LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-22-2006, 07:27 AM   #1
gerilaradio
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21

Rep: Reputation: 15
apache + inetd problem


Recently i got problem with my apache server, here the an error
Code:
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
after make some googling, i check the process
Code:
netstat -lnp | grep '0.0.0.0:80'
# output
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22452/inetd
i check what the process
Code:
ps 22452
PID TTY STAT TIME COMMAND
22452 ? S 0:34 inetd
i stop the inetd service
Code:
/etc/rc.d/rc.inetd stop
i stop the httpd service
Code:
/etc/rc.d/rc.httpd stop
i try to start httpd service
Code:
/etc/rc.d/rc.httpd stop
but the problem above still happened? anyone facing the same problem with me?
 
Old 05-22-2006, 07:56 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
Blog Entries: 1

Rep: Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074
That's strange!!!
Code:
 fuser -v -n tcp 80
should tell you all the processes that use port 80. Try to kill them manually and start apache. Also take a look at your /etc/services to see if there is something other than httpd that uses that port and edit your /etc/inetd.conf to comment it out.
 
Old 05-22-2006, 10:56 AM   #3
gerilaradio
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory
That's strange!!!
Code:
 fuser -v -n tcp 80
should tell you all the processes that use port 80. Try to kill them manually and start apache. Also take a look at your /etc/services to see if there is something other than httpd that uses that port and edit your /etc/inetd.conf to comment it out.
Here the output
Code:
matt@www:~$ fuser -v -n tcp 80
here: 80
there are no other services using 80 port except httpd. i'm not running httpd from inetd so there are no httpd service in inetd.conf
 
Old 05-23-2006, 03:06 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
Blog Entries: 1

Rep: Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074
Did you ran it as root? Restart inetd and look if port 80 starts listening. Or use nmap from another box to scan your box for open ports.
 
Old 05-23-2006, 08:10 PM   #5
gerilaradio
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory
Did you ran it as root? Restart inetd and look if port 80 starts listening. Or use nmap from another box to scan your box for open ports.
Yes i ran as a root. Here my box result
Code:
root@www:~# ps -aux |grep httpd
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
root       247  0.0  0.6  17824  5584 ?        Ss   May21   0:00 /usr/sbin/httpd -k start
apache     446  0.0  1.5  23812 13852 ?        S    May21   0:40 /usr/sbin/httpd -k start
apache     777  0.0  1.5  24304 14372 ?        S    May21   0:38 /usr/sbin/httpd -k start
apache     783  0.0  1.5  23672 13716 ?        S    May21   0:21 /usr/sbin/httpd -k start
apache    2150  0.0  1.5  24108 14152 ?        S    May21   0:10 /usr/sbin/httpd -k start
apache    7005  0.0  1.5  24316 14460 ?        S    May22   0:36 /usr/sbin/httpd -k start
apache    8358  0.0  1.5  23568 13612 ?        S    May23   0:16 /usr/sbin/httpd -k start
apache    9046  0.0  1.5  24300 14312 ?        S    May23   0:15 /usr/sbin/httpd -k start
apache    9376  0.0  1.5  24240 14304 ?        S    May23   0:05 /usr/sbin/httpd -k start
apache    9378  0.0  1.5  23592 13628 ?        S    May23   0:06 /usr/sbin/httpd -k start
apache    9385  0.0  1.4  23432 13468 ?        S    May23   0:10 /usr/sbin/httpd -k start
apache    9386  0.0  1.5  23936 13956 ?        S    May23   0:11 /usr/sbin/httpd -k start
apache    9387  0.0  1.4  23492 13520 ?        S    May23   0:08 /usr/sbin/httpd -k start
apache    9388  0.0  1.5  24172 14192 ?        S    May23   0:09 /usr/sbin/httpd -k start
apache    9389  0.0  1.5  24292 14304 ?        S    May23   0:08 /usr/sbin/httpd -k start
apache   10240  0.0  1.2  21996 11720 ?        S    May23   0:00 /usr/sbin/httpd -k start
apache   10260  0.0  1.4  23500 13448 ?        S    May23   0:00 /usr/sbin/httpd -k start
apache   10294  0.0  1.4  23172 13116 ?        S    May23   0:00 /usr/sbin/httpd -k start
apache   10322  0.0  1.2  21996 11720 ?        S    May23   0:00 /usr/sbin/httpd -k start
apache   10337  0.0  1.2  21996 11724 ?        S    May23   0:00 /usr/sbin/httpd -k start
apache   10364  0.0  1.2  22012 11736 ?        S    00:08   0:00 /usr/sbin/httpd -k start
apache   10378  0.0  1.5  24000 14020 ?        S    00:09   0:01 /usr/sbin/httpd -k start
apache   10391  0.0  1.5  24272 14272 ?        S    00:14   0:04 /usr/sbin/httpd -k start
apache   10406  0.0  1.2  22012 11740 ?        S    00:14   0:00 /usr/sbin/httpd -k start
apache   10420  0.0  1.5  23688 13700 ?        S    00:16   0:03 /usr/sbin/httpd -k start
apache   10433  0.0  1.4  23532 13508 ?        S    00:16   0:00 /usr/sbin/httpd -k start
apache   10434  0.0  1.2  21996 11720 ?        S    00:17   0:00 /usr/sbin/httpd -k start
apache   10462  0.0  1.2  21996 11720 ?        S    00:27   0:00 /usr/sbin/httpd -k start
apache   10477  0.0  1.2  21996 11720 ?        S    00:27   0:00 /usr/sbin/httpd -k start
apache   10506  0.0  1.5  24008 13960 ?        S    00:31   0:00 /usr/sbin/httpd -k start
apache   10525  0.0  1.5  23740 13692 ?        S    00:33   0:00 /usr/sbin/httpd -k start
apache   10544  0.0  1.2  21996 11720 ?        S    00:34   0:00 /usr/sbin/httpd -k start
apache   10562  0.0  1.4  23252 13256 ?        S    00:36   0:00 /usr/sbin/httpd -k start
apache   10576  0.0  1.5  23920 13932 ?        S    00:36   0:02 /usr/sbin/httpd -k start
apache   10608  0.0  1.4  23524 13536 ?        S    00:42   0:01 /usr/sbin/httpd -k start
apache   10623  0.0  1.5  24288 14244 ?        S    00:43   0:01 /usr/sbin/httpd -k start
apache   10632  0.0  1.2  21996 11720 ?        S    00:44   0:00 /usr/sbin/httpd -k start
apache   10674  0.0  1.5  24012 14032 ?        S    00:46   0:02 /usr/sbin/httpd -k start
apache   10704  0.0  1.5  23752 13760 ?        S    00:47   0:00 /usr/sbin/httpd -k start
apache   10726  0.0  1.5  23736 13680 ?        S    00:53   0:00 /usr/sbin/httpd -k start
apache   10793  0.0  1.5  24000 14020 ?        S    01:15   0:02 /usr/sbin/httpd -k start
apache   10806  0.0  1.5  24008 13996 ?        S    01:17   0:01 /usr/sbin/httpd -k start
apache   10808  0.0  1.2  22012 11736 ?        S    01:22   0:00 /usr/sbin/httpd -k start
apache   10809  0.0  1.2  22012 11744 ?        S    01:22   0:00 /usr/sbin/httpd -k start
apache   10810  0.0  1.5  23692 13696 ?        S    01:22   0:01 /usr/sbin/httpd -k start
apache   10854  0.0  1.4  23508 13460 ?        S    01:26   0:00 /usr/sbin/httpd -k start
apache   10891  0.0  1.5  23700 13704 ?        S    01:28   0:01 /usr/sbin/httpd -k start
apache   10907  0.0  1.5  24024 14004 ?        S    01:29   0:03 /usr/sbin/httpd -k start
apache   10936  0.0  1.5  24016 14028 ?        S    01:34   0:01 /usr/sbin/httpd -k start
apache   10963  0.0  1.5  24132 14076 ?        S    01:39   0:00 /usr/sbin/httpd -k start
apache   10989  0.0  1.5  23748 13732 ?        S    01:44   0:01 /usr/sbin/httpd -k start
apache   11030  0.0  1.5  23752 13764 ?        S    01:48   0:01 /usr/sbin/httpd -k start
apache   11031  0.0  1.1  23192 10560 ?        S    01:48   0:00 /usr/sbin/httpd -k start
apache   11032  0.0  1.2  23792 11164 ?        S    01:48   0:02 /usr/sbin/httpd -k start
apache   11033  0.0  1.1  23716 10780 ?        S    01:48   0:01 /usr/sbin/httpd -k start
apache   11035  0.0  1.1  23728 10704 ?        S    01:48   0:00 /usr/sbin/httpd -k start
apache   11169  0.0  0.9  21996  8580 ?        S    02:17   0:00 /usr/sbin/httpd -k start
apache   11174  0.0  0.9  21996  8640 ?        S    02:18   0:00 /usr/sbin/httpd -k start
apache   11186  0.0  0.9  22012  8660 ?        S    02:19   0:00 /usr/sbin/httpd -k start
apache   11215  0.0  0.9  21996  8580 ?        S    02:23   0:00 /usr/sbin/httpd -k start
apache   11218  0.0  0.9  21996  8580 ?        S    02:24   0:00 /usr/sbin/httpd -k start
apache   11253  0.0  0.9  21996  8624 ?        S    02:32   0:00 /usr/sbin/httpd -k start
apache   11267  0.0  0.9  22012  8776 ?        S    02:33   0:00 /usr/sbin/httpd -k start
apache   11281  0.0  1.1  23524 10600 ?        S    02:34   0:00 /usr/sbin/httpd -k start
apache   11295  0.0  0.9  21996  8580 ?        S    02:36   0:00 /usr/sbin/httpd -k start
apache   11309  0.0  0.9  21996  8744 ?        S    02:37   0:00 /usr/sbin/httpd -k start
apache   11322  0.0  0.9  22032  8912 ?        S    02:38   0:00 /usr/sbin/httpd -k start
apache   11337  0.0  0.9  21996  8724 ?        S    02:38   0:00 /usr/sbin/httpd -k start
apache   11352  0.0  1.1  23760 10828 ?        S    02:40   0:01 /usr/sbin/httpd -k start
apache   11366  0.0  1.1  23528 10604 ?        S    02:40   0:01 /usr/sbin/httpd -k start
apache   11381  0.0  0.9  21996  8584 ?        S    02:44   0:00 /usr/sbin/httpd -k start
apache   11417  0.0  0.9  21996  8656 ?        S    02:49   0:00 /usr/sbin/httpd -k start
apache   11434  0.0  0.9  21996  8748 ?        S    03:01   0:00 /usr/sbin/httpd -k start
apache   11448  0.0  1.2  24004 11060 ?        S    03:02   0:03 /usr/sbin/httpd -k start
apache   11453  0.0  1.1  23188 10236 ?        S    03:02   0:00 /usr/sbin/httpd -k start
apache   11469  0.0  1.1  23736 10808 ?        S    03:03   0:01 /usr/sbin/httpd -k start
apache   11491  0.0  1.1  23732 10804 ?        S    03:05   0:00 /usr/sbin/httpd -k start
apache   11521  0.0  1.1  23700 10768 ?        S    03:12   0:00 /usr/sbin/httpd -k start
apache   11538  0.0  1.1  23704 10720 ?        S    03:13   0:00 /usr/sbin/httpd -k start
apache   11566  0.0  0.9  21996  8772 ?        S    03:18   0:00 /usr/sbin/httpd -k start
apache   11568  0.0  1.2  23756 10952 ?        S    03:18   0:01 /usr/sbin/httpd -k start
apache   11582  0.0  1.1  23192 10448 ?        S    03:18   0:00 /usr/sbin/httpd -k start
apache   11620  0.0  1.1  23540 10820 ?        S    03:24   0:01 /usr/sbin/httpd -k start
apache   11623  0.0  1.1  23524 10712 ?        S    03:24   0:00 /usr/sbin/httpd -k start
apache   11661  0.0  1.2  23756 11020 ?        S    03:28   0:02 /usr/sbin/httpd -k start
apache   11676  0.0  1.1  23204 10448 ?        S    03:29   0:01 /usr/sbin/httpd -k start
apache   11696  0.0  1.2  23576 10980 ?        S    03:31   0:01 /usr/sbin/httpd -k start
apache   11711  0.0  1.2  24288 11700 ?        S    03:32   0:02 /usr/sbin/httpd -k start
apache   11764  0.0  1.2  23748 11128 ?        S    03:43   0:00 /usr/sbin/httpd -k start
apache   11772  0.0  1.2  23488 10892 ?        S    03:45   0:01 /usr/sbin/httpd -k start
apache   11814  0.0  1.2  23508 11616 ?        S    03:47   0:00 /usr/sbin/httpd -k start
apache   11842  0.0  1.0  21996  9768 ?        S    03:52   0:00 /usr/sbin/httpd -k start
apache   11846  0.0  1.3  23868 11908 ?        S    03:52   0:00 /usr/sbin/httpd -k start
apache   11863  0.0  1.3  23724 11944 ?        S    03:53   0:07 /usr/sbin/httpd -k start
apache   11894  0.0  1.1  21996 10464 ?        S    03:56   0:00 /usr/sbin/httpd -k start
apache   11914  0.0  1.3  23708 12452 ?        S    03:58   0:00 /usr/sbin/httpd -k start
