intrusion detected
MrKnisely
mrknisely at mrknisely.is-a-geek.org
Thu Aug 11 02:31:50 UTC 2005
Matt Patterson wrote:
> I did indeed mean "the". I type a lot and tend to get lazy when
> chatting and writing email.
>
> As for checking your process list, you can use things like "System
> Monitor" or just start a terminal and do "ps -A". The best way to
> figure out what is supposed to be running on a hoary system is to do
> take inventory before the machine is ever connected to the network.
>
>
> Here is my process list (pretty sure my machine is clean):
>
> mpatterson at mattrp:~ $ ps -A
> PID TTY TIME CMD
> 1 ? 00:00:00 init
> 2 ? 00:00:00 migration/0
> 3 ? 00:00:00 ksoftirqd/0
> 4 ? 00:00:00 migration/1
> 5 ? 00:00:00 ksoftirqd/1
> 6 ? 00:00:00 events/0
> 7 ? 00:00:00 events/1
> 8 ? 00:00:00 khelper
> 21 ? 00:00:00 kacpid
> 84 ? 00:00:01 kblockd/0
> 85 ? 00:00:01 kblockd/1
> 119 ? 00:00:03 pdflush
> 120 ? 00:00:02 pdflush
> 122 ? 00:00:00 aio/0
> 123 ? 00:00:00 aio/1
> 121 ? 00:00:27 kswapd0
> 710 ? 00:00:00 kseriod
> 1122 ? 00:00:21 kjournald
> 1147 ? 00:00:00 udevd
> 4023 ? 00:00:00 kjournald
> 4024 ? 00:00:00 kjournald
> 4852 ? 00:00:00 khubd
> 6768 ? 00:00:00 portmap
> 7139 ? 00:00:00 dd
> 7141 ? 00:00:00 klogd
> 7155 ? 00:00:01 apcupsd
> 7162 ? 00:00:00 gdm
> 7171 ? 00:00:00 gdm
> 7398 ? 05:46:49 Xorg
> 7913 ? 00:00:00 dbus-daemon-1
> 7925 ? 00:03:42 hald
> 7942 ? 00:00:00 inetd
> 8140 ? 00:00:00 nfsd
> 8141 ? 00:00:00 nfsd
> 8142 ? 00:00:00 nfsd
> 8143 ? 00:00:00 nfsd
> 8144 ? 00:00:00 nfsd
> 8145 ? 00:00:00 nfsd
> 8146 ? 00:00:00 nfsd
> 8147 ? 00:00:00 nfsd
> 8149 ? 00:00:00 lockd
> 8150 ? 00:00:00 rpciod
> 8153 ? 00:00:00 rpc.mountd
> 8215 ? 00:00:00 master
> 8226 ? 00:00:00 qmgr
> 8370 ? 00:00:00 nmbd
> 8372 ? 00:00:00 smbd
> 8382 ? 00:00:00 smbd
> 8388 ? 00:00:00 sshd
> 8403 ? 00:00:00 rpc.statd
> 8421 ? 00:00:01 ntpd
> 8448 ? 00:00:00 atd
> 8459 ? 00:00:00 cron
> 8532 ? 00:00:00 vmnet-bridge
> 8542 ? 00:00:00 apache
> 8558 tty1 00:00:00 getty
> 8559 tty2 00:00:00 getty
> 8560 tty3 00:00:00 getty
> 8561 tty4 00:00:00 getty
> 8562 tty5 00:00:00 getty
> 8563 tty6 00:00:00 getty
> 8664 ? 00:00:00 miniserv.pl
> 8668 ? 00:00:09 gnome-session
> 8715 ? 00:00:00 gpg-agent
> 8718 ? 00:00:00 ssh-agent
> 8721 ? 00:00:00 dbus-launch
> 8722 ? 00:00:00 dbus-daemon-1
> 8724 ? 00:00:02 gconfd-2
> 8727 ? 00:00:00 gnome-keyring-d
> 8729 ? 00:02:52 esd
> 8731 ? 00:00:00 bonobo-activati
> 8733 ? 00:00:43 gnome-settings-
> 8736 ? 00:00:10 gam_server
> 8748 ? 00:02:16 xscreensaver
> 8773 ? 00:00:17 gnome-smproxy
> 8775 ? 00:01:32 metacity
> 8777 ? 00:00:07 gnome-volume-ma
> 8779 ? 00:00:44 nautilus
> 8781 ? 00:00:32 gnome-panel
> 8785 ? 00:02:37 gnome-cups-icon
> 8789 ? 00:02:24 xmms
> 8796 ? 00:00:00 gnome-vfs-daemo
> 8797 ? 00:01:29 ksensors
