On 2007-07-28, Jeff D <fixedored@gmail.com> wrote:
[16:37:43] Warning! Process /bin/login (3888) listening
Normally /bin/login shouldn't be listening. A couple things you could do
to see if it is listneing is:
lsof -i -n | grep LISTEN
Here's what I got - no sign of /bin/login:
lsof -i -n | grep LISTEN
portmap 2578 daemon 4u IPv4 6938 TCP *:sunrpc (LISTEN)
rpc.statd 2603 statd 8u IPv4 7009 TCP *:37381 (LISTEN)
sshd 3026 root 3u IPv6 7668 TCP *:ssh (LISTEN)
exim4 3385 Debian-exim 3u IPv4 7971 TCP 127.0.0.1:smtp (LISTEN)
inetd 3661 root 4u IPv4 8254 TCP *:auth (LISTEN)
famd 3721 tyler 3u IPv4 8323 TCP 127.0.0.1:929 (LISTEN)
apache 3826 root 16u IPv4 9177 TCP *:www (LISTEN)
apache 3827 www-data 16u IPv4 9177 TCP *:www (LISTEN)
apache 3828 www-data 16u IPv4 9177 TCP *:www (LISTEN)
apache 3829 www-data 16u IPv4 9177 TCP *:www (LISTEN)
apache 3830 www-data 16u IPv4 9177 TCP *:www (LISTEN)
apache 3839 www-data 16u IPv4 9177 TCP *:www (LISTEN)
apache 21000 www-data 16u IPv4 9177 TCP *:www (LISTEN)
apache 21001 www-data 16u IPv4 9177 TCP *:www (LISTEN)
apache 21002 www-data 16u IPv4 9177 TCP *:www (LISTEN)
identd 21568 identd 0u IPv4 8254 TCP *:auth (LISTEN)
identd 21568 identd 1u IPv4 8254 TCP *:auth (LISTEN)
identd 21568 identd 2u IPv4 8254 TCP *:auth (LISTEN)
if it is listening, it should show up there. providing lsof hasnt been
comprimised.
if you have another machine available to you, run an nmap scan on it
like so:
nmap -sV hostname
I don't have another maching available. What do you think?
Cheers,
Tyler