Package: tiger
Version: 1:3.2.4~rc1-3.1
Severity: normal
X-Debbugs-Cc: [email protected]
Dear Maintainer,
Every run checking the listening processes produces a difference as it
uses the device IDs as socket IDs for many (not all) processes. The
problem is in the script check_listeningprocs. The script does not work
correctly as the output it gets from lsof is not always structured as
the corresponding awk command expects it to be. Especially there are 2
additional columns with optional content (leading to column shifts
otherwise), and I guess the otherwise selected columns 7 and 8 should be
8 and 9.
I've attached an example of
lsof -n | grep -e COMMAND -e IPv[46] -e ' raw'
(stdout) as lsof-n-IPv-raw.out and what the awk command
awk '{printf("%s %s %s %s\n", $1, $3, $7, $8)}'
would make out of (after a "grep IPv") it as awk-1-3-7-8.out to show the
problem.
I'd suggest either using netstat (-tulpe ?) or lsof -n -F (with pcfDi?),
albeit the latter makes parsing more difficult (there is an example in
/usr/share/doc/lsof/examples/list_fields.awk though).
Best regards, Thomas
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-2-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages tiger depends on:
ii binutils 2.39-8
ii bsdutils 1:2.38.1-1.1+b1
ii debconf [debconf-2.0] 1.5.79
ii debianutils 5.7-0.3
ii libc6 2.35-4
ii lsb-release 12.0-1
ii net-tools 1.60+git20181103.0eebece-1
ii ucf 3.0043
Versions of packages tiger recommends:
ii aide 0.17.4-2
ii chkrootkit 0.55-4+b2
ii john 1.9.0-2
ii postfix [mail-transport-agent] 3.7.3-2
Versions of packages tiger suggests:
ii lsof 4.95.0-1
ii lynis 3.0.8-1.1
-- debconf information:
tiger/policy_adapt:
tiger/mail_rcpt: root
COMMAND PID TID TASKCMD USER FD TYPE
DEVICE SIZE/OFF NODE NAME
atop 1150 root 4u raw
0t0 26153 00000000:00FF->00000000:0000 st=07
cupsd 1441 root 7u IPv6
12691 0t0 TCP [::1]:ipp (LISTEN)
cupsd 1441 root 8u IPv4
12692 0t0 TCP 127.0.0.1:ipp (LISTEN)
sshd 1444 root 3u IPv4
12548 0t0 TCP *:ssh (LISTEN)
sshd 1444 root 4u IPv6
12550 0t0 TCP *:ssh (LISTEN)
inetd 1505 root 7u IPv4
19705 0t0 TCP *:nntp (LISTEN)
pdns_recu 1511 pdns 4u IPv4
17594 0t0 UDP 127.0.0.1:domain
pdns_recu 1511 pdns 5u IPv4
17595 0t0 UDP 192.168.1.1:domain
pdns_recu 1511 pdns 6u IPv4
17596 0t0 TCP 127.0.0.1:domain (LISTEN)
pdns_recu 1511 pdns 7u IPv4
17597 0t0 TCP 192.168.1.1:domain (LISTEN)
pdns_recu 1511 1701 rec/distr pdns 4u IPv4
17594 0t0 UDP 127.0.0.1:domain
pdns_recu 1511 1701 rec/distr pdns 5u IPv4
17595 0t0 UDP 192.168.1.1:domain
pdns_recu 1511 1701 rec/distr pdns 6u IPv4
17596 0t0 TCP 127.0.0.1:domain (LISTEN)
pdns_recu 1511 1701 rec/distr pdns 7u IPv4
17597 0t0 TCP 192.168.1.1:domain (LISTEN)
pdns_recu 1511 1702 rec/worke pdns 4u IPv4
17594 0t0 UDP 127.0.0.1:domain
pdns_recu 1511 1702 rec/worke pdns 5u IPv4
17595 0t0 UDP 192.168.1.1:domain
pdns_recu 1511 1702 rec/worke pdns 6u IPv4
17596 0t0 TCP 127.0.0.1:domain (LISTEN)
pdns_recu 1511 1702 rec/worke pdns 7u IPv4
17597 0t0 TCP 192.168.1.1:domain (LISTEN)
pdns_recu 1511 1703 rec/worke pdns 4u IPv4
17594 0t0 UDP 127.0.0.1:domain
pdns_recu 1511 1703 rec/worke pdns 5u IPv4
17595 0t0 UDP 192.168.1.1:domain
pdns_recu 1511 1703 rec/worke pdns 6u IPv4
17596 0t0 TCP 127.0.0.1:domain (LISTEN)
pdns_recu 1511 1703 rec/worke pdns 7u IPv4
17597 0t0 TCP 192.168.1.1:domain (LISTEN)
pdns_recu 1511 1706 rec/worke pdns 4u IPv4
17594 0t0 UDP 127.0.0.1:domain
pdns_recu 1511 1706 rec/worke pdns 5u IPv4
17595 0t0 UDP 192.168.1.1:domain
pdns_recu 1511 1706 rec/worke pdns 6u IPv4
17596 0t0 TCP 127.0.0.1:domain (LISTEN)
pdns_recu 1511 1706 rec/worke pdns 7u IPv4
17597 0t0 TCP 192.168.1.1:domain (LISTEN)
pdns_recu 1511 1707 rec/worke pdns 4u IPv4
17594 0t0 UDP 127.0.0.1:domain
pdns_recu 1511 1707 rec/worke pdns 5u IPv4
17595 0t0 UDP 192.168.1.1:domain
pdns_recu 1511 1707 rec/worke pdns 6u IPv4
17596 0t0 TCP 127.0.0.1:domain (LISTEN)
pdns_recu 1511 1707 rec/worke pdns 7u IPv4
17597 0t0 TCP 192.168.1.1:domain (LISTEN)
pdns_recu 1511 1708 rec/taskT pdns 4u IPv4
17594 0t0 UDP 127.0.0.1:domain
pdns_recu 1511 1708 rec/taskT pdns 5u IPv4
17595 0t0 UDP 192.168.1.1:domain
pdns_recu 1511 1708 rec/taskT pdns 6u IPv4
17596 0t0 TCP 127.0.0.1:domain (LISTEN)
pdns_recu 1511 1708 rec/taskT pdns 7u IPv4
17597 0t0 TCP 192.168.1.1:domain (LISTEN)
pdns_recu 1511 1709 rec/web+s pdns 4u IPv4
17594 0t0 UDP 127.0.0.1:domain
pdns_recu 1511 1709 rec/web+s pdns 5u IPv4
17595 0t0 UDP 192.168.1.1:domain
pdns_recu 1511 1709 rec/web+s pdns 6u IPv4
17596 0t0 TCP 127.0.0.1:domain (LISTEN)
pdns_recu 1511 1709 rec/web+s pdns 7u IPv4
17597 0t0 TCP 192.168.1.1:domain (LISTEN)
privoxy 1528 privoxy 4u IPv4
20784 0t0 TCP 127.0.0.1:8118 (LISTEN)
privoxy 1528 privoxy 5u IPv6
20785 0t0 TCP [::1]:8118 (LISTEN)
privoxy 1528 privoxy 6u IPv4
20786 0t0 TCP 192.168.1.1:8118 (LISTEN)
dnsmasq 1864 dnsmasq 4u IPv4
15060 0t0 UDP *:bootps
dnsmasq 1864 dnsmasq 6u IPv4
15063 0t0 UDP 10.0.3.1:domain
dnsmasq 1864 dnsmasq 7u IPv4
15064 0t0 TCP 10.0.3.1:domain (LISTEN)
tor 1897 debian-tor 6u IPv4
28397 0t0 TCP 127.0.0.1:9050 (LISTEN)
cups-brow 2348 root 7u IPv4
25001 0t0 UDP *:631
cups-brow 2348 2387 gmain root 7u IPv4
25001 0t0 UDP *:631
cups-brow 2348 2389 gdbus root 7u IPv4
25001 0t0 UDP *:631
pipewire- 3561 td 30u IPv6
22228 0t0 TCP *:4713 (LISTEN)
pipewire- 3561 td 31u IPv4
22229 0t0 TCP *:4713 (LISTEN)
pipewire- 3561 3599 pipewire- td 30u IPv6
22228 0t0 TCP *:4713 (LISTEN)
pipewire- 3561 3599 pipewire- td 31u IPv4
22229 0t0 TCP *:4713 (LISTEN)
master 4149 root 13u IPv4
32839 0t0 TCP *:smtp (LISTEN)
master 4149 root 14u IPv6
32840 0t0 TCP *:smtp (LISTEN)
cupsd root 0t0 TCP
cupsd root 0t0 TCP
sshd root 0t0 TCP
sshd root 0t0 TCP
inetd root 0t0 TCP
pdns_recu pdns 0t0 UDP
pdns_recu pdns 0t0 UDP
pdns_recu pdns 0t0 TCP
pdns_recu pdns 0t0 TCP
pdns_recu 1701 IPv4 17594
pdns_recu 1701 IPv4 17595
pdns_recu 1701 IPv4 17596
pdns_recu 1701 IPv4 17597
pdns_recu 1702 IPv4 17594
pdns_recu 1702 IPv4 17595
pdns_recu 1702 IPv4 17596
pdns_recu 1702 IPv4 17597
pdns_recu 1703 IPv4 17594
pdns_recu 1703 IPv4 17595
pdns_recu 1703 IPv4 17596
pdns_recu 1703 IPv4 17597
pdns_recu 1706 IPv4 17594
pdns_recu 1706 IPv4 17595
pdns_recu 1706 IPv4 17596
pdns_recu 1706 IPv4 17597
pdns_recu 1707 IPv4 17594
pdns_recu 1707 IPv4 17595
pdns_recu 1707 IPv4 17596
pdns_recu 1707 IPv4 17597
pdns_recu 1708 IPv4 17594
pdns_recu 1708 IPv4 17595
pdns_recu 1708 IPv4 17596
pdns_recu 1708 IPv4 17597
pdns_recu 1709 IPv4 17594
pdns_recu 1709 IPv4 17595
pdns_recu 1709 IPv4 17596
pdns_recu 1709 IPv4 17597
privoxy privoxy 0t0 TCP
privoxy privoxy 0t0 TCP
privoxy privoxy 0t0 TCP
dnsmasq dnsmasq 0t0 UDP
dnsmasq dnsmasq 0t0 UDP
dnsmasq dnsmasq 0t0 TCP
tor debian-tor 0t0 TCP
cups-brow root 0t0 UDP
cups-brow 2387 IPv4 25001
cups-brow 2389 IPv4 25001
pipewire- td 0t0 TCP
pipewire- td 0t0 TCP
pipewire- 3599 IPv6 22228
pipewire- 3599 IPv4 22229
master root 0t0 TCP
master root 0t0 TCP
