Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-22-2006, 07:27 AM
|
#1
|
LQ Newbie
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21
Rep:
|
apache + inetd problem
Recently i got problem with my apache server, here the an error
Code:
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
after make some googling, i check the process
Code:
netstat -lnp | grep '0.0.0.0:80'
# output
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22452/inetd
i check what the process
Code:
ps 22452
PID TTY STAT TIME COMMAND
22452 ? S 0:34 inetd
i stop the inetd service
Code:
/etc/rc.d/rc.inetd stop
i stop the httpd service
Code:
/etc/rc.d/rc.httpd stop
i try to start httpd service
Code:
/etc/rc.d/rc.httpd stop
but the problem above still happened? anyone facing the same problem with me?
|
|
|
05-22-2006, 07:56 AM
|
#2
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
|
That's strange!!!
should tell you all the processes that use port 80. Try to kill them manually and start apache. Also take a look at your /etc/services to see if there is something other than httpd that uses that port and edit your /etc/inetd.conf to comment it out.
|
|
|
05-22-2006, 10:56 AM
|
#3
|
LQ Newbie
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
That's strange!!!
should tell you all the processes that use port 80. Try to kill them manually and start apache. Also take a look at your /etc/services to see if there is something other than httpd that uses that port and edit your /etc/inetd.conf to comment it out.
|
Here the output
Code:
matt@www:~$ fuser -v -n tcp 80
here: 80
there are no other services using 80 port except httpd. i'm not running httpd from inetd so there are no httpd service in inetd.conf
|
|
|
05-23-2006, 03:06 AM
|
#4
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
|
Did you ran it as root? Restart inetd and look if port 80 starts listening. Or use nmap from another box to scan your box for open ports.
|
|
|
05-23-2006, 08:10 PM
|
#5
|
LQ Newbie
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
Did you ran it as root? Restart inetd and look if port 80 starts listening. Or use nmap from another box to scan your box for open ports.
|
Yes i ran as a root. Here my box result
Code:
root@www:~# ps -aux |grep httpd
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
root 247 0.0 0.6 17824 5584 ? Ss May21 0:00 /usr/sbin/httpd -k start
apache 446 0.0 1.5 23812 13852 ? S May21 0:40 /usr/sbin/httpd -k start
apache 777 0.0 1.5 24304 14372 ? S May21 0:38 /usr/sbin/httpd -k start
apache 783 0.0 1.5 23672 13716 ? S May21 0:21 /usr/sbin/httpd -k start
apache 2150 0.0 1.5 24108 14152 ? S May21 0:10 /usr/sbin/httpd -k start
apache 7005 0.0 1.5 24316 14460 ? S May22 0:36 /usr/sbin/httpd -k start
apache 8358 0.0 1.5 23568 13612 ? S May23 0:16 /usr/sbin/httpd -k start
apache 9046 0.0 1.5 24300 14312 ? S May23 0:15 /usr/sbin/httpd -k start
apache 9376 0.0 1.5 24240 14304 ? S May23 0:05 /usr/sbin/httpd -k start
apache 9378 0.0 1.5 23592 13628 ? S May23 0:06 /usr/sbin/httpd -k start
apache 9385 0.0 1.4 23432 13468 ? S May23 0:10 /usr/sbin/httpd -k start
apache 9386 0.0 1.5 23936 13956 ? S May23 0:11 /usr/sbin/httpd -k start
apache 9387 0.0 1.4 23492 13520 ? S May23 0:08 /usr/sbin/httpd -k start
apache 9388 0.0 1.5 24172 14192 ? S May23 0:09 /usr/sbin/httpd -k start
apache 9389 0.0 1.5 24292 14304 ? S May23 0:08 /usr/sbin/httpd -k start
apache 10240 0.0 1.2 21996 11720 ? S May23 0:00 /usr/sbin/httpd -k start
apache 10260 0.0 1.4 23500 13448 ? S May23 0:00 /usr/sbin/httpd -k start
apache 10294 0.0 1.4 23172 13116 ? S May23 0:00 /usr/sbin/httpd -k start
apache 10322 0.0 1.2 21996 11720 ? S May23 0:00 /usr/sbin/httpd -k start
apache 10337 0.0 1.2 21996 11724 ? S May23 0:00 /usr/sbin/httpd -k start
apache 10364 0.0 1.2 22012 11736 ? S 00:08 0:00 /usr/sbin/httpd -k start
apache 10378 0.0 1.5 24000 14020 ? S 00:09 0:01 /usr/sbin/httpd -k start
apache 10391 0.0 1.5 24272 14272 ? S 00:14 0:04 /usr/sbin/httpd -k start
apache 10406 0.0 1.2 22012 11740 ? S 00:14 0:00 /usr/sbin/httpd -k start
apache 10420 0.0 1.5 23688 13700 ? S 00:16 0:03 /usr/sbin/httpd -k start
apache 10433 0.0 1.4 23532 13508 ? S 00:16 0:00 /usr/sbin/httpd -k start
apache 10434 0.0 1.2 21996 11720 ? S 00:17 0:00 /usr/sbin/httpd -k start
apache 10462 0.0 1.2 21996 11720 ? S 00:27 0:00 /usr/sbin/httpd -k start
apache 10477 0.0 1.2 21996 11720 ? S 00:27 0:00 /usr/sbin/httpd -k start
apache 10506 0.0 1.5 24008 13960 ? S 00:31 0:00 /usr/sbin/httpd -k start
apache 10525 0.0 1.5 23740 13692 ? S 00:33 0:00 /usr/sbin/httpd -k start
apache 10544 0.0 1.2 21996 11720 ? S 00:34 0:00 /usr/sbin/httpd -k start
apache 10562 0.0 1.4 23252 13256 ? S 00:36 0:00 /usr/sbin/httpd -k start
apache 10576 0.0 1.5 23920 13932 ? S 00:36 0:02 /usr/sbin/httpd -k start
apache 10608 0.0 1.4 23524 13536 ? S 00:42 0:01 /usr/sbin/httpd -k start
apache 10623 0.0 1.5 24288 14244 ? S 00:43 0:01 /usr/sbin/httpd -k start
apache 10632 0.0 1.2 21996 11720 ? S 00:44 0:00 /usr/sbin/httpd -k start
apache 10674 0.0 1.5 24012 14032 ? S 00:46 0:02 /usr/sbin/httpd -k start
apache 10704 0.0 1.5 23752 13760 ? S 00:47 0:00 /usr/sbin/httpd -k start
apache 10726 0.0 1.5 23736 13680 ? S 00:53 0:00 /usr/sbin/httpd -k start
apache 10793 0.0 1.5 24000 14020 ? S 01:15 0:02 /usr/sbin/httpd -k start
apache 10806 0.0 1.5 24008 13996 ? S 01:17 0:01 /usr/sbin/httpd -k start
apache 10808 0.0 1.2 22012 11736 ? S 01:22 0:00 /usr/sbin/httpd -k start
apache 10809 0.0 1.2 22012 11744 ? S 01:22 0:00 /usr/sbin/httpd -k start
apache 10810 0.0 1.5 23692 13696 ? S 01:22 0:01 /usr/sbin/httpd -k start
apache 10854 0.0 1.4 23508 13460 ? S 01:26 0:00 /usr/sbin/httpd -k start
apache 10891 0.0 1.5 23700 13704 ? S 01:28 0:01 /usr/sbin/httpd -k start
apache 10907 0.0 1.5 24024 14004 ? S 01:29 0:03 /usr/sbin/httpd -k start
apache 10936 0.0 1.5 24016 14028 ? S 01:34 0:01 /usr/sbin/httpd -k start
apache 10963 0.0 1.5 24132 14076 ? S 01:39 0:00 /usr/sbin/httpd -k start
apache 10989 0.0 1.5 23748 13732 ? S 01:44 0:01 /usr/sbin/httpd -k start
apache 11030 0.0 1.5 23752 13764 ? S 01:48 0:01 /usr/sbin/httpd -k start
apache 11031 0.0 1.1 23192 10560 ? S 01:48 0:00 /usr/sbin/httpd -k start
apache 11032 0.0 1.2 23792 11164 ? S 01:48 0:02 /usr/sbin/httpd -k start
