Autor: onefang Fecha: A: dng Asunto: [DNG] Tiger is being confusing.
I've been trying out the tiger security tool for some time. So far I've
disable one of it's checks coz it was all bogus.
Now I'm looking at it's lin003w listening processes checker. I get
emails full of lines like this -
NEW: --WARN-- [lin003w] The process `muse4' is listening on socket 4844092 (IPv4 on 4844092 interface) is run by 87260.
Yep, I'm running MusE. I thought the "socket" was a port number, but
that's way to high to be a port number. I don't have any interfaces with
numbers like that. The number at the end should be a user, bat again
isn't that way too high for user ID?
The socket number always matches the interface number, and changes often,
the number at the end always changes, there'll be heaps of these lines in
any given email, and other processes mentioned as well. Rarely my actual
user name is listed at the end. The specific processes do indeed have
IPv4 ports open, one is MariaDB listening to localhost on the usual MySQL
port, one is an OpenSim viewer that is connected my OpenSim server. Not
sure why MusE has a UDP port 0.0.0.0 listed, but it is connected to JACK,
and I have no idea if that involves UDP.
Can't find anything on the web with those too high numbers or numeric
users. Is this yet more bogus tiger reports? Is tiger any good? What
are the good alternatives?
--
A big old stinking pile of genius that no one wants
coz there are too many silver coated monkeys in the world.