apache   11931  0.0  1.1  21996 10464 ?        S    03:59   0:00 /usr/sbin/httpd -k start
apache   11933  0.0  1.3  23540 12236 ?        S    03:59   0:01 /usr/sbin/httpd -k start
apache   11934  0.0  1.1  21996 10464 ?        S    03:59   0:00 /usr/sbin/httpd -k start
apache   11978  0.0  1.1  21996 10464 ?        S    04:01   0:00 /usr/sbin/httpd -k start
apache   11995  0.0  1.3  23744 12492 ?        S    04:03   0:02 /usr/sbin/httpd -k start
apache   12027  0.0  1.1  21996 10464 ?        S    04:10   0:00 /usr/sbin/httpd -k start
apache   12029  0.0  1.4  24008 12720 ?        S    04:10   0:02 /usr/sbin/httpd -k start
apache   12057  0.0  1.3  23728 12496 ?        S    04:11   0:01 /usr/sbin/httpd -k start
apache   12059  0.0  1.4  24000 12768 ?        S    04:11   0:01 /usr/sbin/httpd -k start
apache   12099  0.0  1.4  24000 12748 ?        S    04:18   0:01 /usr/sbin/httpd -k start
apache   12132  0.0  1.3  23508 12240 ?        S    04:24   0:01 /usr/sbin/httpd -k start
apache   12188  0.0  1.1  21996 10464 ?        S    04:33   0:00 /usr/sbin/httpd -k start
apache   12195  0.0  1.3  23732 12472 ?        S    04:36   0:06 /usr/sbin/httpd -k start
apache   12199  0.0  1.3  23788 12516 ?        S    04:36   0:06 /usr/sbin/httpd -k start
apache   12225  0.0  1.3  23740 12424 ?        S    04:37   0:00 /usr/sbin/httpd -k start
apache   12313  0.0  1.3  23536 12196 ?        S    04:45   0:00 /usr/sbin/httpd -k start
apache   12314  0.0  1.0  20992  9292 ?        S    04:46   0:06 /usr/sbin/httpd -k start
root     12427  0.0  0.0   1680   644 pts/0    R+   08:00   0:00 grep httpd
Code:
root@www:~# ps aux|grep inetd
root       176  0.0  0.0   1416   508 ?        Ss   May21   0:00 /usr/sbin/inetd
apache   10132  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10174  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10192  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10212  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10250  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10271  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10305  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10332  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10347  0.0  0.3   4144  2916 ?        S    May23   0:00 inetd
apache   10361  0.0  0.3   4144  2916 ?        S    00:03   0:00 inetd
apache   10375  0.0  0.3   4144  2916 ?        S    00:08   0:00 inetd
apache   10389  0.0  0.3   4144  2916 ?        S    00:09   0:00 inetd
apache   10403  0.0  0.3   4144  2916 ?        S    00:14   0:00 inetd
apache   10417  0.0  0.3   4144  2916 ?        S    00:14   0:00 inetd
apache   10430  0.0  0.3   4144  2916 ?        S    00:16   0:00 inetd
apache   10446  0.0  0.3   4144  2916 ?        S    00:18   0:00 inetd
apache   10474  0.0  0.3   4144  2916 ?        S    00:27   0:00 inetd
apache   10488  0.0  0.3   4144  2916 ?        S    00:27   0:00 inetd
apache   10518  0.0  0.3   4144  2916 ?        S    00:32   0:00 inetd
apache   10536  0.0  0.3   4144  2916 ?        S    00:33   0:00 inetd
apache   10555  0.0  0.3   4144  2916 ?        S    00:34   0:00 inetd
apache   10573  0.0  0.3   4144  2916 ?        S    00:36   0:00 inetd
apache   10588  0.0  0.3   4144  2916 ?        S    00:36   0:00 inetd
apache   10618  0.0  0.3   4144  2916 ?        S    00:42   0:00 inetd
apache   10645  0.0  0.3   4144  2916 ?        S    00:44   0:00 inetd
apache   10654  0.0  0.3   4144  2916 ?        S    00:44   0:00 inetd
apache   10671  0.0  0.3   4144  2916 ?        S    00:46   0:00 inetd
apache   10758  0.0  0.3   4144  2916 ?        S    01:01   0:00 inetd
apache   10771  0.0  0.3   4144  2916 ?        S    01:05   0:00 inetd
apache   10790  0.0  0.3   4144  2916 ?        S    01:07   0:00 inetd
apache   10804  0.0  0.3   4144  2916 ?        S    01:15   0:00 inetd
apache   10829  0.0  0.3   4144  2916 ?        S    01:24   0:00 inetd
apache   10851  0.0  0.3   4144  2916 ?        S    01:25   0:00 inetd
apache   10868  0.0  0.3   4144  2916 ?        S    01:26   0:00 inetd
apache   10879  0.0  0.3   4144  2916 ?        S    01:26   0:00 inetd
apache   10902  0.0  0.3   4144  2916 ?        S    01:28   0:00 inetd
apache   10931  0.0  0.3   4144  2916 ?        S    01:34   0:00 inetd
apache   10957  0.0  0.3   4144  2916 ?        S    01:38   0:00 inetd
apache   10974  0.0  0.3   4144  2916 ?        S    01:39   0:00 inetd
apache   11000  0.0  0.3   4144  2916 ?        S    01:44   0:00 inetd
