LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-17-2008, 12:39 PM   #1
twlilinux
Member
 
Registered: Jan 2006
Distribution: debian
Posts: 63

Rep: Reputation: 15
netstat interpretation


Hi, I have a netstat -a report from my server.
I know the ssh, and it's needed. But what about sunrpc? I just want to set up a lamp server so I don't need nfs. Is is safe to turn it off? Also what's auth?

Sorry for the plethora of questions. I'm holding on to my Linux Bible 2005 and praying for protection from internet daemons

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:40831 *:* LISTEN
tcp6 0 0 *:ssh *:* LISTEN
tcp6 0 784 #servername:ssh #myip:1822 ESTABLISHED
udp 0 0 *:32768 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:628 *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 3163 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 5416 /var/run/acpid.socket
unix 6 [ ] DGRAM 5329 /dev/log
unix 2 [ ] DGRAM 5817
unix 2 [ ] DGRAM 5710
unix 2 [ ] DGRAM 5546
unix 2 [ ] DGRAM 5344

-------
My favorite websites:
Buy and sell class notes, old exams, papers, lab reports, admission essays.
Ask and answer Linux questions.
Read free books without walking to the library.

Last edited by twlilinux; 08-15-2008 at 04:39 PM.
 
Old 06-17-2008, 01:02 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Try netstat with the options: -ltup (listening only, tcp, udp, display program name) Also look at the -n option.

That should be a little easier to interpret. To get more info about the registered service ports:

Code:
# egrep 'sunrpc|^auth' /etc/services 
sunrpc          111/tcp         portmapper      # RPC 4.0 portmapper TCP
sunrpc          111/udp         portmapper      # RPC 4.0 portmapper UDP
auth            113/tcp         authentication tap ident
auth            113/udp         authentication tap ident
(You can probably shut these off safely for a strictly LAMP server.)

Last edited by anomie; 06-17-2008 at 01:04 PM.
 
Old 06-17-2008, 03:57 PM   #3
twlilinux
Member
 
Registered: Jan 2006
Distribution: debian
Posts: 63

Original Poster
Rep: Reputation: 15
netstat -ltup

I have Craig's portsentry software that blocks portscanners. Other than that, I also have ssh. It's strange, I though ssh works in port 22, but it appears here as tcp6 2070
Then, there's the sunrpc. I'm strickly hosting a lamp server, so what would be a good way of disabling sunrpc service?

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:tcpmux *:* LISTEN 2828/portsentry
tcp 0 0 *:20034 *:* LISTEN 2828/portsentry
tcp 0 0 *:32771 *:* LISTEN 2828/portsentry
tcp 0 0 *:32772 *:* LISTEN 2828/portsentry
tcp 0 0 *:40421 *:* LISTEN 2828/portsentry
tcp 0 0 *:32773 *:* LISTEN 2828/portsentry
tcp 0 0 *:32774 *:* LISTEN 2828/portsentry
tcp 0 0 *:31337 *:* LISTEN 2828/portsentry
tcp 0 0 *:ircd *:* LISTEN 2828/portsentry
tcp 0 0 *:systat *:* LISTEN 2828/portsentry
tcp 0 0 *:5742 *:* LISTEN 2828/portsentry
tcp 0 0 *:imap2 *:* LISTEN 2828/portsentry
tcp 0 0 *:finger *:* LISTEN 2828/portsentry
tcp 0 0 *:netstat *:* LISTEN 2828/portsentry
tcp 0 0 *:sunrpc *:* LISTEN 1781/portmap
tcp 0 0 *:54320 *:* LISTEN 2828/portsentry
tcp 0 0 *:sieve *:* LISTEN 2828/portsentry
tcp 0 0 *:27665 *:* LISTEN 2828/portsentry
tcp 0 0 *:auth *:* LISTEN 2125/inetd
tcp 0 0 *:ingreslock *:* LISTEN 2828/portsentry
tcp 0 0 *:nntp *:* LISTEN 2828/portsentry
tcp 0 0 *:socks *:* LISTEN 2828/portsentry
tcp 0 0 *:12345 *:* LISTEN 2828/portsentry
tcp 0 0 localhost:smtp *:* LISTEN 2113/exim4
tcp 0 0 *:12346 *:* LISTEN 2828/portsentry
tcp 0 0 *:635 *:* LISTEN 2828/portsentry
tcp 0 0 *:49724 *:* LISTEN 2828/portsentry
tcp 0 0 *:uucp *:* LISTEN 2828/portsentry
tcp 0 0 *:40831 *:* LISTEN 2148/rpc.statd
tcp6 0 0 *:ssh *:* LISTEN 2070/dropbear
udp 0 0 *:640 *:* 2832/portsentry
udp 0 0 *:32768 *:* 2148/rpc.statd
udp 0 0 *:641 *:* 2832/portsentry
udp 0 0 *:who *:* 2832/portsentry
udp 0 0 *:1 *:* 2832/portsentry
udp 0 0 *:32770 *:* 2832/portsentry
udp 0 0 *:32771 *:* 2832/portsentry
udp 0 0 *:32772 *:* 2832/portsentry
udp 0 0 *:32773 *:* 2832/portsentry
udp 0 0 *:32774 *:* 2832/portsentry
udp 0 0 *:echo *:* 2832/portsentry
udp 0 0 *:discard *:* 2832/portsentry
udp 0 0 *:snmp *:* 2832/portsentry
udp 0 0 *:snmp-trap *:* 2832/portsentry
udp 0 0 *:54321 *:* 2832/portsentry
udp 0 0 *:700 *:* 2832/portsentry
udp 0 0 *:37444 *:* 2832/portsentry
udp 0 0 *:tftp *:* 2832/portsentry
udp 0 0 *:31335 *:* 2832/portsentry
udp 0 0 *:31337 *:* 2832/portsentry
udp 0 0 *:sunrpc *:* 1781/portmap
udp 0 0 *:628 *:* 2148/rpc.statd
udp 0 0 *:34555 *:* 2832/portsentry
udp 0 0 *:635 *:* 2832/portsentry

-------
My favorite websites:
Buy and sell class notes, old exams, papers, lab reports, admission essays.
Ask and answer Linux questions.
Read free books without walking to the library.

Last edited by twlilinux; 08-15-2008 at 04:39 PM.
 
Old 06-17-2008, 04:12 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by twlilinux
I though ssh works in port 22, but it appears here as tcp6 2070
...

Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
...     
tcp6       0      0 *:ssh                   *:*                     LISTEN     2070/dropbear       
...
No, you are confusing the PID with the service port. The PID is 2070, and the service port is 'ssh' (which resolves to tcp port 22 in /etc/services). If you want to see a numeric port, you need to use the -n option.

Quote:
Originally Posted by twlilinux
Then, there's the sunrpc. I'm strickly hosting a lamp server, so what would be a good way of disabling sunrpc service?
...

Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
...
tcp 0 0 *:sunrpc *:* LISTEN 1781/portmap 
...
Shut off portmap.
 
Old 06-17-2008, 04:33 PM   #5
twlilinux
Member
 
Registered: Jan 2006
Distribution: debian
Posts: 63

Original Poster
Rep: Reputation: 15
you bet! ty for the advice

-------
My favorite websites:
Buy and sell class notes, old exams, papers, lab reports, admission essays.
Ask and answer Linux questions.
Read free books without walking to the library.

Last edited by twlilinux; 08-15-2008 at 04:40 PM.
 
Old 06-17-2008, 05:12 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607
Also Portsentry is (AFAIK) abandoned and deprecated. If you want "just" portscan logging see PSAD, if you'd like and IDS see Snort.
 
Old 06-17-2008, 05:59 PM   #7
twlilinux
Member
 
Registered: Jan 2006
Distribution: debian
Posts: 63

Original Poster
Rep: Reputation: 15
Well, I got port sentry from Linux Bible 2005. Wow... 3 years and it's already deprecated.

-------
My favorite websites:
Buy and sell class notes, old exams, papers, lab reports, admission essays.
Ask and answer Linux questions.
Read free books without walking to the library.

Last edited by twlilinux; 08-15-2008 at 04:40 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
c: output interpretation kpachopoulos Programming 3 08-17-2006 10:34 AM
Error message need interpretation Scallawag Linux - Software 3 02-03-2005 06:27 PM
tcpdump interpretation unixbrain Linux - Networking 7 04-28-2004 05:37 AM
sendmail logwatch interpretation jimi_j Red Hat 2 03-07-2004 08:19 PM
2.4.18 Crash interpretation: Known problem? svar Linux - General 2 09-17-2003 01:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration