* [gentoo-user] Syslog-ng has shell port open...
@ 2005-10-17 18:00 Dave Nebinger
2005-10-17 18:07 ` [gentoo-user] Syslog-ng has shell port open... SOLVED Dave Nebinger
0 siblings, 1 reply; 3+ messages in thread
From: Dave Nebinger @ 2005-10-17 18:00 UTC (permalink / raw
To: gentoo-user
So I'm busy tracking down a tcp connection issue on my server and I see that
*.shell is open (not a good thing).
So I do the 'netstat -pl' command to see who has that socket open and, low and
behold, it happens to be syslog-ng.
So I'm thinking that's kinda odd, there's no reason that syslog-ng should have
the shell port open for any reason.
Looking at my syslog-ng.conf file, the only sources I have defined are:
source src { unix-stream("/dev/log");
internal();
pipe("/proc/kmsg");
udp();
tcp(max_connections(10));
};
These, to me, do not look like they should result in an open shell port.
Anyone out there with ideas as to why it is opened by syslog-ng and how I can
get it closed down?
Thanks!
Dave
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] Syslog-ng has shell port open... SOLVED
2005-10-17 18:00 [gentoo-user] Syslog-ng has shell port open Dave Nebinger
@ 2005-10-17 18:07 ` Dave Nebinger
2005-10-17 18:16 ` gentuxx
0 siblings, 1 reply; 3+ messages in thread
From: Dave Nebinger @ 2005-10-17 18:07 UTC (permalink / raw
To: gentoo-user
On Monday 17 October 2005 02:00 pm, Dave Nebinger wrote:
> So I'm busy tracking down a tcp connection issue on my server and I see
> that *.shell is open (not a good thing).
>
> So I do the 'netstat -pl' command to see who has that socket open and, low
> and behold, it happens to be syslog-ng.
My bad. Forgot that under tcp 544 is shell, but under udp 544 is syslog. I
had both tcp and udp open, which is why shell port was open.
Dave
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] Syslog-ng has shell port open... SOLVED
2005-10-17 18:07 ` [gentoo-user] Syslog-ng has shell port open... SOLVED Dave Nebinger
@ 2005-10-17 18:16 ` gentuxx
0 siblings, 0 replies; 3+ messages in thread
From: gentuxx @ 2005-10-17 18:16 UTC (permalink / raw
To: gentoo-user
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dave Nebinger wrote:
>On Monday 17 October 2005 02:00 pm, Dave Nebinger wrote:
>
>>So I'm busy tracking down a tcp connection issue on my server and I see
>>that *.shell is open (not a good thing).
>>
>>So I do the 'netstat -pl' command to see who has that socket open and, low
>>and behold, it happens to be syslog-ng.
>
>
>My bad. Forgot that under tcp 544 is shell, but under udp 544 is syslog. I
>had both tcp and udp open, which is why shell port was open.
>
>Dave
Actually, the port is 514 by default, which for TCP is the rsh/rlogin
(remote shell/login) port and UDP is the syslog port. When you do a
netstat it resolves the names for the ports based on what's in
/etc/services. There may be a reason you would want to run syslog-ng
in TCP mode, which would show up as *.shell. But I guess you figured
out you don't need TCP syslog. ;-)
- --
gentux
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A
6996 0993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDU+p/LYGSSmmWCZMRAj0rAKCObOFvK/Rjxh3eO58pM97M9h+Z3ACgwRZA
7WzdJhAPNeO0LhC2qWq69Yc=
=wZg2
-----END PGP SIGNATURE-----
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-10-17 18:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-17 18:00 [gentoo-user] Syslog-ng has shell port open Dave Nebinger
2005-10-17 18:07 ` [gentoo-user] Syslog-ng has shell port open... SOLVED Dave Nebinger
2005-10-17 18:16 ` gentuxx
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox