[CentOS] process identification

Fri Sep 19 15:01:22 UTC 2014
m.roth at 5-cent.us <m.roth at 5-cent.us>

Valeri Galtsev wrote:
> On Fri, September 19, 2014 9:14 am, kqt4at5v at gmail.com wrote:
>> On Fri, 19 Sep 2014, Reindl Harald wrote:
>>> Am 19.09.2014 um 15:58 schrieb kqt4at5v at gmail.com:
>>>> On Fri, 19 Sep 2014, Reindl Harald wrote:
>>>>> Am 19.09.2014 um 15:45 schrieb kqt4at5v at gmail.com:
>>>>>> I am running CentOS 6.5. I know this is not a CentOS specific
>>>>>> problem.
>>>>>> Netstat shows several open ports and no pid.
>>>>>>
>>>>>> tcp    0  0 *:48720                 *:*                 LISTEN
>>>>>> -
>>>>>> tcp    0  0 *:43422
>>>>>> *:*                 LISTEN      -
>>>>>> udp    0  0 *:50216                 *:*
>>>>>
>>>>> alias netstat='/bin/netstat --numeric-hosts --numeric-ports --notrim
>>>>> --programs -u -t'
>>>>>        /bin/netstat
>>>>>
>>>>> [root at openvas:~]$ /bin/netstat --numeric-hosts --numeric-ports
>>>>> --notrim --programs -u -t -l
>>>>> Aktive Internetverbindungen (Nur Server)
>>>>> Proto Recv-Q Send-Q Local Address               Foreign Address
>>>>>      State       PID/Program name
>>>>> tcp        0      0 127.0.0.1:9390              0.0.0.0:*
>>>>>      LISTEN      5454/openvasmd
>>>>> tcp        0      0 127.0.0.1:9391              0.0.0.0:*
>>>>>      LISTEN      5473/openvassd
>>>>> tcp        0      0 0.0.0.0:443                 0.0.0.0:*
>>>>>      LISTEN      5438/gsad
>>>>> tcp        0      0 0.0.0.0:10022               0.0.0.0:*
>>>>>      LISTEN      1177/sshd
>>>>
>>>> This netstat show exactly the same
<snip>
>> My bad I should have said. My original commands were
>> sudo netstat -tulpn | less
>> sudo lsof | less
>> I have several CentOS 6.5 machines and only one shows these odd ports.
>> I have also run chkrootkit and used clamscan to check filesystems.
>> It may be harmless but my curiosity is killing me.
<snip>
Here's a suggestion: look at /etc/sysconfig/iptables. Make sure that it
looks the way it's supposed to. Then you could put in a rule to kill one
or more of those questionable ports, and service iptables restart, and see
what happens.

        mark