> 8806 ? 00:01:44 wnck-applet
> 8807 ? 00:00:00 kdeinit
> 8811 ? 00:00:00 dcopserver
> 8814 ? 00:00:00 mapping-daemon
> 8815 ? 00:00:00 klauncher
> 8826 ? 00:00:19 kded
> 8834 ? 00:00:04 korgac
> 8841 ? 00:00:10 trashapplet
> 8848 ? 00:00:15 mixer_applet2
> 8850 ? 00:00:06 notification-ar
> 8852 ? 00:00:16 clock-applet
> 8854 ? 00:00:10 mini_commander_
> 9141 ? 00:11:17 xemacs
> 9204 ? 00:01:02 gnome-terminal
> 9205 ? 00:00:00 gnome-pty-helpe
> 9206 pts/0 00:00:00 bash
> 9213 ? 00:00:00 ssh-agent
> 9358 ? 00:00:00 gksudo
> 9361 ? 00:00:00 sudo
> 9362 ? 00:16:58 vmware
> 9368 ? 07:04:48 vmware-vmx
> 9369 ? 00:00:00 vmware-vmx
> 9405 ? 00:18:00 smbd
> 9512 ? 03:34:04 firefox-bin
> 10805 pts/1 00:00:00 bash
> 13615 ? 00:02:12 xemacs
> 13731 ? 00:00:57 python
> 24945 ? 00:08:58 gaim
> 30366 ? 00:00:00 mozilla-thunder
> 30397 ? 00:00:00 run-mozilla.sh
> 30402 ? 00:08:12 mozilla-thunder
> 14303 ? 00:04:25 java_vm
> 15856 ? 00:00:00 acpid
> 15906 ? 00:00:00 apache
> 15907 ? 00:00:00 apache
> 19961 ? 00:05:08 smbd
> 3058 ? 00:00:17 cupsd
> 3496 ? 00:00:00 syslogd
> 6191 ? 00:00:00 apache
> 11097 ? 00:00:14 soffice.bin
> 11652 ? 00:00:00 evolution-data-
> 11655 ? 00:00:00 evolution-excha
> 11906 ? 00:00:00 pickup
> 11916 pts/2 00:00:00 bash
> 11919 pts/2 00:00:00 ps
>
> Obviously I do a little more than the average joe with my machine. But
> things to look at are, nfsd, apache, smbd, nmbd, sshd, ftpd. If you
> havent installed those but yet they are running, something might be
> wrong.
>
>
>
> You can also do an nmap scan on your machine:
>
> mpatterson at mattrp:~ $ nmap localhost
>
> Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-08-08
> 17:53 EDT
> Interesting ports on localhost.localdomain (127.0.0.1):
> (The 1652 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 111/tcp open rpcbind
> 139/tcp open netbios-ssn
> 445/tcp open microsoft-ds
> 631/tcp open ipp
> 700/tcp open unknown
> 953/tcp open rndc
> 2049/tcp open nfs
> 10000/tcp open snet-sensor-mgmt
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 0.228 seconds
>
> I can account for every port that is open on my machine, so I feel
> reasonably safe.
>
> Matt
>
>
>
>
> Peter Garrett wrote:
>
>> On Mon, 08 Aug 2005 20:13:16 +0200
>> "J.Markoll" <j.markoll at free.fr> wrote:
>>
>>
>>
>>> Matt Patterson a écrit :
>>>
>>>
>>>> The best tools for checking zombifying is just looking at hte
>>>> running processes.
>>>
>>> Please, what does 'hte' here means ? I looked in 5 or 6
>>> dictionnaries on line and don't find any logical answer in the
>>> context here. It does not mean 'High-temperature electrolysis' for
>>> sure ?
>>>
>>
>>
>> I think it was meant to be "the" ;-)
>>
>>
>>
>
>
Running Webmin I see... what do you manage with webmin?
Mike K.
More information about the ubuntu-users
mailing list