Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Prtmapper...
  • From: "Michael Stern" <mhstar@xxxxxx>
  • Date: Tue, 12 Feb 2002 20:59:26 +0100
  • Message-id: <001301c1b3ff$c82d02f0$0101a8c0@xxxxxxxxxxxxxxx>
well now that you know the command line, you could probably find out, how
they have been launched. try "pstree" to see, which application has launched
the process, if it was init, you will have to look in your /etc/init.d/rc?.d
directory for the link to the startup script (eg.: my box usually runs in
runlevel 3 which means i would look in /etc/init.d/rc3.d for the link to the
startup script ... if i want to prevent inetd from starting (don't do that
=), i would remove the *inetd links, namely S20inetd and K04inetd).

if you just want to kill the processes for now, try

killall processname

if you feel safer killing the process by its process id, use

kill -s SIGTERM processid
eg.: kill -s SIGTERM 1234

or even better

kill -s SIGKILL processid
since the process cannot catch this signal and prevent being killed.


cheers,
michael

----- Original Message -----
From: "Mike Garabedian" <mikejr@xxxxxxxxxxxxxxx>
To: "Michael Stern" <mhstar@xxxxxx>
Sent: Tuesday, February 12, 2002 8:55 PM
Subject: RE: [suse-security] Prtmapper...


> Then what....I found them, now how do I stop them.
>
>
> -----Original Message-----
> From: Michael Stern [mailto:mhstar@xxxxxx]
> Sent: Tuesday, February 12, 2002 1:59 PM
> To: Mike Garabedian
> Subject: Re: [suse-security] Prtmapper...
>
>
> try the following:
>
> >fuser -n tcp 111
> >fuser -n tcp 222
>
> and pass whatever process-id it gives to you to
>
> >ps aux | grep processID
>
> eg.:
>
> elizia:/ # fuser -n tcp finger
> finger/tcp: 1021
>
> elizia:/ # ps aux | grep 1021
> root 1021 0.0 0.0 1348 480 ? S Feb04 0:00
> /usr/sbin/inetd
>
>
> hope i could help ...
>
> michael
>
> ----- Original Message -----
> From: "Mike Garabedian" <mikejr@xxxxxxxxxxxxxxx>
> To: <suse-security@xxxxxxxx>
> Sent: Tuesday, February 12, 2002 7:31 PM
> Subject: [suse-security] Prtmapper...
>
>
> > ...I ran a cerberus scan on my network and found taht portmap is
> operating,
> > I stopped the service from the server , yet after I run the scan it is
> still
> > finding the ports 111 and 222, which are serious security holes. Any
> ideas
> > on where to stop the service and make sure it is stopped.
> >
> > mike
> >
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
> >
>
>
>


< Previous Next >