apache 11033 0.0 1.1 23716 10780 ? S 01:48 0:01 /usr/sbin/httpd -k start
apache 11035 0.0 1.1 23728 10704 ? S 01:48 0:00 /usr/sbin/httpd -k start
apache 11169 0.0 0.9 21996 8580 ? S 02:17 0:00 /usr/sbin/httpd -k start
apache 11174 0.0 0.9 21996 8640 ? S 02:18 0:00 /usr/sbin/httpd -k start
apache 11186 0.0 0.9 22012 8660 ? S 02:19 0:00 /usr/sbin/httpd -k start
apache 11215 0.0 0.9 21996 8580 ? S 02:23 0:00 /usr/sbin/httpd -k start
apache 11218 0.0 0.9 21996 8580 ? S 02:24 0:00 /usr/sbin/httpd -k start
apache 11253 0.0 0.9 21996 8624 ? S 02:32 0:00 /usr/sbin/httpd -k start
apache 11267 0.0 0.9 22012 8776 ? S 02:33 0:00 /usr/sbin/httpd -k start
apache 11281 0.0 1.1 23524 10600 ? S 02:34 0:00 /usr/sbin/httpd -k start
apache 11295 0.0 0.9 21996 8580 ? S 02:36 0:00 /usr/sbin/httpd -k start
apache 11309 0.0 0.9 21996 8744 ? S 02:37 0:00 /usr/sbin/httpd -k start
apache 11322 0.0 0.9 22032 8912 ? S 02:38 0:00 /usr/sbin/httpd -k start
apache 11337 0.0 0.9 21996 8724 ? S 02:38 0:00 /usr/sbin/httpd -k start
apache 11352 0.0 1.1 23760 10828 ? S 02:40 0:01 /usr/sbin/httpd -k start
apache 11366 0.0 1.1 23528 10604 ? S 02:40 0:01 /usr/sbin/httpd -k start
apache 11381 0.0 0.9 21996 8584 ? S 02:44 0:00 /usr/sbin/httpd -k start
apache 11417 0.0 0.9 21996 8656 ? S 02:49 0:00 /usr/sbin/httpd -k start
apache 11434 0.0 0.9 21996 8748 ? S 03:01 0:00 /usr/sbin/httpd -k start
apache 11448 0.0 1.2 24004 11060 ? S 03:02 0:03 /usr/sbin/httpd -k start
apache 11453 0.0 1.1 23188 10236 ? S 03:02 0:00 /usr/sbin/httpd -k start
apache 11469 0.0 1.1 23736 10808 ? S 03:03 0:01 /usr/sbin/httpd -k start
apache 11491 0.0 1.1 23732 10804 ? S 03:05 0:00 /usr/sbin/httpd -k start
apache 11521 0.0 1.1 23700 10768 ? S 03:12 0:00 /usr/sbin/httpd -k start
apache 11538 0.0 1.1 23704 10720 ? S 03:13 0:00 /usr/sbin/httpd -k start
apache 11566 0.0 0.9 21996 8772 ? S 03:18 0:00 /usr/sbin/httpd -k start
apache 11568 0.0 1.2 23756 10952 ? S 03:18 0:01 /usr/sbin/httpd -k start
apache 11582 0.0 1.1 23192 10448 ? S 03:18 0:00 /usr/sbin/httpd -k start
apache 11620 0.0 1.1 23540 10820 ? S 03:24 0:01 /usr/sbin/httpd -k start
apache 11623 0.0 1.1 23524 10712 ? S 03:24 0:00 /usr/sbin/httpd -k start
apache 11661 0.0 1.2 23756 11020 ? S 03:28 0:02 /usr/sbin/httpd -k start
apache 11676 0.0 1.1 23204 10448 ? S 03:29 0:01 /usr/sbin/httpd -k start
apache 11696 0.0 1.2 23576 10980 ? S 03:31 0:01 /usr/sbin/httpd -k start
apache 11711 0.0 1.2 24288 11700 ? S 03:32 0:02 /usr/sbin/httpd -k start
apache 11764 0.0 1.2 23748 11128 ? S 03:43 0:00 /usr/sbin/httpd -k start
apache 11772 0.0 1.2 23488 10892 ? S 03:45 0:01 /usr/sbin/httpd -k start
apache 11814 0.0 1.2 23508 11616 ? S 03:47 0:00 /usr/sbin/httpd -k start
apache 11842 0.0 1.0 21996 9768 ? S 03:52 0:00 /usr/sbin/httpd -k start
apache 11846 0.0 1.3 23868 11908 ? S 03:52 0:00 /usr/sbin/httpd -k start
apache 11863 0.0 1.3 23724 11944 ? S 03:53 0:07 /usr/sbin/httpd -k start
apache 11894 0.0 1.1 21996 10464 ? S 03:56 0:00 /usr/sbin/httpd -k start
apache 11914 0.0 1.3 23708 12452 ? S 03:58 0:00 /usr/sbin/httpd -k start
apache 11931 0.0 1.1 21996 10464 ? S 03:59 0:00 /usr/sbin/httpd -k start
apache 11933 0.0 1.3 23540 12236 ? S 03:59 0:01 /usr/sbin/httpd -k start
apache 11934 0.0 1.1 21996 10464 ? S 03:59 0:00 /usr/sbin/httpd -k start
apache 11978 0.0 1.1 21996 10464 ? S 04:01 0:00 /usr/sbin/httpd -k start
apache 11995 0.0 1.3 23744 12492 ? S 04:03 0:02 /usr/sbin/httpd -k start
apache 12027 0.0 1.1 21996 10464 ? S 04:10 0:00 /usr/sbin/httpd -k start
apache 12029 0.0 1.4 24008 12720 ? S 04:10 0:02 /usr/sbin/httpd -k start
apache 12057 0.0 1.3 23728 12496 ? S 04:11 0:01 /usr/sbin/httpd -k start
apache 12059 0.0 1.4 24000 12768 ? S 04:11 0:01 /usr/sbin/httpd -k start
apache 12099 0.0 1.4 24000 12748 ? S 04:18 0:01 /usr/sbin/httpd -k start
apache 12132 0.0 1.3 23508 12240 ? S 04:24 0:01 /usr/sbin/httpd -k start
apache 12188 0.0 1.1 21996 10464 ? S 04:33 0:00 /usr/sbin/httpd -k start
apache 12195 0.0 1.3 23732 12472 ? S 04:36 0:06 /usr/sbin/httpd -k start
apache 12199 0.0 1.3 23788 12516 ? S 04:36 0:06 /usr/sbin/httpd -k start
apache 12225 0.0 1.3 23740 12424 ? S 04:37 0:00 /usr/sbin/httpd -k start
apache 12313 0.0 1.3 23536 12196 ? S 04:45 0:00 /usr/sbin/httpd -k start
apache 12314 0.0 1.0 20992 9292 ? S 04:46 0:06 /usr/sbin/httpd -k start
root 12427 0.0 0.0 1680 644 pts/0 R+ 08:00 0:00 grep httpd
Code:
root@www:~# ps aux|grep inetd
root 176 0.0 0.0 1416 508 ? Ss May21 0:00 /usr/sbin/inetd
apache 10132 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10174 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10192 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10212 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10250 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10271 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10305 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10332 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10347 0.0 0.3 4144 2916 ? S May23 0:00 inetd
apache 10361 0.0 0.3 4144 2916 ? S 00:03 0:00 inetd
apache 10375 0.0 0.3 4144 2916 ? S 00:08 0:00 inetd
apache 10389 0.0 0.3 4144 2916 ? S 00:09 0:00 inetd
apache 10403 0.0 0.3 4144 2916 ? S 00:14 0:00 inetd
apache 10417 0.0 0.3 4144 2916 ? S 00:14 0:00 inetd
apache 10430 0.0 0.3 4144 2916 ? S 00:16 0:00 inetd
apache 10446 0.0 0.3 4144 2916 ? S 00:18 0:00 inetd
apache 10474 0.0 0.3 4144 2916 ? S 00:27 0:00 inetd
apache 10488 0.0 0.3 4144 2916 ? S 00:27 0:00 inetd
apache 10518 0.0 0.3 4144 2916 ? S 00:32 0:00 inetd
apache 10536 0.0 0.3 4144 2916 ? S 00:33 0:00 inetd
apache 10555 0.0 0.3 4144 2916 ? S 00:34 0:00 inetd
apache 10573 0.0 0.3 4144 2916 ? S 00:36 0:00 inetd
apache 10588 0.0 0.3 4144 2916 ? S 00:36 0:00 inetd
apache 10618 0.0 0.3 4144 2916 ? S 00:42 0:00 inetd
apache 10645 0.0 0.3 4144 2916 ? S 00:44 0:00 inetd
apache 10654 0.0 0.3 4144 2916 ? S 00:44 0:00 inetd
apache 10671 0.0 0.3 4144 2916 ? S 00:46 0:00 inetd
apache 10758 0.0 0.3 4144 2916 ? S 01:01 0:00 inetd
apache 10771 0.0 0.3 4144 2916 ? S 01:05 0:00 inetd
apache 10790 0.0 0.3 4144 2916 ? S 01:07 0:00 inetd
apache 10804 0.0 0.3 4144 2916 ? S 01:15 0:00 inetd
apache 10829 0.0 0.3 4144 2916 ? S 01:24 0:00 inetd
apache 10851 0.0 0.3 4144 2916 ? S 01:25 0:00 inetd
apache 10868 0.0 0.3 4144 2916 ? S 01:26 0:00 inetd
apache 10879 0.0 0.3 4144 2916 ? S 01:26 0:00 inetd
apache 10902 0.0 0.3 4144 2916 ? S 01:28 0:00 inetd
apache 10931 0.0 0.3 4144 2916 ? S 01:34 0:00 inetd
apache 10957 0.0 0.3 4144 2916 ? S 01:38 0:00 inetd
apache 10974 0.0 0.3 4144 2916 ? S 01:39 0:00 inetd
apache 11000 0.0 0.3 4144 2916 ? S 01:44 0:00 inetd
apache 11051 0.0 0.3 4144 2916 ? S 01:50 0:00 inetd
apache 11097 0.0 0.2 4144 1984 ? S 01:59 0:00 inetd
apache 11117 0.0 0.3 4144 2916 ? S 02:00 0:00 inetd
apache 11126 0.0 0.3 4144 2916 ? S 02:00 0:00 inetd
apache 11153 0.0 0.2 4144 2352 ? S 02:08 0:00 inetd
apache 11167 0.0 0.3 4144 2916 ? S 02:15 0:00 inetd
apache 11182 0.0 0.2 4144 2476 ? S 02:18 0:00 inetd
apache 11197 0.0 0.3 4144 2916 ? S 02:19 0:00 inetd
apache 11212 0.0 0.2 4144 1968 ? S 02:21 0:00 inetd
apache 11231 0.0 0.2 4144 1976 ? S 02:24 0:00 inetd
apache 11250 0.0 0.2 4144 2068 ? S 02:26 0:00 inetd
apache 11264 0.0 0.2 4144 1968 ? S 02:32 0:00 inetd
apache 11278 0.0 0.3 4144 2916 ? S 02:33 0:00 inetd
apache 11292 0.0 0.2 4144 1984 ? S 02:34 0:00 inetd
apache 11306 0.0 0.3 4144 2916 ? S 02:36 0:00 inetd
apache 11320 0.0 0.2 4144 1964 ? S 02:37 0:00 inetd
apache 11334 0.0 0.2 4144 1964 ? S 02:38 0:00 inetd
apache 11349 0.0 0.2 4144 1964 ? S 02:39 0:00 inetd
apache 11363 0.0 0.2 4144 1964 ? S 02:40 0:00 inetd
apache 11378 0.0 0.2 4144 1964 ? S 02:43 0:00 inetd
apache 11392 0.0 0.2 4144 1984 ? S 02:44 0:00 inetd
apache 11431 0.0 0.2 4144 1980 ? S 02:59 0:00 inetd
apache 11445 0.0 0.2 4144 1960 ? S 03:02 0:00 inetd
apache 11465 0.0 0.2 4144 1960 ? S 03:03 0:00 inetd
apache 11480 0.0 0.2 4144 1972 ? S 03:03 0:00 inetd
apache 11502 0.0 0.2 4144 1980 ? S 03:05 0:00 inetd
apache 11532 0.0 0.2 4144 1984 ? S 03:12 0:00 inetd
apache 11563 0.0 0.2 4144 1976 ? S 03:17 0:00 inetd
apache 11578 0.0 0.2 4144 1976 ? S 03:18 0:00 inetd
apache 11593 0.0 0.2 4144 1976 ? S 03:18 0:00 inetd
apache 11607 0.0 0.2 4144 1976 ? S 03:19 0:00 inetd
apache 11634 0.0 0.2 4144 1972 ? S 03:24 0:00 inetd
apache 11656 0.0 0.2 4144 1964 ? S 03:28 0:00 inetd
apache 11673 0.0 0.2 4144 2356 ? S 03:29 0:00 inetd
apache 11688 0.0 0.2 4144 1972 ? S 03:29 0:00 inetd
apache 11708 0.0 0.2 4144 2288 ? S 03:31 0:00 inetd
apache 11742 0.0 0.2 4144 2340 ? S 03:40 0:00 inetd
apache 11761 0.0 0.2 4144 1972 ? S 03:43 0:00 inetd
apache 11787 0.0 0.2 4144 2356 ? S 03:46 0:00 inetd
apache 11837 0.0 0.2 4144 2356 ? S 03:51 0:00 inetd
apache 11856 0.0 0.2 4144 2356 ? S 03:52 0:00 inetd
apache 11875 0.0 0.3 4144 2916 ? S 03:53 0:00 inetd
apache 11889 0.0 0.2 4144 2356 ? S 03:55 0:00 inetd
apache 11906 0.0 0.3 4144 2916 ? S 03:56 0:00 inetd
apache 11927 0.0 0.3 4144 2916 ? S 03:59 0:00 inetd
apache 11947 0.0 0.2 4144 2356 ? S 04:00 0:00 inetd
apache 11961 0.0 0.3 4144 2916 ? S 04:00 0:00 inetd
apache 11975 0.0 0.3 4144 2916 ? S 04:01 0:00 inetd
apache 11988 0.0 0.3 4144 2916 ? S 04:01 0:00 inetd
apache 12007 0.0 0.3 4144 2916 ? S 04:03 0:00 inetd
apache 12043 0.0 0.3 4144 2916 ? S 04:10 0:00 inetd
apache 12053 0.0 0.3 4144 2916 ? S 04:11 0:00 inetd
apache 12073 0.0 0.3 4144 2916 ? S 04:11 0:00 inetd
apache 12082 0.0 0.3 4144 2916 ? S 04:11 0:00 inetd
apache 12122 0.0 0.3 4144 2916 ? S 04:22 0:00 inetd
apache 12166 0.0 0.3 4144 2916 ? S 04:31 0:00 inetd
apache 12185 0.0 0.3 4144 2916 ? S 04:33 0:00 inetd
apache 12208 0.0 0.3 4144 2916 ? S 04:36 0:00 inetd
apache 12220 0.0 0.3 4144 2916 ? S 04:36 0:00 inetd
apache 12292 0.0 0.3 4144 2916 ? S 04:43 0:00 inetd
apache 12311 0.0 0.3 4144 2916 ? S 04:45 0:00 inetd
root 12547 0.0 0.0 1680 644 pts/0 S+ 08:01 0:00 grep inetd
and here my nmap test from another box
Code:
[matt@fw ~]$ nmap 172.16.16.5
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-05-24 08:15 MYT
Interesting ports on 172.16.16.5:
(The 1641 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
25/tcp closed smtp
53/tcp open domain
80/tcp open http
110/tcp closed pop3
143/tcp closed imap
443/tcp closed https
3128/tcp closed squid-http
3306/tcp closed mysql
5800/tcp closed vnc-http
5900/tcp closed vnc
5901/tcp closed vnc-1
5902/tcp closed vnc-2
5903/tcp closed vnc-3
8000/tcp closed http-alt
8080/tcp closed http-proxy
8888/tcp closed sun-answerbook
10000/tcp closed snet-sensor-mgmt
11371/tcp closed pksd
Nmap run completed -- 1 IP address (1 host up) scanned in 26.966 seconds
|
|
|
05-24-2006, 03:19 AM
|
#6
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
|
Well, If I were you I'll start to worry about the security of your box. Take it off the net and start investigating.
Did you notice that all the inetd process are running under user apache!!! except the first one (that run under root, which is the normal). I suspect that someone used an exploit (perhaps a php related one) and has installed a scrpit that runs under apache and it's named inetd to fool you. Stop or kill all the inetd processes (and apache) and look what this inetd does.
|
|
|
05-24-2006, 07:12 AM
|
#7
|
LQ Newbie
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
Did you notice that all the inetd process are running under user apache!!! except the first one (that run under root, which is the normal).
|
Yes, i worried about that, i noticed all the inetd process run by user apache.
Quote:
Stop or kill all the inetd processes (and apache) and look what this inetd does.
|
i can stop inetd but i can't kill all the inetd process.
Code:
root@www:~# /etc/rc.d/rc.inetd stop
root@www:~# ps aux|grep inetd
apache 10132 0.0 0.2 4144 2120 ? S May23 0:00 inetd
apache 10174 0.0 0.2 4144 2128 ? S May23 0:00 inetd
apache 10192 0.0 0.2 4144 2084 ? S May23 0:00 inetd
apache 10212 0.0 0.2 4144 2072 ? S May23 0:00 inetd
apache 10250 0.0 0.2 4144 2072 ? S May23 0:00 inetd
apache 10271 0.0 0.2 4144 2124 ? S May23 0:00 inetd
apache 10305 0.0 0.2 4144 2128 ? S May23 0:00 inetd
apache 10332 0.0 0.2 4144 2080 ? S May23 0:00 inetd
apache 10347 0.0 0.2 4144 2068 ? S May23 0:00 inetd
apache 10361 0.0 0.2 4144 2120 ? S 00:03 0:00 inetd
apache 10375 0.0 0.2 4144 2124 ? S 00:08 0:00 inetd
apache 10389 0.0 0.2 4144 2120 ? S 00:09 0:00 inetd
apache 10403 0.0 0.2 4144 2120 ? S 00:14 0:00 inetd
apache 10417 0.0 0.2 4144 2068 ? S 00:14 0:00 inetd
apache 10430 0.0 0.2 4144 2064 ? S 00:16 0:00 inetd
