[ubuntu-hardened] root user in the netstat command results.
Daniel Curtis
sidetripping at gmail.com
Mon May 12 12:50:16 UTC 2014
Hello Seth,
>> Depending upon what your computer is doing for you, you
>> can probably expect several root-owned sockets (...)
It's a typical Desktop system without any service such as sshd,
nginx or even cupsd. I understand, that everything is okay and
there is not (probably) nothing to worry about? I mean something
like hacked, owned etc.
Now, I have a couple of tabs opened in Firefox (about 8) and
e.g. 'netstat -p -e --inet --numeric-hosts' command shows, that
there is only one user (not root) with a 'ESTABLISHED' connection.
Program name is, of course, Firefox. When I open one more tab, 'netstat'
with '-tue' flag shows many connections with several in
a 'TIME_WAIT' State and owned by 'root' user.
>> The aa-unconfined utility can help you (...)
Let see; 'aa-unconfined' command (running with 'sudo' of course) result
shows, that only '/sbin/dhclient confined by '/sbin/dhclient (enforce)',
which process - as we can see - is in enforce mode.
So one more time: if it's a typical Desktop without any service,
with all updates installed etc., is there anything to worry about
with such 'netstat' command results (see above)? I hope not...
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20140512/9015b631/attachment.html>
More information about the ubuntu-hardened
mailing list