Package: tiger Version: 1:3.2.4~rc1-3.1 Severity: normal X-Debbugs-Cc: debian-b...@th-dorner.de
Dear Maintainer, Every run checking the listening processes produces a difference as it uses the device IDs as socket IDs for many (not all) processes. The problem is in the script check_listeningprocs. The script does not work correctly as the output it gets from lsof is not always structured as the corresponding awk command expects it to be. Especially there are 2 additional columns with optional content (leading to column shifts otherwise), and I guess the otherwise selected columns 7 and 8 should be 8 and 9. I've attached an example of lsof -n | grep -e COMMAND -e IPv[46] -e ' raw' (stdout) as lsof-n-IPv-raw.out and what the awk command awk '{printf("%s %s %s %s\n", $1, $3, $7, $8)}' would make out of (after a "grep IPv") it as awk-1-3-7-8.out to show the problem. I'd suggest either using netstat (-tulpe ?) or lsof -n -F (with pcfDi?), albeit the latter makes parsing more difficult (there is an example in /usr/share/doc/lsof/examples/list_fields.awk though). Best regards, Thomas -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-2-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_CPU_OUT_OF_SPEC Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tiger depends on: ii binutils 2.39-8 ii bsdutils 1:2.38.1-1.1+b1 ii debconf [debconf-2.0] 1.5.79 ii debianutils 5.7-0.3 ii libc6 2.35-4 ii lsb-release 12.0-1 ii net-tools 1.60+git20181103.0eebece-1 ii ucf 3.0043 Versions of packages tiger recommends: ii aide 0.17.4-2 ii chkrootkit 0.55-4+b2 ii john 1.9.0-2 ii postfix [mail-transport-agent] 3.7.3-2 Versions of packages tiger suggests: ii lsof 4.95.0-1 ii lynis 3.0.8-1.1 -- debconf information: tiger/policy_adapt: tiger/mail_rcpt: root
COMMAND PID TID TASKCMD USER FD TYPE DEVICE SIZE/OFF NODE NAME atop 1150 root 4u raw 0t0 26153 00000000:00FF->00000000:0000 st=07 cupsd 1441 root 7u IPv6 12691 0t0 TCP [::1]:ipp (LISTEN) cupsd 1441 root 8u IPv4 12692 0t0 TCP 127.0.0.1:ipp (LISTEN) sshd 1444 root 3u IPv4 12548 0t0 TCP *:ssh (LISTEN) sshd 1444 root 4u IPv6 12550 0t0 TCP *:ssh (LISTEN) inetd 1505 root 7u IPv4 19705 0t0 TCP *:nntp (LISTEN) pdns_recu 1511 pdns 4u IPv4 17594 0t0 UDP 127.0.0.1:domain pdns_recu 1511 pdns 5u IPv4 17595 0t0 UDP 192.168.1.1:domain pdns_recu 1511 pdns 6u IPv4 17596 0t0 TCP 127.0.0.1:domain (LISTEN) pdns_recu 1511 pdns 7u IPv4 17597 0t0 TCP 192.168.1.1:domain (LISTEN) pdns_recu 1511 1701 rec/distr pdns 4u IPv4 17594 0t0 UDP 127.0.0.1:domain pdns_recu 1511 1701 rec/distr pdns 5u IPv4 17595 0t0 UDP 192.168.1.1:domain pdns_recu 1511 1701 rec/distr pdns 6u IPv4 17596 0t0 TCP 127.0.0.1:domain (LISTEN) pdns_recu 1511 1701 rec/distr pdns 7u IPv4 17597 0t0 TCP 192.168.1.1:domain (LISTEN) pdns_recu 1511 1702 rec/worke pdns 4u IPv4 17594 0t0 UDP 127.0.0.1:domain pdns_recu 1511 1702 rec/worke pdns 5u IPv4 17595 0t0 UDP 192.168.1.1:domain pdns_recu 1511 1702 rec/worke pdns 6u IPv4 17596 0t0 TCP 127.0.0.1:domain (LISTEN) pdns_recu 1511 1702 rec/worke pdns 7u IPv4 17597 0t0 TCP 192.168.1.1:domain (LISTEN) pdns_recu 1511 1703 rec/worke pdns 4u IPv4 17594 0t0 UDP 127.0.0.1:domain pdns_recu 1511 1703 rec/worke pdns 5u IPv4 17595 0t0 UDP 192.168.1.1:domain pdns_recu 1511 1703 rec/worke pdns 6u IPv4 17596 0t0 TCP 127.0.0.1:domain (LISTEN) pdns_recu 1511 1703 rec/worke pdns 7u IPv4 17597 0t0 TCP 192.168.1.1:domain (LISTEN) pdns_recu 1511 1706 rec/worke pdns 4u IPv4 17594 0t0 UDP 127.0.0.1:domain pdns_recu 