Συντάκτης: Antoine Ημερομηνία: Προς: dng Αντικείμενο: Re: [DNG] Tiger is being confusing.
On Tuesday, 7 February at 16:37, onefang wrote: >I've been trying out the tiger security tool for some time. So far I've
>disable one of it's checks coz it was all bogus.
>
>Now I'm looking at it's lin003w listening processes checker. I get
>emails full of lines like this -
>
>NEW: --WARN-- [lin003w] The process `muse4' is listening on socket 4844092 (IPv4 on 4844092 interface) is run by 87260.
>
>Yep, I'm running MusE. I thought the "socket" was a port number, but
>that's way to high to be a port number. I don't have any interfaces with
>numbers like that. The number at the end should be a user, bat again
>isn't that way too high for user ID?
Network connection ports are sockets, yes, but *nices can also have sockets
as files (run "ss -x" to see which ones are open on your system, and "ss -lx"
to see the listening ones).
On my system, they're mostly in the 20000 range, but if those are inode
numbers, they could vary a good deal on different systems.
There are several inode-related settings in /proc/sys/fs, but I admit I don't
know exactly what each one means. You'd need to ask more knowledgeable people
on this list.
>
>The socket number always matches the interface number, and changes often,
>the number at the end always changes, there'll be heaps of these lines in
>any given email, and other processes mentioned as well. Rarely my actual
>user name is listed at the end. The specific processes do indeed have
>IPv4 ports open, one is MariaDB listening to localhost on the usual MySQL
>port, one is an OpenSim viewer that is connected my OpenSim server. Not
>sure why MusE has a UDP port 0.0.0.0 listed, but it is connected to JACK,
>and I have no idea if that involves UDP.
>
>Can't find anything on the web with those too high numbers or numeric
>users. Is this yet more bogus tiger reports? Is tiger any good? What
>are the good alternatives?
--
Your future is whatever you make it.
So make it a good one!