Apache not repsonding

JnascECSI · Unread post by **JnascECSI** » Thu Dec 03, 2009 10:56 am

Came in to work this morning to find that in Plesk the Webserver was stopped but all sites are running fine which is weird. When i try to restart apache thru command line i get the following. I'm scared to reboot the server and not sure what i should do any help would be great.

I did restart PSA but it would'nt start httpd still and not sure what to do.

Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

Unread post by **scott** » Thu Dec 03, 2009 11:57 am

Could be evidence that the system is compromised, take a look at what is listening on port 80

JnascECSI · Unread post by **JnascECSI** » Thu Dec 03, 2009 12:33 pm

Scott,
I thought the same thing too and just ran rkhunter and passed fine, running clamscan also on the whole system.

i've checked all the logs and nothing seems out of the norm including ip's and login's.

also ran netstat and did'nt see anything suspiciose.

Unread post by **scott** » Thu Dec 03, 2009 3:50 pm

So whats running on port 80 then?

JnascECSI · Unread post by **JnascECSI** » Thu Dec 03, 2009 4:11 pm

This is my output for netstat -an

[XXXXXX@XXXXXXXX ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 10.102.150.179:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.178:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.177:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.176:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.174:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.247:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.246:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.245:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.244:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.161:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.160:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.159:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.158:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.175:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.145:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.144:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.143:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.142:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.141:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.140:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.139:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.138:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.199:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.198:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.173:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.197:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.196:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.193:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.192:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.190:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.191:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.189:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.188:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.185:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.184:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.172:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.183:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.182:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.181:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.180:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.169:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.168:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.167:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.166:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.165:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.164:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.171:53 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.170:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 10.102.150.183:25 201.130.15.179:29137 SYN_RECV
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2911 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2912 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:106 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:10001 0.0.0.0:* LISTEN
tcp 1 0 127.0.0.1:41910 127.0.0.1:3306 CLOSE_WAIT
tcp 0 0 10.102.150.183:25 201.130.15.179:47809 ESTABLISHED
tcp 0 0 10.102.150.178:110 207.138.47.158:6813 TIME_WAIT
tcp 0 0 127.0.0.1:3306 127.0.0.1:41910 FIN_WAIT2
tcp 0 0 10.102.150.178:110 207.138.47.158:37499 TIME_WAIT
tcp 0 0 10.102.150.178:110 207.138.47.158:37503 TIME_WAIT
tcp 0 0 10.102.150.178:110 207.138.47.158:37504 TIME_WAIT
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::30000 :::* LISTEN
tcp 0 0 ::ffff:10.102.150.178:80 ::ffff:66.249.71.133:46092 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:44876 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48776 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48762 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48758 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48778 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:35157 TIME_WAIT
tcp 0 10712 ::ffff:10.102.150.170:22 ::ffff:70.168.74.2:52397 ESTABLISHED
tcp 0 55200 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48802 ESTABLISHED
tcp 0 92929 ::ffff:10.102.150.167:80 ::ffff:75.202.29.88:55012 FIN_WAIT1