apache 10446 0.0 0.2 4144 2064 ? S 00:18 0:00 inetd
apache 10474 0.0 0.2 4144 2044 ? S 00:27 0:00 inetd
apache 10488 0.0 0.2 4144 2064 ? S 00:27 0:00 inetd
apache 10518 0.0 0.2 4144 2048 ? S 00:32 0:00 inetd
apache 10536 0.0 0.2 4144 2072 ? S 00:33 0:00 inetd
apache 10555 0.0 0.2 4144 2064 ? S 00:34 0:00 inetd
apache 10573 0.0 0.2 4144 2048 ? S 00:36 0:00 inetd
apache 10588 0.0 0.2 4144 2064 ? S 00:36 0:00 inetd
apache 10618 0.0 0.2 4144 2064 ? S 00:42 0:00 inetd
apache 10645 0.0 0.2 4144 2100 ? S 00:44 0:00 inetd
apache 10654 0.0 0.2 4144 2112 ? S 00:44 0:00 inetd
apache 10671 0.0 0.2 4144 2072 ? S 00:46 0:00 inetd
apache 10758 0.0 0.2 4144 2060 ? S 01:01 0:00 inetd
apache 10771 0.0 0.2 4144 2068 ? S 01:05 0:00 inetd
apache 10790 0.0 0.2 4144 2060 ? S 01:07 0:00 inetd
apache 10804 0.0 0.2 4144 2068 ? S 01:15 0:00 inetd
apache 10829 0.0 0.2 4144 2068 ? S 01:24 0:00 inetd
apache 10851 0.0 0.2 4144 2072 ? S 01:25 0:00 inetd
apache 10868 0.0 0.2 4144 2124 ? S 01:26 0:00 inetd
apache 10879 0.0 0.2 4144 2068 ? S 01:26 0:00 inetd
apache 10902 0.0 0.2 4144 2104 ? S 01:28 0:00 inetd
apache 10931 0.0 0.2 4144 2068 ? S 01:34 0:00 inetd
apache 10957 0.0 0.2 4144 2116 ? S 01:38 0:00 inetd
apache 10974 0.0 0.2 4144 2112 ? S 01:39 0:00 inetd
apache 11000 0.0 0.2 4144 2112 ? S 01:44 0:00 inetd
apache 11051 0.0 0.2 4144 2112 ? S 01:50 0:00 inetd
apache 11097 0.0 0.2 4144 2044 ? S 01:59 0:00 inetd
apache 11117 0.0 0.2 4144 2068 ? S 02:00 0:00 inetd
apache 11126 0.0 0.2 4144 2052 ? S 02:00 0:00 inetd
apache 11153 0.0 0.2 4144 2420 ? S 02:08 0:00 inetd
apache 11167 0.0 0.2 4144 2112 ? S 02:15 0:00 inetd
apache 11182 0.0 0.2 4144 2116 ? S 02:18 0:00 inetd
apache 11197 0.0 0.2 4144 2116 ? S 02:19 0:00 inetd
apache 11212 0.0 0.2 4144 2040 ? S 02:21 0:00 inetd
apache 11231 0.0 0.2 4144 2048 ? S 02:24 0:00 inetd
apache 11250 0.0 0.2 4144 2140 ? S 02:26 0:00 inetd
apache 11264 0.0 0.2 4144 2040 ? S 02:32 0:00 inetd
apache 11278 0.0 0.2 4144 2112 ? S 02:33 0:00 inetd
apache 11292 0.0 0.2 4144 2056 ? S 02:34 0:00 inetd
apache 11306 0.0 0.2 4144 2112 ? S 02:36 0:00 inetd
apache 11320 0.0 0.2 4144 2040 ? S 02:37 0:00 inetd
apache 11334 0.0 0.2 4144 2040 ? S 02:38 0:00 inetd
apache 11349 0.0 0.2 4144 2040 ? S 02:39 0:00 inetd
apache 11363 0.0 0.2 4144 2040 ? S 02:40 0:00 inetd
apache 11378 0.0 0.2 4144 2040 ? S 02:43 0:00 inetd
apache 11392 0.0 0.2 4144 2060 ? S 02:44 0:00 inetd
apache 11431 0.0 0.2 4144 2060 ? S 02:59 0:00 inetd
apache 11445 0.0 0.2 4144 2040 ? S 03:02 0:00 inetd
apache 11465 0.0 0.2 4144 2040 ? S 03:03 0:00 inetd
apache 11480 0.0 0.2 4144 2052 ? S 03:03 0:00 inetd
apache 11502 0.0 0.2 4144 2060 ? S 03:05 0:00 inetd
apache 11532 0.0 0.2 4144 2064 ? S 03:12 0:00 inetd
apache 11563 0.0 0.2 4144 2052 ? S 03:17 0:00 inetd
apache 11578 0.0 0.2 4144 2052 ? S 03:18 0:00 inetd
apache 11593 0.0 0.2 4144 2052 ? S 03:18 0:00 inetd
apache 11607 0.0 0.2 4144 2052 ? S 03:19 0:00 inetd
apache 11634 0.0 0.2 4144 2052 ? S 03:24 0:00 inetd
apache 11656 0.0 0.2 4144 2044 ? S 03:28 0:00 inetd
apache 11673 0.0 0.2 4144 2436 ? S 03:29 0:00 inetd
apache 11688 0.0 0.2 4144 2052 ? S 03:29 0:00 inetd
apache 11708 0.0 0.2 4144 2368 ? S 03:31 0:00 inetd
apache 11742 0.0 0.2 4144 2420 ? S 03:40 0:00 inetd
apache 11761 0.0 0.2 4144 2052 ? S 03:43 0:00 inetd
apache 11787 0.0 0.2 4144 2436 ? S 03:46 0:00 inetd
apache 11837 0.0 0.2 4144 2436 ? S 03:51 0:00 inetd
apache 11856 0.0 0.2 4144 2436 ? S 03:52 0:00 inetd
apache 11875 0.0 0.2 4144 2032 ? S 03:53 0:00 inetd
apache 11889 0.0 0.2 4144 2436 ? S 03:55 0:00 inetd
apache 11906 0.0 0.2 4144 2052 ? S 03:56 0:00 inetd
apache 11927 0.0 0.2 4144 2052 ? S 03:59 0:00 inetd
apache 11947 0.0 0.2 4144 2436 ? S 04:00 0:00 inetd
apache 11961 0.0 0.2 4144 2052 ? S 04:00 0:00 inetd
apache 11975 0.0 0.2 4144 2096 ? S 04:01 0:00 inetd
apache 11988 0.0 0.3 4144 2916 ? S 04:01 0:00 inetd
apache 12007 0.0 0.2 4144 2096 ? S 04:03 0:00 inetd
apache 12043 0.0 0.3 4144 2916 ? S 04:10 0:00 inetd
apache 12053 0.0 0.2 4144 2048 ? S 04:11 0:00 inetd
apache 12073 0.0 0.3 4144 2916 ? S 04:11 0:00 inetd
apache 12082 0.0 0.2 4144 2100 ? S 04:11 0:00 inetd
apache 12122 0.0 0.2 4144 2080 ? S 04:22 0:00 inetd
apache 12166 0.0 0.2 4144 2104 ? S 04:31 0:00 inetd
apache 12185 0.0 0.2 4144 2092 ? S 04:33 0:00 inetd
apache 12208 0.0 0.2 4144 2104 ? S 04:36 0:00 inetd
apache 12220 0.0 0.2 4144 2104 ? S 04:36 0:00 inetd
apache 12292 0.0 0.2 4144 2104 ? S 04:43 0:00 inetd
apache 12311 0.0 0.2 4144 2104 ? S 04:45 0:00 inetd
root 13859 0.0 0.0 1676 628 pts/1 R+ 19:02 0:00 grep inetd
so what your suggestions?
|
|
|
05-24-2006, 08:49 AM
|
#8
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
|
As I told you you must first take the box off the net. Does the following
works?
If not check /etc/inittab to see if it respawns from there. Then all you can do is to search for the kind of exploit it was used to see how to proceed.
|
|
|
05-30-2006, 10:26 AM
|
#9
|
LQ Newbie
Registered: Mar 2005
Distribution: fedora 4, slackware 10.2
Posts: 21
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
As I told you you must first take the box off the net. Does the following
works?
If not check /etc/inittab to see if it respawns from there. Then all you can do is to search for the kind of exploit it was used to see how to proceed.
|
killall -9 inetd doesn't work to me. how to check /etc/inittab ? and i have no clue to search what kind of exploit attack my machine. sorry i'm really newbie to Slackware.
|
|
|
05-31-2006, 03:27 AM
|
#10
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,220
|
If it's an exploit based on the recent apache+php vulnerabilities, you should take a look at /tmp and at the directory that php can upload files (if it exists it's defined in php.ini). Delete any file(s) that look suspicious. In /etc/inittab you can search for processes with the respawn attribute, but if this is due to php I doubt that apache user can write to that file.
Also I think it's better to make a new post in the securiy forum of LQ, describing your situation and what software you were runnning when this happened, since there are more expert people there to help you.
Regards
|
|
|
All times are GMT -5. The time now is 08:51 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|