On 05/30/2014 11:14 AM, Eric Falbe wrote: > Hi All, > > I was wondering if anyone knew of a way to notify or log when a specific > remote port is openened? I have an old LDAP server that I am looking to get > rid of, but there is still a few queries reaching it. > > The sytem authentication is setup correctly (as is Postfix), so I am thinking > there must be some script or program that is setup to query the older LDAP > server. > > I tried using lsof -i|grep 389, but I am not quick enough to get results > before the socket is closed. Is there any program or script I could write to > detect when this socket gets opened, and what PID and/or program owns it? > it's a fairly interesting problem (at least to me); I'm not wizard enough to be able to redirect the connection, but you could write a perl script that sits on the port and logs the remote IP connecting, although that would break the service while you're figuring out who's still connecting. the other thing I'd consider (although my quick little experiment didn't quite work) is turning on/adding to iptables for some logging.
you could also potentially do something with tcp wrappers if the daemon has the libraries, or maybe some xinetd magic. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