apache   11051  0.0  0.3   4144  2916 ?        S    01:50   0:00 inetd
apache   11097  0.0  0.2   4144  1984 ?        S    01:59   0:00 inetd
apache   11117  0.0  0.3   4144  2916 ?        S    02:00   0:00 inetd
apache   11126  0.0  0.3   4144  2916 ?        S    02:00   0:00 inetd
apache   11153  0.0  0.2   4144  2352 ?        S    02:08   0:00 inetd
apache   11167  0.0  0.3   4144  2916 ?        S    02:15   0:00 inetd
apache   11182  0.0  0.2   4144  2476 ?        S    02:18   0:00 inetd
apache   11197  0.0  0.3   4144  2916 ?        S    02:19   0:00 inetd
apache   11212  0.0  0.2   4144  1968 ?        S    02:21   0:00 inetd
apache   11231  0.0  0.2   4144  1976 ?        S    02:24   0:00 inetd
apache   11250  0.0  0.2   4144  2068 ?        S    02:26   0:00 inetd
apache   11264  0.0  0.2   4144  1968 ?        S    02:32   0:00 inetd
apache   11278  0.0  0.3   4144  2916 ?        S    02:33   0:00 inetd
apache   11292  0.0  0.2   4144  1984 ?        S    02:34   0:00 inetd
apache   11306  0.0  0.3   4144  2916 ?        S    02:36   0:00 inetd
apache   11320  0.0  0.2   4144  1964 ?        S    02:37   0:00 inetd
apache   11334  0.0  0.2   4144  1964 ?        S    02:38   0:00 inetd
apache   11349  0.0  0.2   4144  1964 ?        S    02:39   0:00 inetd
apache   11363  0.0  0.2   4144  1964 ?        S    02:40   0:00 inetd
apache   11378  0.0  0.2   4144  1964 ?        S    02:43   0:00 inetd
apache   11392  0.0  0.2   4144  1984 ?        S    02:44   0:00 inetd
apache   11431  0.0  0.2   4144  1980 ?        S    02:59   0:00 inetd
apache   11445  0.0  0.2   4144  1960 ?        S    03:02   0:00 inetd
apache   11465  0.0  0.2   4144  1960 ?        S    03:03   0:00 inetd
apache   11480  0.0  0.2   4144  1972 ?        S    03:03   0:00 inetd
apache   11502  0.0  0.2   4144  1980 ?        S    03:05   0:00 inetd
apache   11532  0.0  0.2   4144  1984 ?        S    03:12   0:00 inetd
apache   11563  0.0  0.2   4144  1976 ?        S    03:17   0:00 inetd
apache   11578  0.0  0.2   4144  1976 ?        S    03:18   0:00 inetd
apache   11593  0.0  0.2   4144  1976 ?        S    03:18   0:00 inetd
apache   11607  0.0  0.2   4144  1976 ?        S    03:19   0:00 inetd
apache   11634  0.0  0.2   4144  1972 ?        S    03:24   0:00 inetd
apache   11656  0.0  0.2   4144  1964 ?        S    03:28   0:00 inetd
apache   11673  0.0  0.2   4144  2356 ?        S    03:29   0:00 inetd
apache   11688  0.0  0.2   4144  1972 ?        S    03:29   0:00 inetd
apache   11708  0.0  0.2   4144  2288 ?        S    03:31   0:00 inetd
apache   11742  0.0  0.2   4144  2340 ?        S    03:40   0:00 inetd
apache   11761  0.0  0.2   4144  1972 ?        S    03:43   0:00 inetd
apache   11787  0.0  0.2   4144  2356 ?        S    03:46   0:00 inetd
apache   11837  0.0  0.2   4144  2356 ?        S    03:51   0:00 inetd
apache   11856  0.0  0.2   4144  2356 ?        S    03:52   0:00 inetd
apache   11875  0.0  0.3   4144  2916 ?        S    03:53   0:00 inetd
apache   11889  0.0  0.2   4144  2356 ?        S    03:55   0:00 inetd
apache   11906  0.0  0.3   4144  2916 ?        S    03:56   0:00 inetd
apache   11927  0.0  0.3   4144  2916 ?        S    03:59   0:00 inetd
apache   11947  0.0  0.2   4144  2356 ?        S    04:00   0:00 inetd
apache   11961  0.0  0.3   4144  2916 ?        S    04:00   0:00 inetd
apache   11975  0.0  0.3   4144  2916 ?        S    04:01   0:00 inetd
apache   11988  0.0  0.3   4144  2916 ?        S    04:01   0:00 inetd
apache   12007  0.0  0.3   4144  2916 ?        S    04:03   0:00 inetd
apache   12043  0.0  0.3   4144  2916 ?        S    04:10   0:00 inetd
apache   12053  0.0  0.3   4144  2916 ?        S    04:11   0:00 inetd
apache   12073  0.0  0.3   4144  2916 ?        S    04:11   0:00 inetd
apache   12082  0.0  0.3   4144  2916 ?        S    04:11   0:00 inetd
apache   12122  0.0  0.3   4144  2916 ?        S    04:22   0:00 inetd
apache   12166  0.0  0.3   4144  2916 ?        S    04:31   0:00 inetd
apache   12185  0.0  0.3   4144  2916 ?        S    04:33   0:00 inetd
apache   12208  0.0  0.3   4144  2916 ?        S    04:36   0:00 inetd
apache   12220  0.0  0.3   4144  2916 ?        S    04:36   0:00 inetd
apache   12292  0.0  0.3   4144  2916 ?        S    04:43   0:00 inetd
apache   12311  0.0  0.3   4144  2916 ?        S    04:45   0:00 inetd
root     12547  0.0  0.0   1680   644 pts/0    S+   08:01   0:00 grep inetd
and here my nmap test from another box
Code:
[matt@fw ~]$ nmap 172.16.16.5

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-05-24 08:15 MYT
Interesting ports on 172.16.16.5:
(The 1641 ports scanned but not shown below are in state: filtered)
PORT      STATE  SERVICE
22/tcp    open   ssh
25/tcp    closed smtp
53/tcp    open   domain
80/tcp    open   http
110/tcp   closed pop3
143/tcp   closed imap
443/tcp   closed https
3128/tcp  closed squid-http
3306/tcp  closed mysql
5800/tcp  closed vnc-http
5900/tcp  closed vnc
5901/tcp  closed vnc-1
5902/tcp  closed vnc-2
5903/tcp  closed vnc-3
8000/tcp  closed http-alt
8080/tcp  closed http-proxy
8888/tcp  closed sun-answerbook
10000/tcp closed snet-sensor-mgmt
11371/tcp closed pksd

Nmap run completed -- 1 IP address (1 host up) scanned in 26.966 seconds
 
Old 05-24-2006, 03:19 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
Blog Entries: 1

Rep: Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074
Well, If I were you I'll start to worry about the security of your box. Take it off the net and start investigating.
Did you notice that all the inetd process are running under user apache!!! except the first one (that run under root, which is the normal). I suspect that someone used an exploit (perhaps a php related one) and has installed a scrpit that runs under apache and it's named inetd to fool you. Stop or kill all the inetd processes (and apache) and look what this inetd does.
 
Old 05-24-2006, 07:12 AM   #7
gerilaradio
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory
Did you notice that all the inetd process are running under user apache!!! except the first one (that run under root, which is the normal).
Yes, i worried about that, i noticed all the inetd process run by user apache.
Quote:
Stop or kill all the inetd processes (and apache) and look what this inetd does.
i can stop inetd but i can't kill all the inetd process.
Code:
root@www:~# /etc/rc.d/rc.inetd stop
root@www:~# ps aux|grep inetd
apache   10132  0.0  0.2   4144  2120 ?        S    May23   0:00 inetd
apache   10174  0.0  0.2   4144  2128 ?        S    May23   0:00 inetd
apache   10192  0.0  0.2   4144  2084 ?        S    May23   0:00 inetd
apache   10212  0.0  0.2   4144  2072 ?        S    May23   0:00 inetd
apache   10250  0.0  0.2   4144  2072 ?        S    May23   0:00 inetd
apache   10271  0.0  0.2   4144  2124 ?        S    May23   0:00 inetd
apache   10305  0.0  0.2   4144  2128 ?        S    May23   0:00 inetd
apache   10332  0.0  0.2   4144  2080 ?        S    May23   0:00 inetd
apache   10347  0.0  0.2   4144  2068 ?        S    May23   0:00 inetd
apache   10361  0.0  0.2   4144  2120 ?        S    00:03   0:00 inetd
apache   10375  0.0  0.2   4144  2124 ?        S    00:08   0:00 inetd
apache   10389  0.0  0.2   4144  2120 ?        S    00:09   0:00 inetd
apache   10403  0.0  0.2   4144  2120 ?        S    00:14   0:00 inetd
apache   10417  0.0  0.2   4144  2068 ?        S    00:14   0:00 inetd
apache   10430  0.0  0.2   4144  2064 ?        S    00:16   0:00 inetd
apache   10446  0.0  0.2   4144  2064 ?        S    00:18   0:00 inetd
apache   10474  0.0  0.2   4144  2044 ?        S    00:27   0:00 inetd
apache   10488  0.0  0.2   4144  2064 ?        S    00:27   0:00 inetd
apache   10518  0.0  0.2   4144  2048 ?        S    00:32   0:00 inetd
apache   10536  0.0  0.2   4144  2072 ?        S    00:33   0:00 inetd
apache   10555  0.0  0.2   4144  2064 ?        S    00:34   0:00 inetd
apache   10573  0.0  0.2   4144  2048 ?        S    00:36   0:00 inetd
apache   10588  0.0  0.2   4144  2064 ?        S    00:36   0:00 inetd
apache   10618  0.0  0.2   4144  2064 ?        S    00:42   0:00 inetd
apache   10645  0.0  0.2   4144  2100 ?        S    00:44   0:00 inetd
apache   10654  0.0  0.2   4144  2112 ?        S    00:44   0:00 inetd
apache   10671  0.0  0.2   4144  2072 ?        S    00:46   0:00 inetd
apache   10758  0.0  0.2   4144  2060 ?        S    01:01   0:00 inetd
apache   10771  0.0  0.2   4144  2068 ?        S    01:05   0:00 inetd
apache   10790  0.0  0.2   4144  2060 ?        S    01:07   0:00 inetd
apache   10804  0.0  0.2   4144  2068 ?        S    01:15   0:00 inetd
apache   10829  0.0  0.2   4144  2068 ?        S    01:24   0:00 inetd
apache   10851  0.0  0.2   4144  2072 ?        S    01:25   0:00 inetd
apache   10868  0.0  0.2   4144  2124 ?        S    01:26   0:00 inetd
apache   10879  0.0  0.2   4144  2068 ?        S    01:26   0:00 inetd
apache   10902  0.0  0.2   4144  2104 ?        S    01:28   0:00 inetd
apache   10931  0.0  0.2   4144  2068 ?        S    01:34   0:00 inetd
apache   10957  0.0  0.2   4144  2116 ?        S    01:38   0:00 inetd
apache   10974  0.0  0.2   4144  2112 ?        S    01:39   0:00 inetd
apache   11000  0.0  0.2   4144  2112 ?        S    01:44   0:00 inetd
apache   11051  0.0  0.2   4144  2112 ?        S    01:50   0:00 inetd
apache   11097  0.0  0.2   4144  2044 ?        S    01:59   0:00 inetd
apache   11117  0.0  0.2   4144  2068 ?        S    02:00   0:00 inetd
apache   11126  0.0  0.2   4144  2052 ?        S    02:00   0:00 inetd
apache   11153  0.0  0.2   4144  2420 ?        S    02:08   0:00 inetd
apache   11167  0.0  0.2   4144  2112 ?        S    02:15   0:00 inetd
apache   11182  0.0  0.2   4144  2116 ?        S    02:18   0:00 inetd
apache   11197  0.0  0.2   4144  2116 ?        S    02:19   0:00 inetd
apache   11212  0.0  0.2   4144  2040 ?        S    02:21   0:00 inetd
apache   11231  0.0  0.2   4144  2048 ?        S    02:24   0:00 inetd
apache   11250  0.0  0.2   4144  2140 ?        S    02:26   0:00 inetd
apache   11264  0.0  0.2   4144  2040 ?        S    02:32   0:00 inetd
apache   11278  0.0  0.2   4144  2112 ?        S    02:33   0:00 inetd
apache   11292  0.0  0.2   4144  2056 ?        S    02:34   0:00 inetd
apache   11306  0.0  0.2   4144  2112 ?        S    02:36   0:00 inetd
apache   11320  0.0  0.2   4144  2040 ?        S    02:37   0:00 inetd
apache   11334  0.0  0.2   4144  2040 ?        S    02:38   0:00 inetd
apache   11349  0.0  0.2   4144  2040 ?        S    02:39   0:00 inetd
apache   11363  0.0  0.2   4144  2040 ?        S    02:40   0:00 inetd
apache   11378  0.0  0.2   4144  2040 ?        S    02:43   0:00 inetd
apache   11392  0.0  0.2   4144  2060 ?        S    02:44   0:00 inetd
apache   11431  0.0  0.2   4144  2060 ?        S    02:59   0:00 inetd
apache   11445  0.0  0.2   4144  2040 ?        S    03:02   0:00 inetd
apache   11465  0.0  0.2   4144  2040 ?        S    03:03   0:00 inetd
apache   11480  0.0  0.2   4144  2052 ?        S    03:03   0:00 inetd
apache   11502  0.0  0.2   4144  2060 ?        S    03:05   0:00 inetd
apache   11532  0.0  0.2   4144  2064 ?        S    03:12   0:00 inetd
apache   11563  0.0  0.2   4144  2052 ?        S    03:17   0:00 inetd
apache   11578  0.0  0.2   4144  2052 ?        S    03:18   0:00 inetd
apache   11593  0.0  0.2   4144  2052 ?        S    03:18   0:00 inetd
apache   11607  0.0  0.2   4144  2052 ?        S    03:19   0:00 inetd
apache   11634  0.0  0.2   4144  2052 ?        S    03:24   0:00 inetd
apache   11656  0.0  0.2   4144  2044 ?        S    03:28   0:00 inetd
apache   11673  0.0  0.2   4144  2436 ?        S    03:29   0:00 inetd
apache   11688  0.0  0.2   4144  2052 ?        S    03:29   0:00 inetd
apache   11708  0.0  0.2   4144  2368 ?        S    03:31   0:00 inetd
apache   11742  0.0  0.2   4144  2420 ?        S    03:40   0:00 inetd
apache   11761  0.0  0.2   4144  2052 ?        S    03:43   0:00 inetd
apache   11787  0.0  0.2   4144  2436 ?        S    03:46   0:00 inetd
apache   11837  0.0  0.2   4144  2436 ?        S    03:51   0:00 inetd
apache   11856  0.0  0.2   4144  2436 ?        S    03:52   0:00 inetd
apache   11875  0.0  0.2   4144  2032 ?        S    03:53   0:00 inetd
apache   11889  0.0  0.2   4144  2436 ?        S    03:55   0:00 inetd
apache   11906  0.0  0.2   4144  2052 ?        S    03:56   0:00 inetd
apache   11927  0.0  0.2   4144  2052 ?        S    03:59   0:00 inetd
apache   11947  0.0  0.2   4144  2436 ?        S    04:00   0:00 inetd
apache   11961  0.0  0.2   4144  2052 ?        S    04:00   0:00 inetd
apache   11975  0.0  0.2   4144  2096 ?        S    04:01   0:00 inetd
apache   11988  0.0  0.3   4144  2916 ?        S    04:01   0:00 inetd
apache   12007  0.0  0.2   4144  2096 ?        S    04:03   0:00 inetd
apache   12043  0.0  0.3   4144  2916 ?        S    04:10   0:00 inetd
apache   12053  0.0  0.2   4144  2048 ?        S    04:11   0:00 inetd
apache   12073  0.0  0.3   4144  2916 ?        S    04:11   0:00 inetd
apache   12082  0.0  0.2   4144  2100 ?        S    04:11   0:00 inetd
apache   12122  0.0  0.2   4144  2080 ?        S    04:22   0:00 inetd
apache   12166  0.0  0.2   4144  2104 ?        S    04:31   0:00 inetd
apache   12185  0.0  0.2   4144  2092 ?        S    04:33   0:00 inetd
apache   12208  0.0  0.2   4144  2104 ?        S    04:36   0:00 inetd
apache   12220  0.0  0.2   4144  2104 ?        S    04:36   0:00 inetd
apache   12292  0.0  0.2   4144  2104 ?        S    04:43   0:00 inetd
apache   12311  0.0  0.2   4144  2104 ?        S    04:45   0:00 inetd
root     13859  0.0  0.0   1676   628 pts/1    R+   19:02   0:00 grep inetd
so what your suggestions?
 
