I posted here before asking for help in determining whether or not I was having security breechs. I was told (off the board) that the entries I was concerned about was not a big deal. OK, I know I am a little paranoid, but am new to being open to ssh connections from the `net, and being paranoid doesn't mean their not really after you!
Alright, I use MCC to set up the ssh server, and had specifically set it to not allow root logins. Yesterday, was double checking how I had it set up and to my surprise I found that root login somehow changed to "Yes - with password". OK, changed it back and also put "root" in deny users file. Today, checked again, and the file had been changed to allow root login - yes.
I also have line after line of this type of entry:
Nov 8 05:48:05 localhost sshd[16874]: Connection from 208.67.248.222 port 47297
Nov 8 05:48:05 localhost sshd[16874]: reverse mapping checking getaddrinfo for mail.reflx.net failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 8 05:48:05 localhost sshd[16874]: User root from 208.67.248.222 not allowed because listed in DenyUsers
Nov 8 05:48:05 localhost sshd[16874]: error: Could not get shadow information for NOUSER
Nov 8 05:48:05 localhost sshd[16874]: Failed password for invalid user root from 208.67.248.222 port 47297 ssh2
Nov 8 05:48:05 localhost sshd[16874]: Excess permission or bad ownership on file /var/log/btmp
Nov 8 05:48:06 localhost sshd[16876]: Connection from 208.67.248.222 port 47363
Nov 8 05:48:06 localhost sshd[16876]: reverse mapping checking getaddrinfo for mail.reflx.net failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 8 05:48:06 localhost sshd[16876]: User root from 208.67.248.222 not allowed because listed in DenyUsers
So, should I be worried, and/or what, if anything should I do?
I have security set to "high", and only have port 22 open to the `net. I know one of the things I should do is put ssh to some oddball port, but other than that?
Full Version: More log files [solved]
I would turn off ssh for a while. And you might even consider a re-install, has it's possible a hacker gained access - or it could just be someone attempting root access but failing, and the root allow login is getting reset - but if it's also in deny users, then you actually have it protected twice.
As far as who's attacking you...I would contact colomart. A whois revealed that this is a hosting company. It's possible someone is staging attacks from one of their hosted, shared, or co-location servers. They would want to know about this. Provide to them as much detail and logs as you can (obviously without being repetitive) - try and give a range of time that the attacks were occurring during; in case there's any consistency to that. Also be sure to provide at least an example of any logs that you have, check your ssh logs, check your sys logs for the same periods of time if you can - that sort of thing.
As far as who's attacking you...I would contact colomart. A whois revealed that this is a hosting company. It's possible someone is staging attacks from one of their hosted, shared, or co-location servers. They would want to know about this. Provide to them as much detail and logs as you can (obviously without being repetitive) - try and give a range of time that the attacks were occurring during; in case there's any consistency to that. Also be sure to provide at least an example of any logs that you have, check your ssh logs, check your sys logs for the same periods of time if you can - that sort of thing.
I agree with tyme, its a fact of life unfortunately....
I get hundreds, sometimes tens of thousands per day...
Watch out for dictionary attacks.... I now have my public facing username extremely long... its a pain to type but its more of a passphrase ... and the password is equally long.
Most dictionary attacks start aa, ab, ac etc. I had a two letter user who was cracked ... it only takes 26^26 combinations to find that username and these attacks can come from hundreds of places at once when they hijack enough hosts...so for instance you can be on aa,ab from Bulgaria and ja,jb from Poland etc.
Turn off ssh1
Protocol 2
try a different port for a week ....
works wonders....
try using denyhosts (a package)... it automatically bans IP's for X number of failed logins.by adding to your hosts.deny.. and mails you.
My hosts.deny has well over 5000 entries....
NEVER EVER post a username on a board.... I get thousands of attempted logins with gowator as the username... where do they get it? Well my sig has my static IP address and I guess they figure I must have a gowator user? It makes it twice as easy if they know a valid user name ..then they can concentrate on the password... and with 30,000 attempts a day ....???
Example username password....
g0wat0rsu3k3eggs4dinn3r/m0nk3ys3atp3anuts4fun
This way they have 23^36 combinations for the username.... but I doubt they try past x chars.... apart from dictionary words .. each run takes exponentially longer and though they are not from their own computer they will soon give up.... what they want is another drone host to attack someone else..
I get hundreds, sometimes tens of thousands per day...
Watch out for dictionary attacks.... I now have my public facing username extremely long... its a pain to type but its more of a passphrase ... and the password is equally long.
Most dictionary attacks start aa, ab, ac etc. I had a two letter user who was cracked ... it only takes 26^26 combinations to find that username and these attacks can come from hundreds of places at once when they hijack enough hosts...so for instance you can be on aa,ab from Bulgaria and ja,jb from Poland etc.
Turn off ssh1
Protocol 2
try a different port for a week ....
works wonders....try using denyhosts (a package)... it automatically bans IP's for X number of failed logins.by adding to your hosts.deny.. and mails you.
My hosts.deny has well over 5000 entries....
NEVER EVER post a username on a board.... I get thousands of attempted logins with gowator as the username... where do they get it? Well my sig has my static IP address and I guess they figure I must have a gowator user? It makes it twice as easy if they know a valid user name ..then they can concentrate on the password... and with 30,000 attempts a day ....???
Example username password....
g0wat0rsu3k3eggs4dinn3r/m0nk3ys3atp3anuts4fun
This way they have 23^36 combinations for the username.... but I doubt they try past x chars.... apart from dictionary words .. each run takes exponentially longer and though they are not from their own computer they will soon give up.... what they want is another drone host to attack someone else..
QUOTE (Gowator @ Nov 9 2006, 03:50 AM) 
I agree with tyme, its a fact of life unfortunately....
Reinstall? The entire system, or just ssh server?
QUOTE
I get hundreds, sometimes tens of thousands per day...
I seem to get merely scores. Most of them from India, China, Korea, etc. This is the first I have noted from within the US.
QUOTE
Watch out for dictionary attacks.... I now have my public facing username extremely long... its a pain to type but its more of a passphrase ... and the password is equally long.
Most dictionary attacks start aa, ab, ac etc. I had a two letter user who was cracked ... it only takes 26^26 combinations to find that username and these attacks can come from hundreds of places at once when they hijack enough hosts...so for instance you can be on aa,ab from Bulgaria and ja,jb from Poland etc.
Most dictionary attacks start aa, ab, ac etc. I had a two letter user who was cracked ... it only takes 26^26 combinations to find that username and these attacks can come from hundreds of places at once when they hijack enough hosts...so for instance you can be on aa,ab from Bulgaria and ja,jb from Poland etc.
I have not (yet) seen dictionary attacks, but have instead seen attacks with a long list of names tried in largely alphabetical order. I would guess that they just loaded a list from a "baby names" book into the script they are running, so with a long enough list, and user names that are real peoples names, they will eventually hit one of them - not that I have many users, this is after just my home system with very few users anyway.
I have some user names in "allow", and several entries in "deny". If I understand this correctly, being not listed in "allow", or specifically listed in "deny" will not let any other user name in, so in a way, it's a double protection.
QUOTE
Turn off ssh1
It is.
QUOTE
Protocol 2
Tis set up here with a 2048 rsa key. At the moment, I still have password entry allowed, but that is for the benefit of the one "test user", a friend who has already helped with tightening security here. I plan on turning that off prior to leaving for my next trip so without a rsa public key, should not be able to get on at all.
QUOTE
try a different port for a week .... works wonders....
works wonders....Got a range I should pick from?
QUOTE
try using denyhosts (a package)... it automatically bans IP's for X number of failed logins.by adding to your hosts.deny.. and mails you.
My hosts.deny has well over 5000 entries....
My hosts.deny has well over 5000 entries....
I will give that a try. It also occurs to me that perhaps I should turn off pinging.
QUOTE
NEVER EVER post a username on a board.... I get thousands of attempted logins with gowator as the username... where do they get it? Well my sig has my static IP address and I guess they figure I must have a gowator user? It makes it twice as easy if they know a valid user name ..then they can concentrate on the password... and with 30,000 attempts a day ....???
I have not posted a user name that I am aware of. Also, the first part of my domain is not "localhost" for that matter.
QUOTE
Example username password....
g0wat0rsu3k3eggs4dinn3r/m0nk3ys3atp3anuts4fun
This way they have 23^36 combinations for the username.... but I doubt they try past x chars.... apart from dictionary words .. each run takes exponentially longer and though they are not from their own computer they will soon give up.... what they want is another drone host to attack someone else..
g0wat0rsu3k3eggs4dinn3r/m0nk3ys3atp3anuts4fun
This way they have 23^36 combinations for the username.... but I doubt they try past x chars.... apart from dictionary words .. each run takes exponentially longer and though they are not from their own computer they will soon give up.... what they want is another drone host to attack someone else..
That would be a major pain, but might be worth instigating.
QUOTE (riseringseeker @ Nov 9 2006, 04:44 PM)
QUOTE (Gowator @ Nov 9 2006, 03:50 AM)
I agree with tyme, its a fact of life unfortunately....
Reinstall? The entire system, or just ssh server?
Well it depends on how paranoid ?
Try a live cd with a check rootkit (kanotix works) ... obviously the ultimate is reinstall from scratch ...
not always a bad thing if you have played about with stuff... then decided to harden security ...I just reinstalled debian stable on my server because I had largely played about a lot and lost track ... just odd changing permissions here and there ... usually stuff I mean to be temporary and then forget ...
QUOTE
QUOTE
I get hundreds, sometimes tens of thousands per day...
I seem to get merely scores. Most of them from India, China, Korea, etc. This is the first I have noted from within the US.
