[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why s port 111 still open?

On Mon, Aug 29, 2011 at 12:49, Bob Proulx <bob@proulx.com> wrote:
> Lisi wrote:
>> lisi@Tux:~$  lsof -i :111
>> lisi@Tux:~$
>
> Needs to be run as root.
>
>  $ lsof -i :111
>  $ sudo lsof -i :111
>  COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
>  portmap 1569 daemon    4u  IPv4   7285      0t0  UDP *:sunrpc
>  portmap 1569 daemon    5u  IPv4   5039      0t0  TCP *:sunrpc (LISTEN)
>

yeah, i just got to a computer and realized i should have said that :)

so, just to show the process:

root@shawn-desktop:/home/shawn# whoami
root
root@shawn-desktop:/home/shawn# nmap localhost

Starting Nmap 5.00 ( http://nmap.org ) at 2011-08-29 13:09 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 988 closed ports
PORT     STATE SERVICE
...
111/tcp  open  rpcbind
...

Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds
root@shawn-desktop:/home/shawn# lsof -i :111
COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
portmap 16262 daemon    5u  IPv4 243950      0t0  UDP *:sunrpc
portmap 16262 daemon    6u  IPv4 243956      0t0  TCP *:sunrpc (LISTEN)
root@shawn-desktop:/home/shawn# ps ax | grep 16262
10007 pts/1    S+     0:00 grep 16262
16262 ?        Ss     0:00 portmap

######
after looking through logs and remembering that tcpd is stupid, i did
what i originally suggested. this is a kubuntu box (don't ask), so the
results might look different
######

root@shawn-desktop:/home/shawn# find /etc/init.d/ -type f -print0 |
xargs -0 -i{} grep -H portmap {}
/etc/init.d/quotarpc:# Should-Start:      $portmap rpcbind
/etc/init.d/quotarpc:# Should-Stop:       $portmap rpcbinf
/etc/init.d/quotarpc:pidp=`pidof portmap`
/etc/init.d/quotarpc:   # To start the daemon, portmap must be up and running
/etc/init.d/quotarpc:           log_warning_msg "Not starting $DESC
rpc.rquotad, because neither portmap nor rcpbind are running"
/etc/init.d/umountnfs.sh:# Should-Stop:       $network $portmap nfs-common
/etc/init.d/openbsd-inetd:checkportmap () {
/etc/init.d/openbsd-inetd:  elif ! /usr/bin/rpcinfo -u localhost
portmapper >/dev/null 2>&1; then
/etc/init.d/openbsd-inetd:    log_action_msg "WARNING: portmapper
inactive - RPC services unavailable!"
/etc/init.d/openbsd-inetd:        checkportmap
/etc/init.d/openbsd-inetd:      checkportmap
/etc/init.d/xinetd:checkportmap () {
/etc/init.d/xinetd:    if ! rpcinfo -u localhost portmapper >/dev/null
2>&1; then
/etc/init.d/xinetd:      echo "WARNING: portmapper inactive - RPC
services unavailable!"
/etc/init.d/xinetd:        checkportmap

###
at any rate, it's being started in one (or more) of three places -
quotarpc, openbsd-inetd, xinetd. i'm going to take a wild guess and
say it's in xinetd... and be totally wrong. under kubuntu, it looks
like it's started in openbsd-inetd. at this point, i started from
another angle - noticing that the daemon was nice enough to put a
portmap.pid in /var/run:

root@shawn-desktop:/home/shawn# find /var/run/ -type f -print0 | xargs
-0 -i{} grep -H 16262 {}
/var/run/portmap.pid:16262

i took the sledgehammer approach and looked at every file in /etc for
that pid file:

root@shawn-desktop:/home/shawn# find /etc/ -type f -print0 | xargs -0
-i{} grep -H portmap.pid {}
/etc/init/portmap.conf: ln -s /var/run/portmap.pid
/lib/init/rw/sendsigs.omit.d/portmap

which seems to be the main configuration file for this ancient pos :)
just fyi, these are the *portmap* files in etc under kubuntu and their
line counts:
root@shawn-desktop:/home/shawn# find /etc -iname "*portmap*" -type f
-print0 | xargs -0 -i{} wc -l {}
11 /etc/default/portmap
46 /etc/init/portmap.conf
10 /etc/init/portmap-boot.conf
26 /etc/init/portmap-wait.conf

#############################

if someone has a better method for finding what is running services,
i'm all ears. i've gotten pretty good at tracking these down but have
often thought "there's got to be a better way" :)
Reply to: