I have an annoying message in system logs messages and warn:
inetd: login/tcp (2): bind: Address already in use inetd: shell/tcp (2): bind: Address already in use
The message is sent from 10 to 10 minutes, but I don't know what process is the source. I have a Suse 7.2 box, sendmail+DNS+http, and a virtual address on interface eth0:0. I didn't notice that something it's going wrong, all the process are working fine, I can send mail, I can telnet, ssh, ftp the machine, so that's why I'm asking: what the matter with this message ?
This will occur, if you start an instance of inetd and services/ports are bound in /etc/inetd.conf already started. Try follwing: netstat -anp | grep -i listen you will see all services/ports and the process that own them login (port 513) and shell (port 514) according to /etc/services What you see may be a security risc, cauze this services are normally bound by inetd. A possible attacker might have installed this 2 services (with his own version of binaries). Post the dump of above netstat command to learn more ! Michael Appeldorn