1511 1706 rec/worke pdns 5u IPv4 17595 0t0 UDP 192.168.1.1:domain pdns_recu 1511 1706 rec/worke pdns 6u IPv4 17596 0t0 TCP 127.0.0.1:domain (LISTEN) pdns_recu 1511 1706 rec/worke pdns 7u IPv4 17597 0t0 TCP 192.168.1.1:domain (LISTEN) pdns_recu 1511 1707 rec/worke pdns 4u IPv4 17594 0t0 UDP 127.0.0.1:domain pdns_recu 1511 1707 rec/worke pdns 5u IPv4 17595 0t0 UDP 192.168.1.1:domain pdns_recu 1511 1707 rec/worke pdns 6u IPv4 17596 0t0 TCP 127.0.0.1:domain (LISTEN) pdns_recu 1511 1707 rec/worke pdns 7u IPv4 17597 0t0 TCP 192.168.1.1:domain (LISTEN) pdns_recu 1511 1708 rec/taskT pdns 4u IPv4 17594 0t0 UDP 127.0.0.1:domain pdns_recu 1511 1708 rec/taskT pdns 5u IPv4 17595 0t0 UDP 192.168.1.1:domain pdns_recu 1511 1708 rec/taskT pdns 6u IPv4 17596 0t0 TCP 127.0.0.1:domain (LISTEN) pdns_recu 1511 1708 rec/taskT pdns 7u IPv4 17597 0t0 TCP 192.168.1.1:domain (LISTEN) pdns_recu 1511 1709 rec/web+s pdns 4u IPv4 17594 0t0 UDP 127.0.0.1:domain pdns_recu 1511 1709 rec/web+s pdns 5u IPv4 17595 0t0 UDP 192.168.1.1:domain pdns_recu 1511 1709 rec/web+s pdns 6u IPv4 17596 0t0 TCP 127.0.0.1:domain (LISTEN) pdns_recu 1511 1709 rec/web+s pdns 7u IPv4 17597 0t0 TCP 192.168.1.1:domain (LISTEN) privoxy 1528 privoxy 4u IPv4 20784 0t0 TCP 127.0.0.1:8118 (LISTEN) privoxy 1528 privoxy 5u IPv6 20785 0t0 TCP [::1]:8118 (LISTEN) privoxy 1528 privoxy 6u IPv4 20786 0t0 TCP 192.168.1.1:8118 (LISTEN) dnsmasq 1864 dnsmasq 4u IPv4 15060 0t0 UDP *:bootps dnsmasq 1864 dnsmasq 6u IPv4 15063 0t0 UDP 10.0.3.1:domain dnsmasq 1864 dnsmasq 7u IPv4 15064 0t0 TCP 10.0.3.1:domain (LISTEN) tor 1897 debian-tor 6u IPv4 28397 0t0 TCP 127.0.0.1:9050 (LISTEN) cups-brow 2348 root 7u IPv4 25001 0t0 UDP *:631 cups-brow 2348 2387 gmain root 7u IPv4 25001 0t0 UDP *:631 cups-brow 2348 2389 gdbus root 7u IPv4 25001 0t0 UDP *:631 pipewire- 3561 td 30u IPv6 22228 0t0 TCP *:4713 (LISTEN) pipewire- 3561 td 31u IPv4 22229 0t0 TCP *:4713 (LISTEN) pipewire- 3561 3599 pipewire- td 30u IPv6 22228 0t0 TCP *:4713 (LISTEN) pipewire- 3561 3599 pipewire- td 31u IPv4 22229 0t0 TCP *:4713 (LISTEN) master 4149 root 13u IPv4 32839 0t0 TCP *:smtp (LISTEN) master 4149 root 14u IPv6 32840 0t0 TCP *:smtp (LISTEN)
cupsd root 0t0 TCP cupsd root 0t0 TCP sshd root 0t0 TCP sshd root 0t0 TCP inetd root 0t0 TCP pdns_recu pdns 0t0 UDP pdns_recu pdns 0t0 UDP pdns_recu pdns 0t0 TCP pdns_recu pdns 0t0 TCP pdns_recu 1701 IPv4 17594 pdns_recu 1701 IPv4 17595 pdns_recu 1701 IPv4 17596 pdns_recu 1701 IPv4 17597 pdns_recu 1702 IPv4 17594 pdns_recu 1702 IPv4 17595 pdns_recu 1702 IPv4 17596 pdns_recu 1702 IPv4 17597 pdns_recu 1703 IPv4 17594 pdns_recu 1703 IPv4 17595 pdns_recu 1703 IPv4 17596 pdns_recu 1703 IPv4 17597 pdns_recu 1706 IPv4 17594 pdns_recu 1706 IPv4 17595 pdns_recu 1706 IPv4 17596 pdns_recu 1706 IPv4 17597 pdns_recu 1707 IPv4 17594 pdns_recu 1707 IPv4 17595 pdns_recu 1707 IPv4 17596 pdns_recu 1707 IPv4 17597 pdns_recu 1708 IPv4 17594 pdns_recu 1708 IPv4 17595 pdns_recu 1708 IPv4 17596 pdns_recu 1708 IPv4 17597 pdns_recu 1709 IPv4 17594 pdns_recu 1709 IPv4 17595 pdns_recu 1709 IPv4 17596 pdns_recu 1709 IPv4 17597 privoxy privoxy 0t0 TCP privoxy privoxy 0t0 TCP privoxy privoxy 0t0 TCP dnsmasq dnsmasq 0t0 UDP dnsmasq dnsmasq 0t0 UDP dnsmasq dnsmasq 0t0 TCP tor debian-tor 0t0 TCP cups-brow root 0t0 UDP cups-brow 2387 IPv4 25001 cups-brow 2389 IPv4 25001 pipewire- td 0t0 TCP pipewire- td 0t0 TCP pipewire- 3599 IPv6 22228 pipewire- 3599 IPv4 22229 master root 0t0 TCP master root 0t0 TCP