From my mailbag the other day I received an interesting suggestion about obtaining information regarding all running process and network connections remotely using inetd / xinetd :
SSH client can be used to execute a command(s) on a remote UNIX box. Same technique can be used to get current network and system information using netstat information:
ssh you@remotebox netstat -a
ssh you@remotebox netstat -tulpn
He suggests that above command can be run via inetd / xinetd so that admin can connect easily and get information using telnet from 100s UNIX boxes. All you have to do is open /etc/inetd.conf under UNIX / Linux:
# vi /etc/inetd.conf
Append following line:
netstat stream tcp nowait root /bin/netstat netstat -a
Restart inetd:
# /etc/init.d/openbsd-inetd restart
Next, use telnet to connect to the netstat service (port 15) and get network connection information:
$ telnet server-name netstat
$ telnet 192.168.1.5 15
Output:
Trying 192.168.1.5... Connected to 192.168.1.5. Escape character is '^]'. Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:6881 *:* LISTEN tcp 0 0 *:6081 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 localhost:6082 *:* LISTEN tcp 0 0 *:54053 *:* LISTEN tcp 0 0 *:59275 *:* LISTEN tcp 0 0 *:netstat *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 localhost:webcache *:* LISTEN tcp 0 0 *:43218 *:* LISTEN tcp 0 0 *:domain *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 *:telnet *:* LISTEN tcp 0 0 *:3128 *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 1 vivek-desktop.loc:48925 bas4-kitchener06-:56662 SYN_SENT tcp 0 0 vivek-desktop.loc:54791 customer5673.pool:16273 ESTABLISHED tcp 0 0 vivek-desktop.loc:38398 59.94.1xx.yy:45483 ESTABLISHED tcp 0 0 vivek-desktop.loc:42048 60.21.zz.yyy:23235 ESTABLISHED ........... .... .... unix 3 [ ] STREAM CONNECTED 15973 unix 3 [ ] STREAM CONNECTED 15947 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 15946 unix 3 [ ] STREAM CONNECTED 15936 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 15935 unix 2 [ ] DGRAM 15931 unix 3 [ ] STREAM CONNECTED 15916 unix 3 [ ] STREAM CONNECTED 15915 unix 2 [ ] DGRAM 15906 Connection closed by foreign host.
There are few problems with this solution:
a] Unnecessary service running at port # 15
b] Telnet protocol is not secure
c] I strongly recommend using ssh and password-less login for scripts to obtain this kind of information:
ssh user@remote-box netstat -a
ssh user@remote-box df -H
ssh user@remote-box free -m
ssh user@remote-box /path/to/script.pl
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
![Quick Tip: Find Hidden Processes and Ports [ Linux / Unix / Windows ]](http://s13.cyberciti.org/images/shared/rp/3/17.jpg)
{ 0 comments… add one now }