Wrongo ntop sheds it privileges and runs nmap as whatever user you specify via -u
To run nmap as root from a userid, it uses the suid bit. As I said, there are reports that (at least) RedHat 8.0 ships w/ nmap NOT suid (it is, after all, a security exposure). PLEASE do the tests that I asked you to do. -----Burton $ find / -type f \( -perm -04000 -o -perm -02000 \) 2>/dev/null | grep nmap $ nmap -p 23,21,80,138,139,548 -O 192.168.42.1 Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) TCP/IP fingerprinting (for OS scan) requires root privileges which you do not appear to possess. Sorry, dude. QUITTING! $ ls -l /usr/bin/nmap -rwxr-xr-x 1 root root 280228 Aug 1 06:37 /usr/bin/nmap $ su - Password: # chmod +s /usr/bin/nmap # exit $ find / -type f \( -perm -04000 -o -perm -02000 \) 2>/dev/null | grep nmap /usr/bin/nmap $ nmap -p 23,21,80,138,139,548 -O 192.168.42.1 Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on homeportal.gateway.2wire.net (192.168.42.1): (The 5 ports scanned but not shown below are in state: closed) Port State Service 80/tcp open http No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=3.00%P=i686-pc-linux-gnu%D=11/13%Time=3DD27F76%O=80%C=21) TSeq(Class=TD%gcd=1060C%SI=0%IPID=I%TS=100HZ) TSeq(Class=TD%gcd=FA0C%SI=0%IPID=I%TS=100HZ) TSeq(Class=RI%gcd=4%SI=133%IPID=I%TS=100HZ) T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MEWNNNT) T2(Resp=N) T3(Resp=N) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T7(Resp=N) PU(Resp=Y%DF=Y%TOS=0%IPLEN=70%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Uptime 44.131 days (since Mon Sep 30 08:27:51 2002) Nmap run completed -- 1 IP address (1 host up) scanned in 17 seconds -----Original Message----- From: Pietro Bandera [mailto:pietrob@;lansystems.it] Sent: Wednesday, November 13, 2002 10:16 AM To: 'Burton M. Strauss III' Subject: R: [Ntop-dev] CVS ntop Well i think is not a user problem because, i know that is not correct, but i run ntop as root and nmap can be used in all its options only if you are root....soo... Nmap used by ntop is run as root.... i don't think is a user problem.. -----Messaggio originale----- Da: Burton M. Strauss III [mailto:Burton@;ntopsupport.com] Inviato: mercoled� 13 novembre 2002 17.13 A: [EMAIL PROTECTED] Cc: Pietro Bandera Oggetto: RE: [Ntop-dev] CVS ntop Sounds more like the nmap itself is crashing or dying. What happens if you run nmap directly, while logged in as the user that ntop runs as? nmap -p 23,21,80,138,139,548 -O <host> There is a report that RedHat 8 ships w/ nmap not suid, so that the call is failing... wonder about your Linux... Of course, 1) we should test for suid before assuming we can run lsof and nmap and 2) that *rap really should be in a separate thread with a watchdog. If I can solve the issue w/ the graph.c stuff I put in yesterday, the same code construct should work for lsof and nmap... -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:ntop-dev-admin@;unipi.it]On Behalf Of Pietro Bandera Sent: Wednesday, November 13, 2002 9:45 AM To: [EMAIL PROTECTED] Subject: [Ntop-dev] CVS ntop Hi all Finally!....with the last cvs ntop i don't have any problem on the "hosts" list running ntop on my yellowdow linux 2.3!! So the correction that luca made were so good.... But.... This sweetness :) there is only if i run ntop with -N option. In fact if i run ntop with -E option and use nmap i got an error similar to the one that i got before the last cvs changes. The error, or better the strange behavior, is this: I can list host without any problem BUT....if i try to go in detail about one host, with the nmap option activated, i got a blank web page......maybe because the timeout that the ntop web server waits in order to recive the information from nmap is too short.....i dunno if this is really the answer i suppose is something like this. That's all Ciao _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
