From my mailbag the other day I received an interesting suggestion about obtaining information regarding all running process and network connections remotely using inetd / xinetd :
SSH client can be used to execute a command(s) on a remote UNIX box. Same technique can be used to get current network and system information using netstat information:
ssh you@remotebox netstat -a
ssh you@remotebox netstat -tulpn
He suggests that above command can be run via inetd / xinetd so that admin can connect easily and get information using telnet from 100s UNIX boxes. All you have to do is open /etc/inetd.conf under UNIX / Linux:
# vi /etc/inetd.conf
Append following line:
netstat stream tcp nowait root /bin/netstat netstat -a
Restart inetd:
# /etc/init.d/openbsd-inetd restart
Next, use telnet to connect to the netstat service (port 15) and get network connection information:
$ telnet server-name netstat
$ telnet 192.168.1.5 15
Output:
Trying 192.168.1.5... Connected to 192.168.1.5. Escape character is '^]'. Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:6881 *:* LISTEN tcp 0 0 *:6081 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 localhost:6082 *:* LISTEN tcp 0 0 *:54053 *:* LISTEN tcp 0 0 *:59275 *:* LISTEN tcp 0 0 *:netstat *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 localhost:webcache *:* LISTEN tcp 0 0 *:43218 *:* LISTEN tcp 0 0 *:domain *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 *:telnet *:* LISTEN tcp 0 0 *:3128 *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 1 vivek-desktop.loc:48925 bas4-kitchener06-:56662 SYN_SENT tcp 0 0 vivek-desktop.loc:54791 customer5673.pool:16273 ESTABLISHED tcp 0 0 vivek-desktop.loc:38398 59.94.1xx.yy:45483 ESTABLISHED tcp 0 0 vivek-desktop.loc:42048 60.21.zz.yyy:23235 ESTABLISHED ........... .... .... unix 3 [ ] STREAM CONNECTED 15973 unix 3 [ ] STREAM CONNECTED 15947 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 15946 unix 3 [ ] STREAM CONNECTED 15936 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 15935 unix 2 [ ] DGRAM 15931 unix 3 [ ] STREAM CONNECTED 15916 unix 3 [ ] STREAM CONNECTED 15915 unix 2 [ ] DGRAM 15906 Connection closed by foreign host.
There are few problems with this solution:
a] Unnecessary service running at port # 15
b] Telnet protocol is not secure
c] I strongly recommend using ssh and password-less login for scripts to obtain this kind of information:
ssh user@remote-box netstat -a
ssh user@remote-box df -H
ssh user@remote-box free -m
ssh user@remote-box /path/to/script.pl
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 0 comments... add one ↓
40 Linux Server Hardening Security Tips [2019 edition]
Top 25 Nginx Web Server Best Security Practices
Linux: 25 Iptables Netfilter Firewall Examples For New SysAdmins
Linux 25 PHP Security Best Practices For Sys Admins- Linux / Unix Desktop Fun: Text Mode ASCII-art Box and Comment Drawing
Top 20 OpenSSH Server Best Security Practices
30 Linux System Monitoring Tools Every SysAdmin Should Know
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |