well now that you know the command line, you could probably find out, how
they have been launched. try "pstree" to see, which application has launched
the process, if it was init, you will have to look in your /etc/init.d/rc?.d
directory for the link to the startup script (eg.: my box usually runs in
runlevel 3 which means i would look in /etc/init.d/rc3.d for the link to the
startup script ... if i want to prevent inetd from starting (don't do that
=), i would remove the *inetd links, namely S20inetd and K04inetd).
if you just want to kill the processes for now, try
killall processname
if you feel safer killing the process by its process id, use
kill -s SIGTERM processid
eg.: kill -s SIGTERM 1234
or even better
kill -s SIGKILL processid
since the process cannot catch this signal and prevent being killed.
cheers,
michael
----- Original Message -----
From: "Mike Garabedian"
Then what....I found them, now how do I stop them.
-----Original Message----- From: Michael Stern [mailto:mhstar@gmx.at] Sent: Tuesday, February 12, 2002 1:59 PM To: Mike Garabedian Subject: Re: [suse-security] Prtmapper...
try the following:
fuser -n tcp 111 fuser -n tcp 222
and pass whatever process-id it gives to you to
ps aux | grep processID
eg.:
elizia:/ # fuser -n tcp finger finger/tcp: 1021
elizia:/ # ps aux | grep 1021 root 1021 0.0 0.0 1348 480 ? S Feb04 0:00 /usr/sbin/inetd
hope i could help ...
michael
----- Original Message ----- From: "Mike Garabedian"
To: Sent: Tuesday, February 12, 2002 7:31 PM Subject: [suse-security] Prtmapper... ...I ran a cerberus scan on my network and found taht portmap is operating, I stopped the service from the server , yet after I run the scan it is still finding the ports 111 and 222, which are serious security holes. Any ideas on where to stop the service and make sure it is stopped.
mike
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com