybe not polite to counter it with a question, but can you first check and make sure you *need* running/providing these services?

MJatIFAD 09-15-2003 11:27 AM
What services are you referring to? I do not even know what services are using rwhod and what they are using it for. If I knew this I might be able to answer your question. I have tried to gather information about it but failed to find anything usefull.

unSpawn 09-15-2003 01:25 PM
I do not even know what services are using rwhod and what they are using it for.
You could use your local manpages, man (1) rwho at LQ or query, say FOLDOC for it...

Firewall and Samba don't rely on the client rwho or the network daemon rwhod, so I'd say stop the service. Next run "netstat -an" and check any app which says "LISTEN" and think about if you need to run that app for yourself or anybody else. If unsure, stop and see if something breaks, then uninstall (can always reinstall later).
Lo and behold, you've taken your first steps towards hardening your box... Read on in the first sticky thread of this forum, post #1, under "checklists" and commence with a few securing/hardening docs, and run for instance Bastille, Tiger and Chkrootkit.

The "ops not permitted" is clearly an interface restriction thingie (192.168.1.255 being your subnet broadcast address), but what causes it? Causes can range from Netfilter to kernel patches.
If you really really need to know you could run rwhod under "strace".

MJatIFAD 09-18-2003 01:31 PM
I turned off rwhod, which has removed the error messages. None of the services I was running seem to bother, so I guess this issue has been resolved for now. However, I never figured out what caused it, but this will have to be postponed for now. I have lots of real work to be finished...

Thank you for the tips and links. I appreciate it.


All times are GMT -5. The time now is 11:34 AM.