Re: Why s port 111 still open?
On Mon, Aug 29, 2011 at 12:49, Bob Proulx <bob@proulx.com> wrote:
> Lisi wrote:
>> lisi@Tux:~$ lsof -i :111
>> lisi@Tux:~$
>
> Needs to be run as root.
>
> $ lsof -i :111
> $ sudo lsof -i :111
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> portmap 1569 daemon 4u IPv4 7285 0t0 UDP *:sunrpc
> portmap 1569 daemon 5u IPv4 5039 0t0 TCP *:sunrpc (LISTEN)
>
yeah, i just got to a computer and realized i should have said that :)
so, just to show the process:
root@shawn-desktop:/home/shawn# whoami
root
root@shawn-desktop:/home/shawn# nmap localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2011-08-29 13:09 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 988 closed ports
PORT STATE SERVICE
...
111/tcp open rpcbind
...
Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds
root@shawn-desktop:/home/shawn# lsof -i :111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
portmap 16262 daemon 5u IPv4 243950 0t0 UDP *:sunrpc
portmap 16262 daemon 6u IPv4 243956 0t0 TCP *:sunrpc (LISTEN)
root@shawn-desktop:/home/shawn# ps ax | grep 16262
10007 pts/1 S+ 0:00 grep 16262
16262 ? Ss 0:00 portmap
######
after looking through logs and remembering that tcpd is stupid, i did
what i originally suggested. this is a kubuntu box (don't ask), so the
results might look different
######
root@shawn-desktop:/home/shawn# find /etc/init.d/ -type f -print0 |
xargs -0 -i{} grep -H portmap {}
/etc/init.d/quotarpc:# Should-Start: $portmap rpcbind
/etc/init.d/quotarpc:# Should-Stop: $portmap rpcbinf
/etc/init.d/quotarpc:pidp=`pidof portmap`
/etc/init.d/quotarpc: # To start the daemon, portmap must be up and running
/etc/init.d/quotarpc: log_warning_msg "Not starting $DESC
rpc.rquotad, because neither portmap nor rcpbind are running"
/etc/init.d/umountnfs.sh:# Should-Stop: $network $portmap nfs-common
/etc/init.d/openbsd-inetd:checkportmap () {
/etc/init.d/openbsd-inetd: elif ! /usr/bin/rpcinfo -u localhost
portmapper >/dev/null 2>&1; then
/etc/init.d/openbsd-inetd: log_action_msg "WARNING: portmapper
inactive - RPC services unavailable!"
/etc/init.d/openbsd-inetd: checkportmap
/etc/init.d/openbsd-inetd: checkportmap
/etc/init.d/xinetd:checkportmap () {
/etc/init.d/xinetd: if ! rpcinfo -u localhost portmapper >/dev/null
2>&1; then
/etc/init.d/xinetd: echo "WARNING: portmapper inactive - RPC
services unavailable!"
/etc/init.d/xinetd: checkportmap
###
at any rate, it's being started in one (or more) of three places -
quotarpc, openbsd-inetd, xinetd. i'm going to take a wild guess and
say it's in xinetd... and be totally wrong. under kubuntu, it looks
like it's started in openbsd-inetd. at this point, i started from
another angle - noticing that the daemon was nice enough to put a
portmap.pid in /var/run:
root@shawn-desktop:/home/shawn# find /var/run/ -type f -print0 | xargs
-0 -i{} grep -H 16262 {}
/var/run/portmap.pid:16262
i took the sledgehammer approach and looked at every file in /etc for
that pid file:
root@shawn-desktop:/home/shawn# find /etc/ -type f -print0 | xargs -0
-i{} grep -H portmap.pid {}
/etc/init/portmap.conf: ln -s /var/run/portmap.pid
/lib/init/rw/sendsigs.omit.d/portmap
which seems to be the main configuration file for this ancient pos :)
just fyi, these are the *portmap* files in etc under kubuntu and their
line counts:
root@shawn-desktop:/home/shawn# find /etc -iname "*portmap*" -type f
-print0 | xargs -0 -i{} wc -l {}
11 /etc/default/portmap
46 /etc/init/portmap.conf
10 /etc/init/portmap-boot.conf
26 /etc/init/portmap-wait.conf
#############################
if someone has a better method for finding what is running services,
i'm all ears. i've gotten pretty good at tracking these down but have
often thought "there's got to be a better way" :)
Reply to: