On 24/10/2013, at 15.56, Fiedler Roman <Roman.Fiedler@ait.ac.at> wrote:
>> Von: Ghislain [mailto:gadnet@aqueos.com]
>>
>>> cd /etc/vserver; ls | while read name; do vserver "${name}" exec
>> netstat -nlp; done Roman
>>
>> I think you meant :
>>
>> vsomething vserver -- --running -- exec netstat -nlp
>
> If I had known it, I should have meant that.
vsomething does not appear to work for me. But here are netstat output
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 7219/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3830/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 8765/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 15807 7219/mysqld /var/run/mysqld/mysqld.sock
unix 2 [ ACC ] STREAM LISTENING 13154 6715/dbus-daemon /var/run/dbus/system_bus_socket
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 6128/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7226/sshd
udp 0 0 0.0.0.0:54414 0.0.0.0:* 6193/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 6128/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 6193/dhcpd
raw 0 0 0.0.0.0:1 0.0.0.0:* 7 6193/dhcpd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6667 0.0.0.0:* LISTEN 7141/ngircd
tcp 0 0 0.0.0.0:6668 0.0.0.0:* LISTEN 7141/ngircd
tcp 0 0 0.0.0.0:6669 0.0.0.0:* LISTEN 7141/ngircd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5986/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7396/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 7683/inetd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 21507/smbd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3088/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 21305/sshd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 21507/smbd
udp 0 0 192.168.123.255:137 0.0.0.0:* 21502/nmbd
udp 0 0 192.168.123.225:137 0.0.0.0:* 21502/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 21502/nmbd
udp 0 0 192.168.123.255:138 0.0.0.0:* 21502/nmbd
udp 0 0 192.168.123.225:138 0.0.0.0:* 21502/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 21502/nmbd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 14202 7677/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 13226163 21460/winbindd /var/run/samba/winbindd_privileged/pipe
unix 2 [ ACC ] STREAM LISTENING 13226162 21460/winbindd /tmp/.winbindd/pipe
unix 2 [ ACC ] STREAM LISTENING 13224315 19997/ssh-agent /tmp/ssh-UFAiQ19996/agent.19996
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6790/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5546/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7926/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 15760 8135/winbindd /var/run/samba/winbindd_privileged/pipe
unix 2 [ ACC ] STREAM LISTENING 14144 6790/mysqld /var/run/mysqld/mysqld.sock
unix 2 [ ACC ] STREAM LISTENING 15759 8135/winbindd /tmp/.winbindd/pipe
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6195/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 8078/sshd
tcp 0 0 0.0.0.0:2401 0.0.0.0:* LISTEN 22085/inetd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 842803 11810/apache2 /var/run/apache2/cgisock.6195
unix 2 [ ACC ] STREAM LISTENING 16115 8268/winbindd /tmp/.winbindd/pipe
unix 2 [ ACC ] STREAM LISTENING 16116 8268/winbindd /var/run/samba/winbindd_privileged/pipe
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 30432/inetd
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 30432/inetd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 9438/smbd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7261/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9447/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 9389/exim4
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 9438/smbd
tcp 0 0 0.0.0.0:2401 0.0.0.0:* LISTEN 30432/inetd
udp 0 0 192.168.123.255:137 0.0.0.0:* 9435/nmbd
udp 0 0 192.168.123.3:137 0.0.0.0:* 9435/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 9435/nmbd
udp 0 0 192.168.123.255:138 0.0.0.0:* 9435/nmbd
udp 0 0 192.168.123.3:138 0.0.0.0:* 9435/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 9435/nmbd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 17022 9114/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 17641 9470/winbindd /tmp/.winbindd/pipe
unix 2 [ ACC ] STREAM LISTENING 17526 9435/nmbd /var/run/samba/unexpected
unix 2 [ ACC ] STREAM LISTENING 17642 9470/winbindd /var/run/samba/winbindd_privileged/pipe
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:548 0.0.0.0:* LISTEN 7379/afpd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 7743/smbd
tcp 0 0 192.168.123.218:80 0.0.0.0:* LISTEN 5132/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7778/sshd
tcp 0 0 127.0.0.1:4700 0.0.0.0:* LISTEN 7284/cnid_metad
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 7743/smbd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 6895/avahi-daemon:
udp 0 0 192.168.123.255:137 0.0.0.0:* 7642/nmbd
udp 0 0 192.168.123.218:137 0.0.0.0:* 7642/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 7642/nmbd
udp 0 0 192.168.123.255:138 0.0.0.0:* 7642/nmbd
udp 0 0 192.168.123.218:138 0.0.0.0:* 7642/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 7642/nmbd
udp 0 0 0.0.0.0:42049 0.0.0.0:* 6895/avahi-daemon:
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 14967 7865/winbindd /tmp/.winbindd/pipe
unix 2 [ ACC ] STREAM LISTENING 14980 7865/winbindd /var/run/samba/winbindd_privileged/pipe
unix 2 [ ACC ] STREAM LISTENING 13549 6895/avahi-daemon: /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 13426 6812/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 14335 7642/nmbd /var/run/samba/unexpected
And here are the entire list of ports that rkhunter complains about
root@dkVserver:/home/jonbendtsen# rkhunter --rwo --check
Warning: Hidden ports found:
Port number: TCP:139
Port number: TCP:2401
Port number: TCP:25
Port number: TCP:3306
Port number: TCP:35026
Port number: TCP:3690
Port number: TCP:39764
Port number: TCP:39955
Port number: TCP:42239
Port number: TCP:42916
Port number: TCP:43605
Port number: TCP:44070
Port number: TCP:445
Port number: TCP:45393
Port number: TCP:46028
Port number: TCP:46640
Port number: TCP:46709
Port number: TCP:4700
Port number: TCP:50479
Port number: TCP:50601
Port number: TCP:53
Port number: TCP:54424
Port number: TCP:548
Port number: TCP:54865
Port number: TCP:55039
Port number: TCP:57149
Port number: TCP:58738
Port number: TCP:6667
Port number: TCP:6668
Port number: TCP:6669
Port number: TCP:80
Port number: TCP:873
Port number: UDP:137
Port number: UDP:138
Port number: UDP:42049
Port number: UDP:53
Port number: UDP:5353
Port number: UDP:54414
Port number: UDP:67
Received on Thu Oct 24 15:21:51 2013