Old 05-24-2006, 08:49 AM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
Blog Entries: 1

Rep: Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074
As I told you you must first take the box off the net. Does the following
Code:
killall -9 inetd
works?
If not check /etc/inittab to see if it respawns from there. Then all you can do is to search for the kind of exploit it was used to see how to proceed.
 
Old 05-30-2006, 10:26 AM   #9
gerilaradio
LQ Newbie
 
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by bathory
As I told you you must first take the box off the net. Does the following
Code:
killall -9 inetd
works?
If not check /etc/inittab to see if it respawns from there. Then all you can do is to search for the kind of exploit it was used to see how to proceed.
killall -9 inetd doesn't work to me. how to check /etc/inittab ? and i have no clue to search what kind of exploit attack my machine. sorry i'm really newbie to Slackware.
 
Old 05-31-2006, 03:27 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
Blog Entries: 1

Rep: Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074Reputation: 2074
If it's an exploit based on the recent apache+php vulnerabilities, you should take a look at /tmp and at the directory that php can upload files (if it exists it's defined in php.ini). Delete any file(s) that look suspicious. In /etc/inittab you can search for processes with the respawn attribute, but if this is due to php I doubt that apache user can write to that file.
Also I think it's better to make a new post in the securiy forum of LQ, describing your situation and what software you were runnning when this happened, since there are more expert people there to help you.

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange apache trailing / problem - Slack-current, apache 1.3.33 vamp Linux - Networking 1 01-30-2005 08:28 PM
Apache in inetd mode swmok Linux - Networking 0 08-15-2003 05:54 AM
chrooting or jailing inetd or inetd started daemons ? MasterC Linux - Security 2 07-15-2003 06:28 PM
apache standalone/inetd ? doublefailure Slackware 1 04-03-2003 08:59 PM
What is inetd doing? dguy Linux - Networking 7 01-25-2002 01:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration