From my mailbag the other day I received an interesting suggestion about obtaining information regarding all running process and network connections remotely using inetd / xinetd :
SSH client can be used to execute a command(s) on a remote UNIX box. Same technique can be used to get current network and system information using netstat information:
ssh you@remotebox netstat -a
ssh you@remotebox netstat -tulpn
He suggests that above command can be run via inetd / xinetd so that admin can connect easily and get information using telnet from 100s UNIX boxes. All you have to do is open /etc/inetd.conf under UNIX / Linux:
# vi /etc/inetd.conf
Append following line:
netstat stream tcp nowait root /bin/netstat netstat -a
Restart inetd:
# /etc/init.d/openbsd-inetd restart
Next, use telnet to connect to the netstat service (port 15) and get network connection information:
$ telnet server-name netstat
$ telnet 192.168.1.5 15
Output:
Trying 192.168.1.5... Connected to 192.168.1.5. Escape character is '^]'. Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:6881 *:* LISTEN tcp 0 0 *:6081 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 localhost:6082 *:* LISTEN tcp 0 0 *:54053 *:* LISTEN tcp 0 0 *:59275 *:* LISTEN tcp 0 0 *:netstat *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 localhost:webcache *:* LISTEN tcp 0 0 *:43218 *:* LISTEN tcp 0 0 *:domain *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 *:telnet *:* LISTEN tcp 0 0 *:3128 *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 1 vivek-desktop.loc:48925 bas4-kitchener06-:56662 SYN_SENT tcp 0 0 vivek-desktop.loc:54791 customer5673.pool:16273 ESTABLISHED tcp 0 0 vivek-desktop.loc:38398 59.94.1xx.yy:45483 ESTABLISHED tcp 0 0 vivek-desktop.loc:42048 60.21.zz.yyy:23235 ESTABLISHED ........... .... .... unix 3 [ ] STREAM CONNECTED 15973 unix 3 [ ] STREAM CONNECTED 15947 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 15946 unix 3 [ ] STREAM CONNECTED 15936 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 15935 unix 2 [ ] DGRAM 15931 unix 3 [ ] STREAM CONNECTED 15916 unix 3 [ ] STREAM CONNECTED 15915 unix 2 [ ] DGRAM 15906 Connection closed by foreign host.
There are few problems with this solution:
a] Unnecessary service running at port # 15
b] Telnet protocol is not secure
c] I strongly recommend using ssh and password-less login for scripts to obtain this kind of information:
ssh user@remote-box netstat -a
ssh user@remote-box df -H
ssh user@remote-box free -m
ssh user@remote-box /path/to/script.pl
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
