[ubuntu-hardened] root user in the netstat command results.
Seth Arnold
seth.arnold at canonical.com
Mon May 12 05:55:38 UTC 2014
On Sat, May 10, 2014 at 11:58:12AM +0200, Daniel Curtis wrote:
> So there is nothing to worry about, and a result with a
> 'root'/'0' user is absolutely normal?
Hello Daniel,
Historically, the root user was the only user able to open TCP and UDP
sockets with source ports between 1 and 1023, inclusive. In modern Linux
systems, this is handled via the CAP_NET_BIND_SERVICE capability, but the
easy way to get this capability is to run a service as root. This is why
both Apache2 and nginx, for example, will have one process running as
root, so that it can bind to and listen on port 80 or 443 (in common
configurations).
Depending upon what your computer is doing for you, you can probably
expect several root-owned sockets.
On my laptop I have root-owned tcp sockets for nginx, squid3, sshd, cupsd,
dnsmasq, and lttng.
The aa-unconfined utility can help you discover which programs with
open listening sockets aren't yet confined by AppArmor. Depending upon how
well you trust these programs you may wish to confine them to reduce the
scope of what they could damage should they be successfully attacked.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20140511/d878d1cd/attachment.pgp>
More information about the ubuntu-hardened
mailing list