Hey CentOS folks!
I have an interesting issue with starting a server on a CentOS 6 KVM guest. The server (service) in particular is gotour, which is a web application created by Google and their Golang developers, intended to teach users the basics of using the Go programming langauge.
When starting gotour, the program claims to be binding to port 12049, but the VM doesn't seem to be serving anything on that port. Upon checking the netstat output, I see a process bound to port 12049.
It is definitley possible that the problem is with Go itself, but I'd like to rule out the possibility that something on an out-of-the-box CentOS 6 image might be preventing the server from working.
Here is some of the output:
[appengine@centos6-paas-dev gotour]$ gotour 2014/04/17 22:04:33 Serving content from /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour 2014/04/17 22:04:33 WARNING! WARNING! WARNING! I appear to be listening on an address that is not localhost. Anyone with access to this address and port will have access to this machine as the user running gotour. If you don't understand this message, hit Control-C to terminate this process. WARNING! WARNING! WARNING! 2014/04/17 22:04:34 Please open your web browser and visit http://10.10.10.205:12049
[root@centos6-paas-dev ~]# netstat -pnaevZ Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Security Context ... tcp 0 0 10.10.10.205:12049 0.0.0.0:* LISTEN 505 224898 9331/gotour fined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[appengine@centos6-paas-dev gotour]$ getenforce Permissive
Any ideas?
On 04/18/2014 01:13 PM, Evan Rowley wrote:
Hey CentOS folks!
I have an interesting issue with starting a server on a CentOS 6 KVM guest. The server (service) in particular is gotour, which is a web application created by Google and their Golang developers, intended to teach users the basics of using the Go programming langauge.
When starting gotour, the program claims to be binding to port 12049, but the VM doesn't seem to be serving anything on that port. Upon checking the netstat output, I see a process bound to port 12049.
It is definitley possible that the problem is with Go itself, but I'd like to rule out the possibility that something on an out-of-the-box CentOS 6 image might be preventing the server from working.
Here is some of the output:
[appengine@centos6-paas-dev gotour]$ gotour 2014/04/17 22:04:33 Serving content from /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour 2014/04/17 22:04:33 WARNING! WARNING! WARNING! I appear to be listening on an address that is not localhost. Anyone with access to this address and port will have access to this machine as the user running gotour. If you don't understand this message, hit Control-C to terminate this process. WARNING! WARNING! WARNING! 2014/04/17 22:04:34 Please open your web browser and visit http://10.10.10.205:12049
[root@centos6-paas-dev ~]# netstat -pnaevZ Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Security Context ... tcp 0 0 10.10.10.205:12049 0.0.0.0:* LISTEN 505 224898 9331/gotour fined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[appengine@centos6-paas-dev gotour]$ getenforce Permissive
Any ideas
iptables -L ? do you have the local firewall running? 'service iptables stop', test, but don't leave it that way.
zep, you nailed it.
It was exactly iptables that caused the issue for me.
Thanks. You rock!
On Fri, Apr 18, 2014 at 1:20 PM, zep zgreenfelder@gmail.com wrote:
On 04/18/2014 01:13 PM, Evan Rowley wrote:
Hey CentOS folks!
I have an interesting issue with starting a server on a CentOS 6 KVM
guest.
The server (service) in particular is gotour, which is a web application created by Google and their Golang developers, intended to teach users
the
basics of using the Go programming langauge.
When starting gotour, the program claims to be binding to port 12049, but the VM doesn't seem to be serving anything on that port. Upon checking
the
netstat output, I see a process bound to port 12049.
It is definitley possible that the problem is with Go itself, but I'd
like
to rule out the possibility that something on an out-of-the-box CentOS 6 image might be preventing the server from working.
Here is some of the output:
[appengine@centos6-paas-dev gotour]$ gotour 2014/04/17 22:04:33 Serving content from /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour 2014/04/17 22:04:33 WARNING! WARNING! WARNING! I appear to be listening on an address that is not localhost. Anyone with access to this address and port will have access to this machine as the user running gotour. If you don't understand this message, hit Control-C to terminate this process. WARNING! WARNING! WARNING! 2014/04/17 22:04:34 Please open your web browser and visit http://10.10.10.205:12049
[root@centos6-paas-dev ~]# netstat -pnaevZ Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Security Context ... tcp 0 0 10.10.10.205:12049 0.0.0.0:* LISTEN 505 224898 9331/gotour fined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[appengine@centos6-paas-dev gotour]$ getenforce Permissive
Any ideas
iptables -L ? do you have the local firewall running? 'service iptables stop', test, but don't leave it that way. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 04/18/2014 12:13 PM, Evan Rowley wrote:
Hey CentOS folks!
I have an interesting issue with starting a server on a CentOS 6 KVM guest. The server (service) in particular is gotour, which is a web application created by Google and their Golang developers, intended to teach users the basics of using the Go programming langauge.
When starting gotour, the program claims to be binding to port 12049, but the VM doesn't seem to be serving anything on that port. Upon checking the netstat output, I see a process bound to port 12049.
It is definitley possible that the problem is with Go itself, but I'd like to rule out the possibility that something on an out-of-the-box CentOS 6 image might be preventing the server from working.
Here is some of the output:
[appengine@centos6-paas-dev gotour]$ gotour 2014/04/17 22:04:33 Serving content from /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour 2014/04/17 22:04:33 WARNING! WARNING! WARNING! I appear to be listening on an address that is not localhost. Anyone with access to this address and port will have access to this machine as the user running gotour. If you don't understand this message, hit Control-C to terminate this process. WARNING! WARNING! WARNING! 2014/04/17 22:04:34 Please open your web browser and visit http://10.10.10.205:12049
[root@centos6-paas-dev ~]# netstat -pnaevZ Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Security Context ... tcp 0 0 10.10.10.205:12049 0.0.0.0:* LISTEN 505 224898 9331/gotour fined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[appengine@centos6-paas-dev gotour]$ getenforce Permissive
Any ideas?
Is that port open in your host firewall? A quick check with iptables should tell you. If 'iptables -L -n | grep 12049' doesn't return something then it might need to be opened up in the firewall.
For the record, this is what I added to /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 12049 -j ACCEPT
^ right after the same line for allowing SSH connections.
On Fri, Apr 18, 2014 at 1:22 PM, Jay Leafey jay.leafey@mindless.com wrote:
On 04/18/2014 12:13 PM, Evan Rowley wrote:
Hey CentOS folks!
I have an interesting issue with starting a server on a CentOS 6 KVM guest. The server (service) in particular is gotour, which is a web application created by Google and their Golang developers, intended to teach users the basics of using the Go programming langauge.
When starting gotour, the program claims to be binding to port 12049, but the VM doesn't seem to be serving anything on that port. Upon checking the netstat output, I see a process bound to port 12049.
It is definitley possible that the problem is with Go itself, but I'd like to rule out the possibility that something on an out-of-the-box CentOS 6 image might be preventing the server from working.
Here is some of the output:
[appengine@centos6-paas-dev gotour]$ gotour 2014/04/17 22:04:33 Serving content from /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour 2014/04/17 22:04:33 WARNING! WARNING! WARNING! I appear to be listening on an address that is not localhost. Anyone with access to this address and port will have access to this machine as the user running gotour. If you don't understand this message, hit Control-C to terminate this process. WARNING! WARNING! WARNING! 2014/04/17 22:04:34 Please open your web browser and visit http://10.10.10.205:12049
[root@centos6-paas-dev ~]# netstat -pnaevZ Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Security Context ... tcp 0 0 10.10.10.205:12049 0.0.0.0:* LISTEN 505 224898 9331/gotour fined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[appengine@centos6-paas-dev gotour]$ getenforce Permissive
Any ideas?
Is that port open in your host firewall? A quick check with iptables should tell you. If 'iptables -L -n | grep 12049' doesn't return something then it might need to be opened up in the firewall.
-- Jay Leafey - jay.leafey@mindless.com Memphis, TN
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Your network config needs attention
(Sent from iPhone, so please accept my apologies in advance for any spelling or grammatical errors.)
On Apr 18, 2014, at 10:13 AM, Evan Rowley rowley.evan@gmail.com wrote:
Hey CentOS folks!
I have an interesting issue with starting a server on a CentOS 6 KVM guest. The server (service) in particular is gotour, which is a web application created by Google and their Golang developers, intended to teach users the basics of using the Go programming langauge.
When starting gotour, the program claims to be binding to port 12049, but the VM doesn't seem to be serving anything on that port. Upon checking the netstat output, I see a process bound to port 12049.
It is definitley possible that the problem is with Go itself, but I'd like to rule out the possibility that something on an out-of-the-box CentOS 6 image might be preventing the server from working.
Here is some of the output:
[appengine@centos6-paas-dev gotour]$ gotour 2014/04/17 22:04:33 Serving content from /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour 2014/04/17 22:04:33 WARNING! WARNING! WARNING! I appear to be listening on an address that is not localhost. Anyone with access to this address and port will have access to this machine as the user running gotour. If you don't understand this message, hit Control-C to terminate this process. WARNING! WARNING! WARNING! 2014/04/17 22:04:34 Please open your web browser and visit http://10.10.10.205:12049
[root@centos6-paas-dev ~]# netstat -pnaevZ Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Security Context ... tcp 0 0 10.10.10.205:12049 0.0.0.0:* LISTEN 505 224898 9331/gotour fined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[appengine@centos6-paas-dev gotour]$ getenforce Permissive
Any ideas?
--
- EJR
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hal Wigoda wrote:
Your network config needs attention
On Apr 18, 2014, at 10:13 AM, Evan Rowley rowley.evan@gmail.com wrote:
<snip>
Here is some of the output:
[appengine@centos6-paas-dev gotour]$ gotour 2014/04/17 22:04:33 Serving content from /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour 2014/04/17 22:04:33 WARNING! WARNING! WARNING! I appear to be listening on an address that is not localhost. Anyone with access to this address and port will have access to this machine as the user running gotour. If you don't understand this message, hit Control-C to terminate this process. WARNING! WARNING! WARNING! 2014/04/17 22:04:34 Please open your web browser and visit http://10.10.10.205:12049
<snip> Is that 10.10.10.205 on your internal network, or is it the host's visible to the guest network? Have you gone there?
mark
Tbh, this is actually running on an undisclosed public IP address. The server is only being used for small tests, so I do consider it somewhat disposable. Even then, I should look into isolating it's exposure with some stricter iptables rules. On Apr 18, 2014 3:28 PM, m.roth@5-cent.us wrote:
Hal Wigoda wrote:
Your network config needs attention
On Apr 18, 2014, at 10:13 AM, Evan Rowley rowley.evan@gmail.com
wrote:
<snip> >> Here is some of the output: >> >> [appengine@centos6-paas-dev gotour]$ gotour >> 2014/04/17 22:04:33 Serving content from >> /home/appengine/goprojects/firstproj/go/src/code.google.com/p/go-tour >> 2014/04/17 22:04:33 >> WARNING! WARNING! WARNING! >> I appear to be listening on an address that is not localhost. >> Anyone with access to this address and port will have access >> to this machine as the user running gotour. >> If you don't understand this message, hit Control-C to terminate this >> process. >> WARNING! WARNING! WARNING! >> 2014/04/17 22:04:34 Please open your web browser and visit >> http://10.10.10.205:12049 <snip> Is that 10.10.10.205 on your internal network, or is it the host's visible to the guest network? Have you gone there?
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Do somebody had this situation where an Email is sent every minutes to a specific user named michel. These emails are incoming from: Root with an header like: Cron michel@donais ~/.h5siP >/dev/null 2>/dev/null; and a text message as: /bin/sh: no: command not found
There is a cron task named h5siP in the path of this user; he is the only one affected by this situation. I found that this script have a relation with an other one named as R5Agz
If I remove the cron job h5siP from the cron listing and I restart cron the script is back a few minutes later. .h5siP-p and .R5Agz-p are located in dev/shm/ and both contain a process number as 23374 and 35678 .R5Agz and .h5siP can be found in a user named michel repertory wich the one who receive a lot of emails .h5siP is also located in /temp
The only changes we made to our system was yesterday. We made an automatic yum updte of three programs ; java 1.6. kpartx and device-mapper-multipath. I don't know if there is a relation or do I face a kind of virus?
I hope somebody can help
---
Michel Donais
On Tue, Apr 22, 2014 at 7:40 PM, Michel Donais donais@telupton.com wrote:
Do somebody had this situation where an Email is sent every minutes to a specific user named michel. These emails are incoming from: Root with an header like: Cron michel@donais ~/.h5siP >/dev/null 2>/dev/null; and a text message as: /bin/sh: no: command not found
There is a cron task named h5siP in the path of this user; he is the only one affected by this situation. I found that this script have a relation with an other one named as R5Agz
Did this user intentionally set up something that automatically recreates cronjobs?
If I remove the cron job h5siP from the cron listing and I restart cron the script is back a few minutes later.
If a person was to guess blindly, they might suspect that a nefarious person has compromised your server and set a cronjob. Without knowing more about your set up and how you have protected your servers (if SSH is open to the world, has SSH been brute forced, who has last logged in, etc), it will be tough to give good answers.
Years ago, I found remnants of cronjobs in /var/spool/cron/ on a shared web server that was compromised (and subsequently cleaned up). By the sounds of it, those files are user cronjobs which will be in the cron spool.
.h5siP-p and .R5Agz-p are located in dev/shm/ and both contain a process number as 23374 and 35678 .R5Agz and .h5siP can be found in a user named michel repertory wich the one who receive a lot of emails .h5siP is also located in /temp
The only changes we made to our system was yesterday. We made an automatic yum updte of three programs ; java 1.6. kpartx and device-mapper-multipath. I don't know if there is a relation or do I face a kind of virus?
For starters, you need to find out what those cronjobs are doing -- that will indicate the urgency. Use strace to connect to those processes. strace -p <pid#>
And from there, determine what is creating that file. You would think that whatever it is, would routinely check for the file to exist and you could catch it by grepping the output from lsof.
I hope somebody can help
Michel Donais
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Did this user intentionally set up something that automatically recreates cronjobs?
No, he cannot do such a task. Yesterday, our business was closed; so no body there. This morning we found at 7:30 am we found 826 emails in his mailbox. For one a minute this process was started around 13.76 hours sooner wich mean this process was created round 17:45 monday at the end of the afternoon.
Strange situation
--- Michel Donais
-
Evan Rowley -
Hal Wigoda -
Jay Leafey -
m.roth@5-cent.us -
Michel Donais -
SilverTip257 -
zep