Yeah hosting websites does that .... but I think also its sorta random... groups of script kiddies decide to have a go at a host and I guess its a competition... they already have control of hundreds and use these to attack you.
QUOTE
QUOTE
Watch out for dictionary attacks.... I now have my public facing username extremely long... its a pain to type but its more of a passphrase ... and the password is equally long.
Most dictionary attacks start aa, ab, ac etc. I had a two letter user who was cracked ... it only takes 26^26 combinations to find that username and these attacks can come from hundreds of places at once when they hijack enough hosts...so for instance you can be on aa,ab from Bulgaria and ja,jb from Poland etc.
Most dictionary attacks start aa, ab, ac etc. I had a two letter user who was cracked ... it only takes 26^26 combinations to find that username and these attacks can come from hundreds of places at once when they hijack enough hosts...so for instance you can be on aa,ab from Bulgaria and ja,jb from Poland etc.
I have not (yet) seen dictionary attacks, but have instead seen attacks with a long list of names tried in largely alphabetical order. I would guess that they just loaded a list from a "baby names" book into the script they are running, so with a long enough list, and user names that are real peoples names, they will eventually hit one of them - not that I have many users, this is after just my home system with very few users anyway.
That was how it started for me
I dumped the logs a while ago they were massive... but they started off like you say then progressed... QUOTE
I have some user names in "allow", and several entries in "deny". If I understand this correctly, being not listed in "allow", or specifically listed in "deny" will not let any other user name in, so in a way, it's a double protection.
Yep I have ALL users in deny except one.... really one is all you need unless your using nxserver etc. and want GUI desktops etc. over the internet.
QUOTE
Tis set up here with a 2048 rsa key. At the moment, I still have password entry allowed, but that is for the benefit of the one "test user", a friend who has already helped with tightening security here. I plan on turning that off prior to leaving for my next trip so without a rsa public key, should not be able to get on at all.
Well just deny all users except that and make the username password long... if its your buddies old address or something its amazing how fast you get to typing it...
QUOTE
QUOTE
try a different port for a week .... works wonders....
works wonders....Got a range I should pick from?
No expert here but any your not using.... it doesn't really matter to ssh
nmap -sT hostname
see
http://www.redhat.com/docs/manuals/linux/R...rver-ports.html
As far as ports, use something over 2000 just to make sure you don't encroach on any other necessary ports. And don't use 31337. Here's a list of well-known ports, you'll want to choose one not on that list.
As far as the reinstall, as Gowator said that depends on your paranoid level. If you think someone actually succeeded in hacking you, then reinstalling is easier than hunting down what the hacker did in case he left himself a backdoor/trojan/zombie program. Checking it with a rootkit program as G suggests is definitely a good first step. I'd also look through a ps -aux for any oddball processes. Also, run netstat -a while logged in and look for strange services that are attached to odd ports.
As far as the reinstall, as Gowator said that depends on your paranoid level. If you think someone actually succeeded in hacking you, then reinstalling is easier than hunting down what the hacker did in case he left himself a backdoor/trojan/zombie program. Checking it with a rootkit program as G suggests is definitely a good first step. I'd also look through a ps -aux for any oddball processes. Also, run netstat -a while logged in and look for strange services that are attached to odd ports.
QUOTE (tyme @ Nov 9 2006, 11:12 AM)
As far as ports, use something over 2000 just to make sure you don't encroach on any other necessary ports. And don't use 31337. Here's a list of well-known ports, you'll want to choose one not on that list.
As far as the reinstall, as Gowator said that depends on your paranoid level. If you think someone actually succeeded in hacking you, then reinstalling is easier than hunting down what the hacker did in case he left himself a backdoor/trojan/zombie program. Checking it with a rootkit program as G suggests is definitely a good first step. I'd also look through a ps -aux for any oddball processes. Also, run netstat -a while logged in and look for strange services that are attached to odd ports.
As far as the reinstall, as Gowator said that depends on your paranoid level. If you think someone actually succeeded in hacking you, then reinstalling is easier than hunting down what the hacker did in case he left himself a backdoor/trojan/zombie program. Checking it with a rootkit program as G suggests is definitely a good first step. I'd also look through a ps -aux for any oddball processes. Also, run netstat -a while logged in and look for strange services that are attached to odd ports.
Thanks, Tyme. Of course it would help in I knew what netstat and ps normally showed, that way I might be in a better position to see if there is anything unusual.
Apparently I am going to have to ask for help in installing denyhosts though. I keep being told it needs python 2.4 (my system shows 2.4.3), or, in the case of the tarball, says:
QUOTE
error: invalid Python installation: unable to open /usr/lib/python2.4/config/Makefile (No such file or directory)
You can check, and always symlink python2.4 to the 2.43 installation if it doesn't exist.
QUOTE (riseringseeker @ Nov 9 2006, 10:59 PM)
Of course it would help in I knew what netstat and ps normally showed, that way I might be in a better position to see if there is anything unusual.
You could post the outputs here, and I could take a look through them.
QUOTE (tyme @ Nov 10 2006, 07:52 AM)
QUOTE (riseringseeker @ Nov 9 2006, 10:59 PM)
Of course it would help in I knew what netstat and ps normally showed, that way I might be in a better position to see if there is anything unusual.
You could post the outputs here, and I could take a look through them.OK, here's netstat -a, usernames and domains edited, otherwise a cut and paste.
QUOTE
#netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.somedns.org:2208 *:* LISTEN
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 localhost.somedns.or:46660 *:* LISTEN
tcp 0 0 *:swat *:* LISTEN
tcp 0 0 *:nut *:* LISTEN
tcp 0 0 192.168.2.2:9222 *:* LISTEN
tcp 0 0 localhost.somedns.or:10026 *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:943 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:57009 *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
tcp 0 0 localhost.somedns.org:smtp *:* LISTEN
tcp 0 0 *:7741 *:* LISTEN
tcp 0 0 *:microsoft-ds *:* LISTEN
tcp 0 0 *:39741 *:* LISTEN
tcp 0 0 *:40511 *:* LISTEN
tcp 0 0 192.168.2.2:52245 72.14.223.99:http ESTABLISHED
tcp 0 0 192.168.2.2:53179 a-70-183-191-115.deplo:http ESTABLISHED
tcp 0 0 192.168.2.2:43745 64.233.163.104:http ESTABLISHED
tcp 0 0 192.168.2.2:48512 209.62.188.20:http ESTABLISHED
tcp 0 0 192.168.2.2:48292 70.167.151.135:http ESTABLISHED
tcp 0 0 192.168.2.2:48279 70.167.151.135:http ESTABLISHED
tcp 0 0 192.168.2.2:54347 a-70-183-191-82.deploy:http ESTABLISHED
tcp 0 0 192.168.2.2:59917 a-70-183-191-75.deplo:https ESTABLISHED
tcp 0 0 192.168.2.2:59916 a-70-183-191-75.deplo:https ESTABLISHED
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
udp 0 0 *:32768 *:*
udp 0 0 *:nfs *:*
udp 0 0 *:32770 *:*
udp 0 0 *:32771 *:*
udp 0 0 192.168.2.2:netbios-ns *:*
udp 0 0 *:netbios-ns *:*
udp 0 0 192.168.2.2:netbios-dgm *:*
udp 0 0 *:netbios-dgm *:*
udp 0 0 *:940 *:*
udp 0 0 *:7741 *:*
udp 0 0 *:730 *:*
udp 0 0 *:5353 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 192.168.2.2:ntp *:*
udp 0 0 localhost.somedns.org:ntp *:*
udp 0 0 *:ntp *:*
udp 0 0 *:32769 *:*
udp 0 0 *:ntp *:*
raw 0 0 *:icmp *:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 5990 /var/spool/postfix/dev/log
unix 2 [ ACC ] STREAM LISTENING 15574 /home/<username>/tmp/ksocket-<username>/klauncherhlGBWb.slave-socket
unix 2 [ ACC ] STREAM LISTENING 10644 /var/run/xdmctl/dmctl-:0/socket
unix 2 [ ACC ] STREAM LISTENING 15362 /tmp/ssh-PhfBmb5930/agent.5930
unix 2 [ ACC ] STREAM LISTENING 10839 /var/lib/clamav/clamd.socket
unix 2 [ ACC ] STREAM LISTENING 9709 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 25645 /home/<username>/tmp/orbit-<username>/linc-19ee-0-18fe2f2a2f68f
unix 19 [ ] DGRAM 5908 /dev/log
unix 2 [ ACC ] STREAM LISTENING 15649 /tmp/.ICE-unix/6126
unix 2 [ ACC ] STREAM LISTENING 15393 /tmp/gpg-gvSQpj/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 15542 /home/<username>/tmp/ksocket-<username>/kdeinit__0
unix 2 [ ACC ] STREAM LISTENING 5868 /var/run/dbus/system_dbus_socket
unix 2 [ ] DGRAM 1220 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 15544 /home/<username>/tmp/ksocket-<username>/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 10633 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 15466 @/tmp/dbus-w410DBhRHb
unix 2 [ ACC ] STREAM LISTENING 11187 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 9871 /tmp/.font-unix/fs-1
unix 2 [ ] DGRAM 6140 @/org/freedesktop/hal/udev_event
unix 2 [ ACC ] STREAM LISTENING 11208 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 11213 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 11217 private/bounce
unix 2 [ ACC ] STREAM LISTENING 11221 private/defer
unix 2 [ ACC ] STREAM LISTENING 11225 private/trace
unix 2 [ ACC ] STREAM LISTENING 6131 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 2 [ ACC ] STREAM LISTENING 11229 private/verify
unix 2 [ ACC ] STREAM LISTENING 11233 public/flush
unix 2 [ ACC ] STREAM LISTENING 11237 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 11241 private/smtp
unix 2 [ ACC ] STREAM LISTENING 11245 private/relay
unix 2 [ ACC ] STREAM LISTENING 11249 public/showq
unix 2 [ ACC ] STREAM LISTENING 11253 private/error
unix 2 [ ACC ] STREAM LISTENING 11265 private/discard
unix 2 [ ACC ] STREAM LISTENING 11269 private/local
unix 2 [ ACC ] STREAM LISTENING 5904 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 11273 private/virtual
unix 2 [ ACC ] STREAM LISTENING 11277 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 11281 private/anvil
unix 2 [ ACC ] STREAM LISTENING 6132 @/tmp/hald-runner/dbus-Lozc6QMT1S
unix 2 [ ACC ] STREAM LISTENING 11286 private/scache
unix 2 [ ACC ] STREAM LISTENING 11290 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 11294 private/cyrus-deliver
unix 2 [ ACC ] STREAM LISTENING 11306 private/cyrus
unix 2 [ ACC ] STREAM LISTENING 11310 private/cyrus-chroot
unix 2 [ ACC ] STREAM LISTENING 11314 private/cyrus-inet
unix 2 [ ACC ] STREAM LISTENING 11318 private/uucp
unix 2 [ ACC ] STREAM LISTENING 11326 private/lmtp-filter
unix 2 [ ACC ] STREAM LISTENING 11330 private/smtp-filter
unix 2 [ ACC ] STREAM LISTENING 15549 /tmp/.ICE-unix/dcop6113-1163164333
unix 2 [ ACC ] STREAM LISTENING 25654 /home/<username>/tmp/orbit-<username>/linc-19ea-0-4191b5eb327e0
unix 2 [ ACC ] STREAM LISTENING 15803 /home/<username>/tmp/ksocket-<username>/localhost.somedns.org-17fb-45547ab8
unix 2 [ ACC ] STREAM LISTENING 10034 /var/run/xdmctl/dmctl/socket
unix 2 [ ACC ] STREAM LISTENING 15599 @/tmp/fam-<username>-
unix 2 [ ] DGRAM 25990
unix 3 [ ] STREAM CONNECTED 25861 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 25860
unix 3 [ ] STREAM CONNECTED 25855 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 25854
unix 3 [ ] STREAM CONNECTED 25853 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25852
unix 5 [ ] STREAM CONNECTED 25700 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25699
unix 3 [ ] STREAM CONNECTED 25658 /home/<username>/tmp/orbit-<username>/linc-19ea-0-4191b5eb327e0
unix 3 [ ] STREAM CONNECTED 25657
unix 3 [ ] STREAM CONNECTED 25656 /home/<username>/tmp/orbit-<username>/linc-19ee-0-18fe2f2a2f68f
unix 3 [ ] STREAM CONNECTED 25653
unix 2 [ ] DGRAM 25641
unix 3 [ ] STREAM CONNECTED 25627 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25626
unix 2 [ ] DGRAM 23481
unix 2 [ ] DGRAM 20053
unix 3 [ ] STREAM CONNECTED 16759 /home/<username>/tmp/ksocket-<username>/klauncherhlGBWb.slave-socket
unix 3 [ ] STREAM CONNECTED 16756
unix 3 [ ] STREAM CONNECTED 16087 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 16086
unix 3 [ ] STREAM CONNECTED 15966 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15965
unix 3 [ ] STREAM CONNECTED 15957 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15956
unix 3 [ ] STREAM CONNECTED 15953 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15952
unix 3 [ ] STREAM CONNECTED 15951 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15950
unix 3 [ ] STREAM CONNECTED 15943 /home/<username>/tmp/ksocket-<username>/localhost.somedns.org-17fb-45547ab8
unix 3 [ ] STREAM CONNECTED 15942
unix 3 [ ] STREAM CONNECTED 15916 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15915
unix 3 [ ] STREAM CONNECTED 15884 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15877
unix 3 [ ] STREAM CONNECTED 15876 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15875
unix 3 [ ] STREAM CONNECTED 15872 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15871
unix 3 [ ] STREAM CONNECTED 15883 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15865
unix 3 [ ] STREAM CONNECTED 15850 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15849
unix 3 [ ] STREAM CONNECTED 15848 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15847
unix 3 [ ] STREAM CONNECTED 15882 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15831
unix 3 [ ] STREAM CONNECTED 15827 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15826
unix 3 [ ] STREAM CONNECTED 15823 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15822
unix 2 [ ] DGRAM 15820
unix 3 [ ] STREAM CONNECTED 15794 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15793
unix 3 [ ] STREAM CONNECTED 15792 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15791
unix 3 [ ] STREAM CONNECTED 15790 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15789
unix 3 [ ] STREAM CONNECTED 15773 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15772
unix 3 [ ] STREAM CONNECTED 15760 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15759
unix 3 [ ] STREAM CONNECTED 15752 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15751
unix 3 [ ] STREAM CONNECTED 15727 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15726
unix 3 [ ] STREAM CONNECTED 15712 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15711
unix 3 [ ] STREAM CONNECTED 15701 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15700
unix 3 [ ] STREAM CONNECTED 15689 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15688
unix 3 [ ] STREAM CONNECTED 15678 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15677
unix 3 [ ] STREAM CONNECTED 15674 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15673
unix 3 [ ] STREAM CONNECTED 15670 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15669
unix 3 [ ] STREAM CONNECTED 15664 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15663
unix 3 [ ] STREAM CONNECTED 15662 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15661
unix 3 [ ] STREAM CONNECTED 15656 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15655
unix 3 [ ] STREAM CONNECTED 15654 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15653
unix 3 [ ] STREAM CONNECTED 15648 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15647
unix 3 [ ] STREAM CONNECTED 15642 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15641
unix 3 [ ] STREAM CONNECTED 15635 /home/<username>/tmp/ksocket-<username>/kdeinit__0
unix 3 [ ] STREAM CONNECTED 15634
unix 3 [ ] STREAM CONNECTED 15623 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 15622
unix 3 [ ] STREAM CONNECTED 15604 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15600
unix 3 [ ] STREAM CONNECTED 15587 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15586
unix 3 [ ] STREAM CONNECTED 15585 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15584
unix 3 [ ] STREAM CONNECTED 15577 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15576
unix 3 [ ] STREAM CONNECTED 15568 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15567
unix 3 [ ] STREAM CONNECTED 15565
unix 3 [ ] STREAM CONNECTED 15564
unix 3 [ ] STREAM CONNECTED 15509 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 15508
unix 3 [ ] STREAM CONNECTED 15507 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15506
unix 3 [ ] STREAM CONNECTED 15482 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15481
unix 3 [ ] STREAM CONNECTED 15470 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15469
unix 3 [ ] STREAM CONNECTED 15468
unix 3 [ ] STREAM CONNECTED 15467
unix 2 [ ] DGRAM 15219
unix 2 [ ] DGRAM 14730
unix 3 [ ] STREAM CONNECTED 11575 /tmp/.font-unix/fs-1
unix 3 [ ] STREAM CONNECTED 11574
unix 2 [ ] DGRAM 11368
unix 3 [ ] STREAM CONNECTED 11333
unix 3 [ ] STREAM CONNECTED 11332
unix 3 [ ] STREAM CONNECTED 11329
unix 3 [ ] STREAM CONNECTED 11328
unix 3 [ ] STREAM CONNECTED 11325
unix 3 [ ] STREAM CONNECTED 11324
unix 3 [ ] STREAM CONNECTED 11321
unix 3 [ ] STREAM CONNECTED 11320
unix 3 [ ] STREAM CONNECTED 11317
unix 3 [ ] STREAM CONNECTED 11316
unix 3 [ ] STREAM CONNECTED 11313
unix 3 [ ] STREAM CONNECTED 11312
unix 3 [ ] STREAM CONNECTED 11309
unix 3 [ ] STREAM CONNECTED 11308
unix 3 [ ] STREAM CONNECTED 11305
unix 3 [ ] STREAM CONNECTED 11304
unix 3 [ ] STREAM CONNECTED 11293
unix 3 [ ] STREAM CONNECTED 11292
unix 3 [ ] STREAM CONNECTED 11289
unix 3 [ ] STREAM CONNECTED 11288
unix 3 [ ] STREAM CONNECTED 11285
unix 3 [ ] STREAM CONNECTED 11284
unix 3 [ ] STREAM CONNECTED 11280
unix 3 [ ] STREAM CONNECTED 11279
unix 3 [ ] STREAM CONNECTED 11276
unix 3 [ ] STREAM CONNECTED 11275
unix 3 [ ] STREAM CONNECTED 11272
unix 3 [ ] STREAM CONNECTED 11271
unix 3 [ ] STREAM CONNECTED 11268
unix 3 [ ] STREAM CONNECTED 11267
unix 3 [ ] STREAM CONNECTED 11264
unix 3 [ ] STREAM CONNECTED 11263
unix 3 [ ] STREAM CONNECTED 11252
unix 3 [ ] STREAM CONNECTED 11251
unix 3 [ ] STREAM CONNECTED 11248
unix 3 [ ] STREAM CONNECTED 11247
unix 3 [ ] STREAM CONNECTED 11244
unix 3 [ ] STREAM CONNECTED 11243
unix 3 [ ] STREAM CONNECTED 11240
unix 3 [ ] STREAM CONNECTED 11239
unix 3 [ ] STREAM CONNECTED 11236
unix 3 [ ] STREAM CONNECTED 11235
unix 3 [ ] STREAM CONNECTED 11232
unix 3 [ ] STREAM CONNECTED 11231
unix 3 [ ] STREAM CONNECTED 11228
unix 3 [ ] STREAM CONNECTED 11227
unix 3 [ ] STREAM CONNECTED 11224
unix 3 [ ] STREAM CONNECTED 11223
unix 3 [ ] STREAM CONNECTED 11220
unix 3 [ ] STREAM CONNECTED 11219
unix 3 [ ] STREAM CONNECTED 11216
unix 3 [ ] STREAM CONNECTED 11215
unix 3 [ ] STREAM CONNECTED 11212
unix 3 [ ] STREAM CONNECTED 11211
unix 3 [ ] STREAM CONNECTED 11207
unix 3 [ ] STREAM CONNECTED 11206
unix 3 [ ] STREAM CONNECTED 11190
unix 3 [ ] STREAM CONNECTED 11189
unix 3 [ ] STREAM CONNECTED 11186
unix 3 [ ] STREAM CONNECTED 11185
unix 3 [ ] STREAM CONNECTED 11153
unix 3 [ ] STREAM CONNECTED 11152
unix 2 [ ] DGRAM 11109
unix 3 [ ] STREAM CONNECTED 10676 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 10675
unix 7 [ ] STREAM CONNECTED 11580 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10674
unix 3 [ ] STREAM CONNECTED 9817
unix 4 [ ] STREAM CONNECTED 9816
unix 2 [ ] DGRAM 9798
unix 3 [ ] STREAM CONNECTED 9712 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 9711
unix 2 [ ] DGRAM 9670
unix 2 [ ] DGRAM 9663
unix 2 [ ] DGRAM 8625
unix 2 [ ] DGRAM 8389
unix 2 [ ] DGRAM 8232
unix 3 [ ] STREAM CONNECTED 7573 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 7572
unix 3 [ ] STREAM CONNECTED 7299 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7298
unix 3 [ ] STREAM CONNECTED 7239 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7238
unix 3 [ ] STREAM CONNECTED 7184 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7183
unix 3 [ ] STREAM CONNECTED 6842 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 6841
unix 3 [ ] STREAM CONNECTED 6819 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 6818
unix 3 [ ] STREAM CONNECTED 6813 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 6812
unix 3 [ ] STREAM CONNECTED 6135 @/tmp/hald-runner/dbus-Lozc6QMT1S
unix 3 [ ] STREAM CONNECTED 6134
unix 2 [ ] DGRAM 6083
unix 2 [ ] DGRAM 6022
unix 3 [ ] STREAM CONNECTED 6002 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 6001
unix 3 [ ] STREAM CONNECTED 5892
unix 3 [ ] STREAM CONNECTED 5891
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.somedns.org:2208 *:* LISTEN
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 localhost.somedns.or:46660 *:* LISTEN
tcp 0 0 *:swat *:* LISTEN
tcp 0 0 *:nut *:* LISTEN
tcp 0 0 192.168.2.2:9222 *:* LISTEN
tcp 0 0 localhost.somedns.or:10026 *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:943 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:57009 *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
tcp 0 0 localhost.somedns.org:smtp *:* LISTEN
tcp 0 0 *:7741 *:* LISTEN
tcp 0 0 *:microsoft-ds *:* LISTEN
tcp 0 0 *:39741 *:* LISTEN
tcp 0 0 *:40511 *:* LISTEN
tcp 0 0 192.168.2.2:52245 72.14.223.99:http ESTABLISHED
tcp 0 0 192.168.2.2:53179 a-70-183-191-115.deplo:http ESTABLISHED
tcp 0 0 192.168.2.2:43745 64.233.163.104:http ESTABLISHED
tcp 0 0 192.168.2.2:48512 209.62.188.20:http ESTABLISHED
tcp 0 0 192.168.2.2:48292 70.167.151.135:http ESTABLISHED
tcp 0 0 192.168.2.2:48279 70.167.151.135:http ESTABLISHED
tcp 0 0 192.168.2.2:54347 a-70-183-191-82.deploy:http ESTABLISHED
tcp 0 0 192.168.2.2:59917 a-70-183-191-75.deplo:https ESTABLISHED
tcp 0 0 192.168.2.2:59916 a-70-183-191-75.deplo:https ESTABLISHED
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
udp 0 0 *:32768 *:*
udp 0 0 *:nfs *:*
udp 0 0 *:32770 *:*
udp 0 0 *:32771 *:*
udp 0 0 192.168.2.2:netbios-ns *:*
udp 0 0 *:netbios-ns *:*
udp 0 0 192.168.2.2:netbios-dgm *:*
udp 0 0 *:netbios-dgm *:*
udp 0 0 *:940 *:*
udp 0 0 *:7741 *:*
udp 0 0 *:730 *:*
udp 0 0 *:5353 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 192.168.2.2:ntp *:*
udp 0 0 localhost.somedns.org:ntp *:*
udp 0 0 *:ntp *:*
udp 0 0 *:32769 *:*
udp 0 0 *:ntp *:*
raw 0 0 *:icmp *:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 5990 /var/spool/postfix/dev/log
unix 2 [ ACC ] STREAM LISTENING 15574 /home/<username>/tmp/ksocket-<username>/klauncherhlGBWb.slave-socket
unix 2 [ ACC ] STREAM LISTENING 10644 /var/run/xdmctl/dmctl-:0/socket
unix 2 [ ACC ] STREAM LISTENING 15362 /tmp/ssh-PhfBmb5930/agent.5930
unix 2 [ ACC ] STREAM LISTENING 10839 /var/lib/clamav/clamd.socket
unix 2 [ ACC ] STREAM LISTENING 9709 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 25645 /home/<username>/tmp/orbit-<username>/linc-19ee-0-18fe2f2a2f68f
unix 19 [ ] DGRAM 5908 /dev/log
unix 2 [ ACC ] STREAM LISTENING 15649 /tmp/.ICE-unix/6126
unix 2 [ ACC ] STREAM LISTENING 15393 /tmp/gpg-gvSQpj/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 15542 /home/<username>/tmp/ksocket-<username>/kdeinit__0
unix 2 [ ACC ] STREAM LISTENING 5868 /var/run/dbus/system_dbus_socket
unix 2 [ ] DGRAM 1220 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 15544 /home/<username>/tmp/ksocket-<username>/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 10633 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 15466 @/tmp/dbus-w410DBhRHb
unix 2 [ ACC ] STREAM LISTENING 11187 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 9871 /tmp/.font-unix/fs-1
unix 2 [ ] DGRAM 6140 @/org/freedesktop/hal/udev_event
unix 2 [ ACC ] STREAM LISTENING 11208 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 11213 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 11217 private/bounce
unix 2 [ ACC ] STREAM LISTENING 11221 private/defer
unix 2 [ ACC ] STREAM LISTENING 11225 private/trace
unix 2 [ ACC ] STREAM LISTENING 6131 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 2 [ ACC ] STREAM LISTENING 11229 private/verify
unix 2 [ ACC ] STREAM LISTENING 11233 public/flush
unix 2 [ ACC ] STREAM LISTENING 11237 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 11241 private/smtp
unix 2 [ ACC ] STREAM LISTENING 11245 private/relay
unix 2 [ ACC ] STREAM LISTENING 11249 public/showq
unix 2 [ ACC ] STREAM LISTENING 11253 private/error
unix 2 [ ACC ] STREAM LISTENING 11265 private/discard
unix 2 [ ACC ] STREAM LISTENING 11269 private/local
unix 2 [ ACC ] STREAM LISTENING 5904 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 11273 private/virtual
unix 2 [ ACC ] STREAM LISTENING 11277 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 11281 private/anvil
unix 2 [ ACC ] STREAM LISTENING 6132 @/tmp/hald-runner/dbus-Lozc6QMT1S
unix 2 [ ACC ] STREAM LISTENING 11286 private/scache
unix 2 [ ACC ] STREAM LISTENING 11290 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 11294 private/cyrus-deliver
unix 2 [ ACC ] STREAM LISTENING 11306 private/cyrus
unix 2 [ ACC ] STREAM LISTENING 11310 private/cyrus-chroot
unix 2 [ ACC ] STREAM LISTENING 11314 private/cyrus-inet
unix 2 [ ACC ] STREAM LISTENING 11318 private/uucp
unix 2 [ ACC ] STREAM LISTENING 11326 private/lmtp-filter
unix 2 [ ACC ] STREAM LISTENING 11330 private/smtp-filter
unix 2 [ ACC ] STREAM LISTENING 15549 /tmp/.ICE-unix/dcop6113-1163164333
unix 2 [ ACC ] STREAM LISTENING 25654 /home/<username>/tmp/orbit-<username>/linc-19ea-0-4191b5eb327e0
unix 2 [ ACC ] STREAM LISTENING 15803 /home/<username>/tmp/ksocket-<username>/localhost.somedns.org-17fb-45547ab8
unix 2 [ ACC ] STREAM LISTENING 10034 /var/run/xdmctl/dmctl/socket
unix 2 [ ACC ] STREAM LISTENING 15599 @/tmp/fam-<username>-
unix 2 [ ] DGRAM 25990
unix 3 [ ] STREAM CONNECTED 25861 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 25860
unix 3 [ ] STREAM CONNECTED 25855 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 25854
unix 3 [ ] STREAM CONNECTED 25853 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25852
unix 5 [ ] STREAM CONNECTED 25700 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25699
unix 3 [ ] STREAM CONNECTED 25658 /home/<username>/tmp/orbit-<username>/linc-19ea-0-4191b5eb327e0
unix 3 [ ] STREAM CONNECTED 25657
unix 3 [ ] STREAM CONNECTED 25656 /home/<username>/tmp/orbit-<username>/linc-19ee-0-18fe2f2a2f68f
unix 3 [ ] STREAM CONNECTED 25653
unix 2 [ ] DGRAM 25641
unix 3 [ ] STREAM CONNECTED 25627 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 25626
unix 2 [ ] DGRAM 23481
unix 2 [ ] DGRAM 20053
unix 3 [ ] STREAM CONNECTED 16759 /home/<username>/tmp/ksocket-<username>/klauncherhlGBWb.slave-socket
unix 3 [ ] STREAM CONNECTED 16756
unix 3 [ ] STREAM CONNECTED 16087 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 16086
unix 3 [ ] STREAM CONNECTED 15966 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15965
unix 3 [ ] STREAM CONNECTED 15957 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15956
unix 3 [ ] STREAM CONNECTED 15953 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15952
unix 3 [ ] STREAM CONNECTED 15951 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15950
unix 3 [ ] STREAM CONNECTED 15943 /home/<username>/tmp/ksocket-<username>/localhost.somedns.org-17fb-45547ab8
unix 3 [ ] STREAM CONNECTED 15942
unix 3 [ ] STREAM CONNECTED 15916 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15915
unix 3 [ ] STREAM CONNECTED 15884 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15877
unix 3 [ ] STREAM CONNECTED 15876 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15875
unix 3 [ ] STREAM CONNECTED 15872 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15871
unix 3 [ ] STREAM CONNECTED 15883 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15865
unix 3 [ ] STREAM CONNECTED 15850 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15849
unix 3 [ ] STREAM CONNECTED 15848 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15847
unix 3 [ ] STREAM CONNECTED 15882 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15831
unix 3 [ ] STREAM CONNECTED 15827 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15826
unix 3 [ ] STREAM CONNECTED 15823 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15822
unix 2 [ ] DGRAM 15820
unix 3 [ ] STREAM CONNECTED 15794 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15793
unix 3 [ ] STREAM CONNECTED 15792 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15791
unix 3 [ ] STREAM CONNECTED 15790 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15789
unix 3 [ ] STREAM CONNECTED 15773 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15772
unix 3 [ ] STREAM CONNECTED 15760 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15759
unix 3 [ ] STREAM CONNECTED 15752 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15751
unix 3 [ ] STREAM CONNECTED 15727 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15726
unix 3 [ ] STREAM CONNECTED 15712 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15711
unix 3 [ ] STREAM CONNECTED 15701 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15700
unix 3 [ ] STREAM CONNECTED 15689 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15688
unix 3 [ ] STREAM CONNECTED 15678 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15677
unix 3 [ ] STREAM CONNECTED 15674 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15673
unix 3 [ ] STREAM CONNECTED 15670 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15669
unix 3 [ ] STREAM CONNECTED 15664 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15663
unix 3 [ ] STREAM CONNECTED 15662 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15661
unix 3 [ ] STREAM CONNECTED 15656 /tmp/.ICE-unix/6126
unix 3 [ ] STREAM CONNECTED 15655
unix 3 [ ] STREAM CONNECTED 15654 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15653
unix 3 [ ] STREAM CONNECTED 15648 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15647
unix 3 [ ] STREAM CONNECTED 15642 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15641
unix 3 [ ] STREAM CONNECTED 15635 /home/<username>/tmp/ksocket-<username>/kdeinit__0
unix 3 [ ] STREAM CONNECTED 15634
unix 3 [ ] STREAM CONNECTED 15623 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 15622
unix 3 [ ] STREAM CONNECTED 15604 @/tmp/fam-<username>-
unix 3 [ ] STREAM CONNECTED 15600
unix 3 [ ] STREAM CONNECTED 15587 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15586
unix 3 [ ] STREAM CONNECTED 15585 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15584
unix 3 [ ] STREAM CONNECTED 15577 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15576
unix 3 [ ] STREAM CONNECTED 15568 /tmp/.ICE-unix/dcop6113-1163164333
unix 3 [ ] STREAM CONNECTED 15567
unix 3 [ ] STREAM CONNECTED 15565
unix 3 [ ] STREAM CONNECTED 15564
unix 3 [ ] STREAM CONNECTED 15509 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 15508
unix 3 [ ] STREAM CONNECTED 15507 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15506
unix 3 [ ] STREAM CONNECTED 15482 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15481
unix 3 [ ] STREAM CONNECTED 15470 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 15469
unix 3 [ ] STREAM CONNECTED 15468
unix 3 [ ] STREAM CONNECTED 15467
unix 2 [ ] DGRAM 15219
unix 2 [ ] DGRAM 14730
unix 3 [ ] STREAM CONNECTED 11575 /tmp/.font-unix/fs-1
unix 3 [ ] STREAM CONNECTED 11574
unix 2 [ ] DGRAM 11368
unix 3 [ ] STREAM CONNECTED 11333
unix 3 [ ] STREAM CONNECTED 11332
unix 3 [ ] STREAM CONNECTED 11329
unix 3 [ ] STREAM CONNECTED 11328
unix 3 [ ] STREAM CONNECTED 11325
unix 3 [ ] STREAM CONNECTED 11324
unix 3 [ ] STREAM CONNECTED 11321
unix 3 [ ] STREAM CONNECTED 11320
unix 3 [ ] STREAM CONNECTED 11317
unix 3 [ ] STREAM CONNECTED 11316
unix 3 [ ] STREAM CONNECTED 11313
unix 3 [ ] STREAM CONNECTED 11312
unix 3 [ ] STREAM CONNECTED 11309
unix 3 [ ] STREAM CONNECTED 11308
unix 3 [ ] STREAM CONNECTED 11305
unix 3 [ ] STREAM CONNECTED 11304
unix 3 [ ] STREAM CONNECTED 11293
unix 3 [ ] STREAM CONNECTED 11292
unix 3 [ ] STREAM CONNECTED 11289
unix 3 [ ] STREAM CONNECTED 11288
unix 3 [ ] STREAM CONNECTED 11285
unix 3 [ ] STREAM CONNECTED 11284
unix 3 [ ] STREAM CONNECTED 11280
unix 3 [ ] STREAM CONNECTED 11279
unix 3 [ ] STREAM CONNECTED 11276
