我一直在新服务器 [centos 5.7 Final] 上进行一些强化,我也有 logwatch,似乎得到了这些奇怪的日志
Commands Run:
User root:
/sbin/service portsentry restart >/dev/null && /sbin/service iptables restart >/dev/null: 72 Time(s)
那么portentry日志是:
--------------------- PortSentry Begin ------------------------
Ignored following ports
Advanced Stealth:
TCP: ports: 21-22 25 53 80 110-111 113 135 137-139 443 932
Excluded following ports
Advanced: ports: 21-22 25 53 80 110 113 135 137-139 443
**Unmached entries**
72 Time(s): adminalert: Advanced mode will monitor first 1024 ports
72 Time(s): adminalert: ERROR: Socket 111 is in use and will not be monitored. Attempting to continue
72 Time(s): adminalert: Going into stealth listen mode on UDP port: 1
72 Time(s): adminalert: Going into stealth listen mode on UDP port: 111
72 Time(s): adminalert: Going into stealth listen mode on UDP port: 137
72 Time(s): adminalert: Going into stealth listen mode on UDP port: 138
etc etc ...... then
144 Time(s): adminalert: PortSentry 1.2 is starting.
144 Time(s): adminalert: PortSentry is shutting down
144 Time(s): securityalert: PortSentry is shutting down
---------------------- PortSentry End -------------------------
至少可以说,我有点困惑,如果我登录并手动启动 portsentry,我会得到关闭和启动的许可,所以我可以让它运行,只是似乎无法阻止它启动和停止在那之后。
我查看了 crontab,并且第一部分 [命令运行] 没有重复条目,该日志来自 cron。
如果其他人也遇到过这个,或者能给我一个线索,那就太好了。
谢谢
答案1
111 很可能是端口映射守护进程。为什么这个野兽要在你的服务器上运行?
如果您因为需要使用 NFS 客户端而需要它
PMAP_ARGS="-l"
在 /etc/sysconfig/portmap 中
这会将其绑定到本地主机。