Peter M. Abraham wrote:
Greetings Dave:
Did you miss seeing
3306/tcp open mysql MySQL 5.0.45-community-log
5001/tcp open apc-agent APC PowerChute agent
5432/tcp open postgresql PostgreSQL DB
8009/tcp open ajp13?
8080/tcp open http Apache httpd
8443/tcp open http
Administrator
Mint Inc
-Original Message-
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Daniel Cid
Sent: Sunday, September 09, 2007 8:54 PM
To: ossec-list@googlegroups.com
Subject: [ossec-list] Re: ossec-rootcheck found hidden ports -- how can I
verify
, September 06, 2007 3:07 PM
To: ossec-list
Subject: [ossec-list] Re: ossec-rootcheck found hidden ports -- how can I
verify if this
is a false positive or not?
Greetings Steve:
I finally got around to installing the latest nmap and checking nmap.
PORT STATE SERVICEVERSION
21/tcp open ftp
Greetings:
The server in question is CentOS 4, and rkhunter and chkrootkit do not
report any issues.
Thank you.
Peter M. Abraham wrote:
Greetings:
The server in question is CentOS 4, and rkhunter and chkrootkit do not
report any issues.
Thank you.
Have you tried to do a nmap scan of the system from another workstation?
nmap should show you what open ports and then you can try to identify if
Greetings:
I replaced the netstat on the server (actually updated net-tools which
was out dated),
rpm -V net-tools-1.60-37.EL4.9
Provides no output for which I understand means the package verified
ok.
Yet, ossec-rootcheck still shows hidden ports as listed in my first
post.
strings
On Aug 27, 11:11 am, Peter M. Abraham [EMAIL PROTECTED]
wrote:
Greetings:
I replaced the netstat on the server (actually updated net-tools which
was out dated),
rpm -V net-tools-1.60-37.EL4.9
Provides no output for which I understand means the package verified
ok.
You realize that even
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In my previous life, we had several busy servers and they would
often alert like this because of temporary port usage. I believed
the alert was because OSSEC tried to bind to a port, could not then
ran netstat and did not see the port in
Hi David,
In addition to what you mentioned, if you are using Linux, it can also
be caused by a bug
in an application that is binding to a TCP port, but not listening on
it. For some weird
reason, Linux does not report these ports on netstat...
More info here:
http://www.ossec.net/dcid/?p=87