unix 3 [ ] STREAM CONNECTED 11275
unix 3 [ ] STREAM CONNECTED 11272
unix 3 [ ] STREAM CONNECTED 11271
unix 3 [ ] STREAM CONNECTED 11268
unix 3 [ ] STREAM CONNECTED 11267
unix 3 [ ] STREAM CONNECTED 11264
unix 3 [ ] STREAM CONNECTED 11263
unix 3 [ ] STREAM CONNECTED 11252
unix 3 [ ] STREAM CONNECTED 11251
unix 3 [ ] STREAM CONNECTED 11248
unix 3 [ ] STREAM CONNECTED 11247
unix 3 [ ] STREAM CONNECTED 11244
unix 3 [ ] STREAM CONNECTED 11243
unix 3 [ ] STREAM CONNECTED 11240
unix 3 [ ] STREAM CONNECTED 11239
unix 3 [ ] STREAM CONNECTED 11236
unix 3 [ ] STREAM CONNECTED 11235
unix 3 [ ] STREAM CONNECTED 11232
unix 3 [ ] STREAM CONNECTED 11231
unix 3 [ ] STREAM CONNECTED 11228
unix 3 [ ] STREAM CONNECTED 11227
unix 3 [ ] STREAM CONNECTED 11224
unix 3 [ ] STREAM CONNECTED 11223
unix 3 [ ] STREAM CONNECTED 11220
unix 3 [ ] STREAM CONNECTED 11219
unix 3 [ ] STREAM CONNECTED 11216
unix 3 [ ] STREAM CONNECTED 11215
unix 3 [ ] STREAM CONNECTED 11212
unix 3 [ ] STREAM CONNECTED 11211
unix 3 [ ] STREAM CONNECTED 11207
unix 3 [ ] STREAM CONNECTED 11206
unix 3 [ ] STREAM CONNECTED 11190
unix 3 [ ] STREAM CONNECTED 11189
unix 3 [ ] STREAM CONNECTED 11186
unix 3 [ ] STREAM CONNECTED 11185
unix 3 [ ] STREAM CONNECTED 11153
unix 3 [ ] STREAM CONNECTED 11152
unix 2 [ ] DGRAM 11109
unix 3 [ ] STREAM CONNECTED 10676 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 10675
unix 7 [ ] STREAM CONNECTED 11580 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 10674
unix 3 [ ] STREAM CONNECTED 9817
unix 4 [ ] STREAM CONNECTED 9816
unix 2 [ ] DGRAM 9798
unix 3 [ ] STREAM CONNECTED 9712 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 9711
unix 2 [ ] DGRAM 9670
unix 2 [ ] DGRAM 9663
unix 2 [ ] DGRAM 8625
unix 2 [ ] DGRAM 8389
unix 2 [ ] DGRAM 8232
unix 3 [ ] STREAM CONNECTED 7573 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 7572
unix 3 [ ] STREAM CONNECTED 7299 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7298
unix 3 [ ] STREAM CONNECTED 7239 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7238
unix 3 [ ] STREAM CONNECTED 7184 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 7183
unix 3 [ ] STREAM CONNECTED 6842 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 6841
unix 3 [ ] STREAM CONNECTED 6819 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 6818
unix 3 [ ] STREAM CONNECTED 6813 @/tmp/hald-local/dbus-Bv6qUmcigL
unix 3 [ ] STREAM CONNECTED 6812
unix 3 [ ] STREAM CONNECTED 6135 @/tmp/hald-runner/dbus-Lozc6QMT1S
unix 3 [ ] STREAM CONNECTED 6134
unix 2 [ ] DGRAM 6083
unix 2 [ ] DGRAM 6022
unix 3 [ ] STREAM CONNECTED 6002 /var/run/dbus/system_dbus_socket
unix 3 [ ] STREAM CONNECTED 6001
unix 3 [ ] STREAM CONNECTED 5892
unix 3 [ ] STREAM CONNECTED 5891
ps aux
QUOTE
]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1576 540 ? Ss 07:00 0:01 init [5]
root 2 0.0 0.0 0 0 ? S 07:00 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 07:00 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S< 07:00 0:00 [events/0]
root 5 0.0 0.0 0 0 ? S< 07:00 0:00 [khelper]
root 6 0.0 0.0 0 0 ? S< 07:00 0:00 [kthread]
root 8 0.0 0.0 0 0 ? S< 07:00 0:00 [kblockd/0]
root 9 0.0 0.0 0 0 ? S< 07:00 0:00 [kacpid]
root 75 0.0 0.0 0 0 ? S< 07:00 0:00 [kseriod]
root 111 0.0 0.0 0 0 ? S 07:00 0:00 [pdflush]
root 112 0.0 0.0 0 0 ? S 07:00 0:00 [pdflush]
root 113 0.0 0.0 0 0 ? S 07:00 0:00 [kswapd0]
root 114 0.0 0.0 0 0 ? S< 07:00 0:00 [aio/0]
root 767 0.0 0.0 0 0 ? S< 07:00 0:00 [kpsmoused]
root 779 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 859 0.0 0.2 2272 1296 ? S<s 07:00 0:00 udevd -d
root 973 0.0 0.0 0 0 ? S< 07:00 0:00 [khubd]
root 1074 0.0 0.0 0 0 ? S< 07:00 0:00 [scsi_eh_0]
root 1076 0.0 0.0 0 0 ? S< 07:00 0:00 [usb-storage]
root 1313 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 1339 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 1801 0.0 0.1 1616 584 ? Ss 07:00 0:00 syslogd -m 0 -a /var/spool/postfix/dev/log
70 1980 0.0 0.2 2536 1048 ? Ss 07:00 0:00 dbus-daemon --system
root 1988 0.0 0.1 1564 520 ? Ss 07:00 0:00 /usr/sbin/acpid
root 2042 0.0 0.2 4948 1048 ? Ss 07:00 0:00 ./hpiod
root 2043 0.0 0.1 2112 616 ? Ss 07:00 0:00 /usr/sbin/mandi -d
root 2078 0.0 0.2 2312 1216 ? Ss 07:00 0:00 klogd -2
71 2108 0.0 1.4 9144 7432 ? Ss 07:00 0:01 hald
root 2109 0.0 0.2 3200 1188 ? S 07:00 0:00 hald-runner
71 2127 0.0 0.1 2176 864 ? S 07:00 0:00 /usr/lib/hald-addon-acpi
71 2134 0.0 0.1 2172 868 ? S 07:00 0:00 /usr/lib/hald-addon-keyboard
root 2377 0.0 0.1 2140 760 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2404 0.0 0.1 2136 756 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2429 0.0 0.1 2136 760 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2486 0.0 0.9 10548 4848 ? S 07:00 0:00 python ./hpssd.py
root 2621 0.0 0.0 0 0 ? S< 07:00 0:00 [kgameportd]
root 2625 0.0 0.4 6316 2072 ? Ss 07:00 0:00 cupsd
root 2631 0.0 0.0 0 0 ? S< 07:00 0:00 [ac97/0]
root 2832 0.0 0.0 1592 436 ? Ss 07:00 0:00 /sbin/ifplugd -b -i eth0
ups 2978 0.0 0.0 1788 476 ? Ss 07:00 0:00 upsd -u ups
root 3065 0.0 0.1 2392 888 ? Ss 07:00 0:00 crond -p
daemon 3102 0.0 0.0 1696 360 ? Ss 07:00 0:00 /usr/sbin/atd
rpc 3304 0.0 0.1 1696 552 ? Ss 07:00 0:00 portmap
root 3401 0.0 0.1 2172 800 ? Ss 07:00 0:00 xinetd -stayalive -reuse -pidfile /var/run/xi
avahi 3475 0.0 0.3 2800 1540 ? Ss 07:00 0:00 avahi-daemon: running [<localhost>.local]
rpcuser 3522 0.0 0.1 1700 724 ? Ss 07:00 0:00 rpc.statd
root 3523 0.0 0.1 3772 740 ? Ss 07:00 0:00 rpc.idmapd
xfs 3556 0.0 0.6 4880 3180 ? Ss 07:00 0:01 xfs -port -1 -daemon -droppriv -user xfs
root 3610 0.0 0.1 2884 800 ? S 07:00 0:00 /usr/bin/kdm -nodaemon
root 3611 0.0 0.2 4628 1000 ? Ss 07:00 0:00 /usr/sbin/sshd
root 3660 0.5 4.2 28208 21400 tty7 Ss+ 07:01 1:24 /etc/X11/X -br -deferglyphs 16 :0 vt7 -auth /
root 3709 0.0 0.0 0 0 ? S< 07:01 0:00 [nfsd4]
root 3717 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3718 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3719 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3720 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3721 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3722 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3723 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3724 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3732 0.0 0.0 0 0 ? S 07:01 0:00 [lockd]
root 3737 0.0 0.0 0 0 ? S< 07:01 0:00 [rpciod/0]
root 3753 0.0 0.0 1748 280 ? Ss 07:01 0:00 rpc.mountd
ntp 3796 0.0 0.8 4292 4292 ? SLs 07:01 0:00 ntpd -A -u ntp:ntp -p /var/run/ntpd.pid
root 3835 0.0 0.5 11464 2848 ? Ss 07:01 0:00 smbd -D
root 3860 0.0 0.3 3608 1656 ? S 07:01 0:00 -:0
root 3883 0.0 0.3 6928 1556 ? Ss 07:01 0:00 nmbd -D
root 3914 0.0 0.2 11464 1384 ? S 07:01 0:00 smbd -D
clamav 3960 0.0 3.3 28516 16632 ? Ss 07:01 0:00 clamd -c /etc/clamd.conf
clamav 4019 0.0 0.2 4796 1360 ? Ss 07:01 0:00 /usr/bin/freshclam --config-file=/etc/freshcl
root 4128 0.0 0.3 4736 1556 ? Ss 07:01 0:00 /usr/lib/postfix/master
postfix 4203 0.0 0.3 4856 1724 ? S 07:01 0:00 qmgr -l -t fifo -u -c
root 5591 0.0 0.1 2708 880 ? Ss 07:01 0:00 /usr/bin/lisa -c /etc/lisarc
root 5675 0.0 0.0 1560 448 tty1 Ss+ 07:01 0:00 /sbin/mingetty tty1
root 5676 0.0 0.0 1560 452 tty2 Ss+ 07:01 0:00 /sbin/mingetty tty2
root 5677 0.0 0.0 1560 452 tty3 Ss+ 07:01 0:00 /sbin/mingetty tty3
root 5678 0.0 0.0 1560 452 tty4 Ss+ 07:01 0:00 /sbin/mingetty tty4
root 5679 0.0 0.0 1560 452 tty5 Ss+ 07:01 0:00 /sbin/mingetty tty5
root 5680 0.0 0.0 1560 452 tty6 Ss+ 07:01 0:00 /sbin/mingetty tty6
<user> 5874 0.0 0.2 3944 1488 ? Ss 07:12 0:00 /bin/sh /usr/bin/startkde
<user> 5931 0.0 0.1 4232 956 ? Ss 07:12 0:00 ssh-agent
<user> 5953 0.0 0.0 2284 448 ? Ss 07:12 0:00 gpg-agent --daemon
<user> 6043 0.0 0.1 2704 648 ? S 07:12 0:00 /usr/bin/dbus-launch --exit-with-session --sh
<user> 6044 0.0 0.0 2424 484 ? Ss 07:12 0:00 /usr/bin/dbus-daemon --fork --print-pid 9 --p
<user> 6055 0.0 0.1 3340 828 ? Ss 07:12 0:00 /usr/bin/imwheel -k --rc /etc/X11/imwheel/imw
<user> 6085 0.0 0.5 8328 2760 ? Ss 07:12 0:00 s2u --daemon=yes --debug
<user> 6110 0.0 1.4 26680 7404 ? Ss 07:12 0:00 kdeinit Running...
<user> 6113 0.0 0.5 25940 2632 ? S 07:12 0:00 dcopserver [kdeinit] --nosid
<user> 6115 0.0 1.6 27972 8208 ? S 07:12 0:00 klauncher [kdeinit] --new-startup
<user> 6117 0.0 2.8 34288 14412 ? S 07:12 0:01 kded [kdeinit] --new-startup
<user> 6119 0.0 0.3 2824 1552 ? S 07:12 0:00 /usr/lib/gam_server
<user> 6124 0.0 0.0 1548 356 ? S 07:12 0:00 kwrapper ksmserver
<user> 6126 0.0 2.0 28044 10380 ? S 07:12 0:00 ksmserver [kdeinit]
<user> 6127 0.0 2.6 30176 12992 ? S 07:12 0:01 kwin [kdeinit]
<user> 6129 0.0 3.9 39600 19668 ? S 07:12 0:01 kdesktop [kdeinit]
<user> 6132 0.0 3.3 35356 16788 ? S 07:12 0:01 kicker [kdeinit]
<user> 6133 0.0 1.4 26792 7176 ? S 07:12 0:00 kio_file [kdeinit] file /home/<user>/tmp/ksocke
<user> 6139 0.0 1.4 27912 7260 ? SL 07:12 0:07 /usr/bin/artsd -F 10 -S 4096 -d -n -s 60 -m a
<user> 6142 0.0 2.0 28060 10272 ? S 07:12 0:00 kaccess [kdeinit]
<user> 6144 0.0 4.5 31692 22556 ? S 07:12 0:01 /usr/bin/perl /usr/bin/net_applet
<user> 6147 0.0 2.9 31692 14584 ? S 07:12 0:00 kmix [kdeinit] -caption KMix -icon kmix -mini
<user> 6150 0.0 2.3 28400 11496 ? S 07:12 0:00 klipper [kdeinit]
<user> 6154 0.0 2.7 36868 13800 ? S 07:12 0:00 knotify [kdeinit]
<user> 6163 0.0 0.1 2668 868 ? S 07:12 0:00 xsettings-kde
<user> 6171 0.0 2.6 31008 13288 ? S 07:12 0:00 korgac --miniicon korganizer
postfix 6606 0.0 0.3 4816 1568 ? S 10:21 0:00 pickup -l -t fifo -u -c -o content_filter -o
<user> 6624 0.0 0.3 3948 1508 ? S 11:21 0:00 /bin/sh /usr/bin/mozilla-firefox
<user> 6629 0.0 0.3 3988 1520 ? S 11:21 0:00 /bin/sh /usr/lib/mozilla-firefox-1.5.0.7/run-
<user> 6634 4.9 9.7 121000 48568 ? Sl 11:21 0:38 /usr/lib/mozilla-firefox-1.5.0.7/mozilla-fire
<user> 6638 0.0 0.5 5140 2580 ? S 11:21 0:00 /usr/lib/gconfd-2 12
<user> 6642 0.2 3.2 34088 16400 ? R 11:22 0:01 konsole [kdeinit]
<user> 6643 0.0 0.3 4128 1876 pts/1 Ss 11:22 0:00 /bin/bash
root 6716 0.0 0.2 3436 1140 pts/1 S 11:22 0:00 su
root 6719 0.0 0.3 3612 1612 pts/1 S 11:22 0:00 bash
root 6782 0.0 0.1 2280 900 pts/1 R+ 11:34 0:00 ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1576 540 ? Ss 07:00 0:01 init [5]
root 2 0.0 0.0 0 0 ? S 07:00 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 07:00 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S< 07:00 0:00 [events/0]
root 5 0.0 0.0 0 0 ? S< 07:00 0:00 [khelper]
root 6 0.0 0.0 0 0 ? S< 07:00 0:00 [kthread]
root 8 0.0 0.0 0 0 ? S< 07:00 0:00 [kblockd/0]
root 9 0.0 0.0 0 0 ? S< 07:00 0:00 [kacpid]
root 75 0.0 0.0 0 0 ? S< 07:00 0:00 [kseriod]
root 111 0.0 0.0 0 0 ? S 07:00 0:00 [pdflush]
root 112 0.0 0.0 0 0 ? S 07:00 0:00 [pdflush]
root 113 0.0 0.0 0 0 ? S 07:00 0:00 [kswapd0]
root 114 0.0 0.0 0 0 ? S< 07:00 0:00 [aio/0]
root 767 0.0 0.0 0 0 ? S< 07:00 0:00 [kpsmoused]
root 779 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 859 0.0 0.2 2272 1296 ? S<s 07:00 0:00 udevd -d
root 973 0.0 0.0 0 0 ? S< 07:00 0:00 [khubd]
root 1074 0.0 0.0 0 0 ? S< 07:00 0:00 [scsi_eh_0]
root 1076 0.0 0.0 0 0 ? S< 07:00 0:00 [usb-storage]
root 1313 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 1339 0.0 0.0 0 0 ? S< 07:00 0:00 [kjournald]
root 1801 0.0 0.1 1616 584 ? Ss 07:00 0:00 syslogd -m 0 -a /var/spool/postfix/dev/log
70 1980 0.0 0.2 2536 1048 ? Ss 07:00 0:00 dbus-daemon --system
root 1988 0.0 0.1 1564 520 ? Ss 07:00 0:00 /usr/sbin/acpid
root 2042 0.0 0.2 4948 1048 ? Ss 07:00 0:00 ./hpiod
root 2043 0.0 0.1 2112 616 ? Ss 07:00 0:00 /usr/sbin/mandi -d
root 2078 0.0 0.2 2312 1216 ? Ss 07:00 0:00 klogd -2
71 2108 0.0 1.4 9144 7432 ? Ss 07:00 0:01 hald
root 2109 0.0 0.2 3200 1188 ? S 07:00 0:00 hald-runner
71 2127 0.0 0.1 2176 864 ? S 07:00 0:00 /usr/lib/hald-addon-acpi
71 2134 0.0 0.1 2172 868 ? S 07:00 0:00 /usr/lib/hald-addon-keyboard
root 2377 0.0 0.1 2140 760 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2404 0.0 0.1 2136 756 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2429 0.0 0.1 2136 760 ? S 07:00 0:00 /usr/lib/hald-addon-storage
root 2486 0.0 0.9 10548 4848 ? S 07:00 0:00 python ./hpssd.py
root 2621 0.0 0.0 0 0 ? S< 07:00 0:00 [kgameportd]
root 2625 0.0 0.4 6316 2072 ? Ss 07:00 0:00 cupsd
root 2631 0.0 0.0 0 0 ? S< 07:00 0:00 [ac97/0]
root 2832 0.0 0.0 1592 436 ? Ss 07:00 0:00 /sbin/ifplugd -b -i eth0
ups 2978 0.0 0.0 1788 476 ? Ss 07:00 0:00 upsd -u ups
root 3065 0.0 0.1 2392 888 ? Ss 07:00 0:00 crond -p
daemon 3102 0.0 0.0 1696 360 ? Ss 07:00 0:00 /usr/sbin/atd
rpc 3304 0.0 0.1 1696 552 ? Ss 07:00 0:00 portmap
root 3401 0.0 0.1 2172 800 ? Ss 07:00 0:00 xinetd -stayalive -reuse -pidfile /var/run/xi
avahi 3475 0.0 0.3 2800 1540 ? Ss 07:00 0:00 avahi-daemon: running [<localhost>.local]
rpcuser 3522 0.0 0.1 1700 724 ? Ss 07:00 0:00 rpc.statd
root 3523 0.0 0.1 3772 740 ? Ss 07:00 0:00 rpc.idmapd
xfs 3556 0.0 0.6 4880 3180 ? Ss 07:00 0:01 xfs -port -1 -daemon -droppriv -user xfs
root 3610 0.0 0.1 2884 800 ? S 07:00 0:00 /usr/bin/kdm -nodaemon
root 3611 0.0 0.2 4628 1000 ? Ss 07:00 0:00 /usr/sbin/sshd
root 3660 0.5 4.2 28208 21400 tty7 Ss+ 07:01 1:24 /etc/X11/X -br -deferglyphs 16 :0 vt7 -auth /
root 3709 0.0 0.0 0 0 ? S< 07:01 0:00 [nfsd4]
root 3717 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3718 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3719 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3720 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3721 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3722 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3723 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3724 0.0 0.0 0 0 ? S 07:01 0:00 [nfsd]
root 3732 0.0 0.0 0 0 ? S 07:01 0:00 [lockd]
root 3737 0.0 0.0 0 0 ? S< 07:01 0:00 [rpciod/0]
root 3753 0.0 0.0 1748 280 ? Ss 07:01 0:00 rpc.mountd
ntp 3796 0.0 0.8 4292 4292 ? SLs 07:01 0:00 ntpd -A -u ntp:ntp -p /var/run/ntpd.pid
root 3835 0.0 0.5 11464 2848 ? Ss 07:01 0:00 smbd -D
root 3860 0.0 0.3 3608 1656 ? S 07:01 0:00 -:0
root 3883 0.0 0.3 6928 1556 ? Ss 07:01 0:00 nmbd -D
root 3914 0.0 0.2 11464 1384 ? S 07:01 0:00 smbd -D
clamav 3960 0.0 3.3 28516 16632 ? Ss 07:01 0:00 clamd -c /etc/clamd.conf
clamav 4019 0.0 0.2 4796 1360 ? Ss 07:01 0:00 /usr/bin/freshclam --config-file=/etc/freshcl
root 4128 0.0 0.3 4736 1556 ? Ss 07:01 0:00 /usr/lib/postfix/master
postfix 4203 0.0 0.3 4856 1724 ? S 07:01 0:00 qmgr -l -t fifo -u -c
root 5591 0.0 0.1 2708 880 ? Ss 07:01 0:00 /usr/bin/lisa -c /etc/lisarc
root 5675 0.0 0.0 1560 448 tty1 Ss+ 07:01 0:00 /sbin/mingetty tty1
root 5676 0.0 0.0 1560 452 tty2 Ss+ 07:01 0:00 /sbin/mingetty tty2
root 5677 0.0 0.0 1560 452 tty3 Ss+ 07:01 0:00 /sbin/mingetty tty3
root 5678 0.0 0.0 1560 452 tty4 Ss+ 07:01 0:00 /sbin/mingetty tty4
root 5679 0.0 0.0 1560 452 tty5 Ss+ 07:01 0:00 /sbin/mingetty tty5
root 5680 0.0 0.0 1560 452 tty6 Ss+ 07:01 0:00 /sbin/mingetty tty6
<user> 5874 0.0 0.2 3944 1488 ? Ss 07:12 0:00 /bin/sh /usr/bin/startkde
<user> 5931 0.0 0.1 4232 956 ? Ss 07:12 0:00 ssh-agent
<user> 5953 0.0 0.0 2284 448 ? Ss 07:12 0:00 gpg-agent --daemon
<user> 6043 0.0 0.1 2704 648 ? S 07:12 0:00 /usr/bin/dbus-launch --exit-with-session --sh
<user> 6044 0.0 0.0 2424 484 ? Ss 07:12 0:00 /usr/bin/dbus-daemon --fork --print-pid 9 --p
<user> 6055 0.0 0.1 3340 828 ? Ss 07:12 0:00 /usr/bin/imwheel -k --rc /etc/X11/imwheel/imw
<user> 6085 0.0 0.5 8328 2760 ? Ss 07:12 0:00 s2u --daemon=yes --debug
<user> 6110 0.0 1.4 26680 7404 ? Ss 07:12 0:00 kdeinit Running...
<user> 6113 0.0 0.5 25940 2632 ? S 07:12 0:00 dcopserver [kdeinit] --nosid
<user> 6115 0.0 1.6 27972 8208 ? S 07:12 0:00 klauncher [kdeinit] --new-startup
<user> 6117 0.0 2.8 34288 14412 ? S 07:12 0:01 kded [kdeinit] --new-startup
<user> 6119 0.0 0.3 2824 1552 ? S 07:12 0:00 /usr/lib/gam_server
<user> 6124 0.0 0.0 1548 356 ? S 07:12 0:00 kwrapper ksmserver
<user> 6126 0.0 2.0 28044 10380 ? S 07:12 0:00 ksmserver [kdeinit]
<user> 6127 0.0 2.6 30176 12992 ? S 07:12 0:01 kwin [kdeinit]
<user> 6129 0.0 3.9 39600 19668 ? S 07:12 0:01 kdesktop [kdeinit]
<user> 6132 0.0 3.3 35356 16788 ? S 07:12 0:01 kicker [kdeinit]
<user> 6133 0.0 1.4 26792 7176 ? S 07:12 0:00 kio_file [kdeinit] file /home/<user>/tmp/ksocke
<user> 6139 0.0 1.4 27912 7260 ? SL 07:12 0:07 /usr/bin/artsd -F 10 -S 4096 -d -n -s 60 -m a
<user> 6142 0.0 2.0 28060 10272 ? S 07:12 0:00 kaccess [kdeinit]
<user> 6144 0.0 4.5 31692 22556 ? S 07:12 0:01 /usr/bin/perl /usr/bin/net_applet
<user> 6147 0.0 2.9 31692 14584 ? S 07:12 0:00 kmix [kdeinit] -caption KMix -icon kmix -mini
<user> 6150 0.0 2.3 28400 11496 ? S 07:12 0:00 klipper [kdeinit]
<user> 6154 0.0 2.7 36868 13800 ? S 07:12 0:00 knotify [kdeinit]
<user> 6163 0.0 0.1 2668 868 ? S 07:12 0:00 xsettings-kde
<user> 6171 0.0 2.6 31008 13288 ? S 07:12 0:00 korgac --miniicon korganizer
postfix 6606 0.0 0.3 4816 1568 ? S 10:21 0:00 pickup -l -t fifo -u -c -o content_filter -o
<user> 6624 0.0 0.3 3948 1508 ? S 11:21 0:00 /bin/sh /usr/bin/mozilla-firefox
<user> 6629 0.0 0.3 3988 1520 ? S 11:21 0:00 /bin/sh /usr/lib/mozilla-firefox-1.5.0.7/run-
<user> 6634 4.9 9.7 121000 48568 ? Sl 11:21 0:38 /usr/lib/mozilla-firefox-1.5.0.7/mozilla-fire
<user> 6638 0.0 0.5 5140 2580 ? S 11:21 0:00 /usr/lib/gconfd-2 12
<user> 6642 0.2 3.2 34088 16400 ? R 11:22 0:01 konsole [kdeinit]
<user> 6643 0.0 0.3 4128 1876 pts/1 Ss 11:22 0:00 /bin/bash
root 6716 0.0 0.2 3436 1140 pts/1 S 11:22 0:00 su
root 6719 0.0 0.3 3612 1612 pts/1 S 11:22 0:00 bash
root 6782 0.0 0.1 2280 900 pts/1 R+ 11:34 0:00 ps aux
you netstat and ps -aux look good, the only thing I would suggest (and this is default on Mandriva, though I don't know why) is turning off sunrpc. I believe you can do this in Services in the Mandriva Control Center, just look for "rpc" or "sunrpc" and switch off "on boot". You shouldn't needs this, and it often has security holes in it.
QUOTE (ianw1974 @ Nov 10 2006, 04:43 AM)
You can check, and always symlink python2.4 to the 2.43 installation if it doesn't exist.
Check... what?
I have had to soft link files before, but if you could lead me through how to symlink a directory I would appreciate it. I assume the link has to be in /usr/lib/python2.4 folder?
Is there a handy way to find symlinks, whether all of them, or what is linked to something?
QUOTE (Gowator @ Nov 9 2006, 03:50 AM)
try a different port for a week .... works wonders....
works wonders....I have been trying to run a different port, and when I setup a different one I can't get on the desktop from the laptop. I think it has to do with the router setup. This is what it defaults to when setting up a ssh server:
I have, of course set sshd_config to a different port, but am not sure how I should set up the above.
QUOTE
try using denyhosts (a package)... it automatically bans IP's for X number of failed logins.by adding to your hosts.deny.. and mails you.
My hosts.deny has well over 5000 entries....
My hosts.deny has well over 5000 entries....
Need to figure out how to symlink python2.4.3 to python2.4. then I might be able to get it running.
QUOTE (riseringseeker @ Nov 11 2006, 01:11 AM)
Need to figure out how to symlink python2.4.3 to python2.4. then I might be able to get it running.
Going to be now but its exactly like a file.... you just name a directoriy instead of the file you want to symlink...
QUOTE (Gowator @ Nov 10 2006, 07:47 PM)
QUOTE (riseringseeker @ Nov 11 2006, 01:11 AM)
Need to figure out how to symlink python2.4.3 to python2.4. then I might be able to get it running.
Going to be now but its exactly like a file.... you just name a directoriy instead of the file you want to symlink...
I found that symlinking was not what I needed to do after looking through the denyhosts mailing list, but instead just install without dependencies (after installing the python development libraries)
CODE
rpm --install --nodeps DenyHosts-2.5-python2.4.noarch.rpm
That got me much further, but when I run the install I get another error.
CODE
# python setup.py install
running install
running build
running build_py
error: package directory 'DenyHosts' does not exist
running install
running build
running build_py
error: package directory 'DenyHosts' does not exist
Still digging in the mailing list on denyhosts to figure that one out, and if I can't find out how to do it there, will start a new thread under installation about how to get it running.
I thought I would let everyone know that I am fairly confident that my server was not compromised (but am going through the log files daily anyway - just to be sure). I was also finally able to install and get denyhosts running.
None of the RPMs available from here would work for me, even after installing libpython2.4-devel, which I found looking through the mailing list, is required. I then tried the tarball again, and since I had install the required library, it worked!
I was not able to get it to run as per instructions however. I had to put this in crontab:
Since I did that, it is running just fine, and my /etc/hosts.deny is steadily growing.
The only continuing problems I have is not getting auto-emails from the system (I must need to tweak something to be able to let the program(s) trying to send emails to my gmail account to get out.), and figuring out how to configure the router and server to use a port other than 22. So, it's still a little bit of a work in progress.
Thank you all for your help - it is much appreciated.
None of the RPMs available from here would work for me, even after installing libpython2.4-devel, which I found looking through the mailing list, is required. I then tried the tarball again, and since I had install the required library, it worked!
I was not able to get it to run as per instructions however. I had to put this in crontab:
CODE
0,10,20,30,40,50 * * * * python /usr/bin/denyhosts.py --daemon -c /usr/share/denyhosts/denyhosts.cfg
Since I did that, it is running just fine, and my /etc/hosts.deny is steadily growing.
The only continuing problems I have is not getting auto-emails from the system (I must need to tweak something to be able to let the program(s) trying to send emails to my gmail account to get out.), and figuring out how to configure the router and server to use a port other than 22. So, it's still a little bit of a work in progress.
Thank you all for your help - it is much appreciated.
To set up ssh to another port is very easy:
Just change
# Port 22
to
Port xxx
in /etc/ssh/sshd_config and restart sshd.
I just did it earlier today.
Just change
# Port 22
to
Port xxx
in /etc/ssh/sshd_config and restart sshd.
I just did it earlier today.
QUOTE (Mhn @ Nov 13 2006, 09:31 AM)
To set up ssh to another port is very easy:
Just change
# Port 22
to
Port xxx
in /etc/ssh/sshd_config and restart sshd.
I just did it earlier today.
Just change
# Port 22
to
Port xxx
in /etc/ssh/sshd_config and restart sshd.
I just did it earlier today.
Yes, that changes the ssh server, and I have done that, but it is the configuration of the router in conjunction with changing the server port that seems to be frustrating me. Scroll back up and you can see the configuration window I have to work with for the router. I have tried XXXX in pretty much any combination of the fields the port number would go into (where XXXX = the same port sshd is set to), and still I cannot log in.
You won't be able to choose Secure Shell from the dropdown box, because it defaults to the standard port of 22.
You would have to choose custom, and then set the inbound port to the new port you've chosen for the relevant boxes.
You would have to choose custom, and then set the inbound port to the new port you've chosen for the relevant boxes.
QUOTE (ianw1974 @ Nov 15 2006, 01:13 AM)
You won't be able to choose Secure Shell from the dropdown box, because it defaults to the standard port of 22.
You would have to choose custom, and then set the inbound port to the new port you've chosen for the relevant boxes.
You would have to choose custom, and then set the inbound port to the new port you've chosen for the relevant boxes.
Of course, I can still choose Secure Shell, just change what it points to as the port. I have tried 9022 as the inbound port, and/or the "private" port (I am not sure what that means) with sshd having the same value, and am unable to log in with it set like that. I also don't understand why there are two choices for each.
I am leaving in 2 1/2 hours and will be on an airplane or in an airport for 27 hours after that, and won't be home for 25 days, for until I get back, it'll have to stay pointed at port 22. I don't dare make the change when I am 10,000 miles from home, or I fear I won't be able to get back on at all.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.