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:213.112.252.193:4717 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48756 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48777 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48607 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:67.195.111.241:38812 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:67.195.111.241:41763 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:35416 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48745 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:213.112.252.193:4729 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48760 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:49015 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:67.195.111.241:39953 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:48041 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48797 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48775 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:43710 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:44385 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:213.112.252.193:4713 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:34943 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:66.249.71.53:50399 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48801 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48610 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:213.112.252.193:4715 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48768 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:45528 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:37186 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:35245 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:213.112.252.193:4733 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48796 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:36399 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:36805 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48791 TIME_WAIT
tcp 1 976 ::ffff:10.102.150.167:80 ::ffff:64.68.239.61:59652 CLOSING
tcp 1 980 ::ffff:10.102.150.167:80 ::ffff:64.68.239.61:33036 CLOSING
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48611 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:67.195.111.241:38007 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:213.112.252.193:4731 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48773 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48790 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:38925 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:67.195.111.241:41461 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:44577 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48766 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48765 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48771 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.197:80 ::ffff:76.239.132.243:4610 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:67.195.111.241:37643 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:39711 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:43662 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48774 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:45710 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48767 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:33917 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48772 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:67.218.116.132:40846 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48763 TIME_WAIT
tcp 0 0 ::ffff:10.102.150.167:80 ::ffff:98.16.197.31:48770 TIME_WAIT
tcp 0 1960 ::ffff:10.102.150.170:22 ::ffff:70.168.74.2:47268 ESTABLISHED
tcp 0 0 ::ffff:10.102.150.138:80 ::ffff:83.233.138.179:36398 TIME_WAIT
udp 0 0 10.102.150.179:53 0.0.0.0:*
udp 0 0 10.102.150.178:53 0.0.0.0:*
udp 0 0 10.102.150.177:53 0.0.0.0:*
udp 0 0 10.102.150.176:53 0.0.0.0:*
udp 0 0 10.102.150.174:53 0.0.0.0:*
udp 0 0 10.102.150.247:53 0.0.0.0:*
udp 0 0 10.102.150.246:53 0.0.0.0:*
udp 0 0 10.102.150.245:53 0.0.0.0:*
udp 0 0 10.102.150.244:53 0.0.0.0:*
udp 0 0 10.102.150.161:53 0.0.0.0:*
udp 0 0 10.102.150.160:53 0.0.0.0:*
udp 0 0 10.102.150.159:53 0.0.0.0:*
udp 0 0 10.102.150.158:53 0.0.0.0:*
udp 0 0 10.102.150.175:53 0.0.0.0:*
udp 0 0 10.102.150.145:53 0.0.0.0:*
udp 0 0 10.102.150.144:53 0.0.0.0:*
udp 0 0 10.102.150.143:53 0.0.0.0:*
udp 0 0 10.102.150.142:53 0.0.0.0:*
udp 0 0 10.102.150.141:53 0.0.0.0:*
udp 0 0 10.102.150.140:53 0.0.0.0:*
udp 0 0 10.102.150.139:53 0.0.0.0:*
udp 0 0 10.102.150.138:53 0.0.0.0:*
udp 0 0 10.102.150.199:53 0.0.0.0:*
udp 0 0 10.102.150.198:53 0.0.0.0:*
udp 0 0 10.102.150.173:53 0.0.0.0:*
udp 0 0 10.102.150.197:53 0.0.0.0:*
udp 0 0 10.102.150.196:53 0.0.0.0:*
udp 0 0 10.102.150.193:53 0.0.0.0:*
udp 0 0 10.102.150.192:53 0.0.0.0:*
udp 0 0 10.102.150.190:53 0.0.0.0:*
udp 0 0 10.102.150.191:53 0.0.0.0:*
udp 0 0 10.102.150.189:53 0.0.0.0:*
udp 0 0 10.102.150.188:53 0.0.0.0:*
udp 0 0 10.102.150.185:53 0.0.0.0:*
udp 0 0 10.102.150.184:53 0.0.0.0:*
udp 0 0 10.102.150.172:53 0.0.0.0:*
udp 0 0 10.102.150.183:53 0.0.0.0:*
udp 0 0 10.102.150.182:53 0.0.0.0:*
udp 0 0 10.102.150.181:53 0.0.0.0:*
udp 0 0 10.102.150.180:53 0.0.0.0:*
udp 0 0 10.102.150.169:53 0.0.0.0:*
udp 0 0 10.102.150.168:53 0.0.0.0:*
udp 0 0 10.102.150.167:53 0.0.0.0:*
udp 0 0 10.102.150.166:53 0.0.0.0:*
udp 0 0 10.102.150.165:53 0.0.0.0:*
udp 0 0 10.102.150.164:53 0.0.0.0:*
udp 0 0 10.102.150.171:53 0.0.0.0:*
udp 0 0 10.102.150.170:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 6 [ ] DGRAM 1214516 /queue/ossec/queue
unix 2 [ ACC ] STREAM LISTENING 15564 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 5647 /tmp/clamd.socket
unix 3 [ ] DGRAM 1214492 /var/ossec/queue/alerts/execq
unix 16 [ ] DGRAM 5198 /dev/log
unix 2 [ ACC ] STREAM LISTENING 6632 /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 5140 /var/run/audispd_events
unix 2 [ ] DGRAM 724 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 7221 /tmp/spamd_full.sock
unix 2 [ ACC ] STREAM LISTENING 5336 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 1396029 /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 1396028
unix 2 [ ] STREAM CONNECTED 1390127
unix 2 [ ] STREAM CONNECTED 1387434
unix 2 [ ] STREAM CONNECTED 1385567
unix 2 [ ] STREAM CONNECTED 1382334
unix 2 [ ] STREAM CONNECTED 1365839
unix 2 [ ] STREAM CONNECTED 1359020
unix 2 [ ] STREAM CONNECTED 1358869
unix 2 [ ] STREAM CONNECTED 1358564
unix 2 [ ] STREAM CONNECTED 1347946
unix 2 [ ] STREAM CONNECTED 1347581
unix 2 [ ] STREAM CONNECTED 1346131
unix 2 [ ] STREAM CONNECTED 1227214
unix 2 [ ] STREAM CONNECTED 1225830
unix 2 [ ] STREAM CONNECTED 1225780
unix 2 [ ] STREAM CONNECTED 1221305
unix 2 [ ] STREAM CONNECTED 1221197
unix 2 [ ] STREAM CONNECTED 1221083
unix 2 [ ] DGRAM 1218091
unix 2 [ ] DGRAM 1215370
unix 2 [ ] DGRAM 1215193
unix 2 [ ] DGRAM 1215192
unix 2 [ ] DGRAM 1215190
unix 2 [ ] DGRAM 1215081
unix 2 [ ] DGRAM 1214957
unix 2 [ ] DGRAM 1214856
unix 2 [ ] DGRAM 1214644
unix 2 [ ] DGRAM 1214514
unix 3 [ ] STREAM CONNECTED 1194799
unix 3 [ ] STREAM CONNECTED 1194798
unix 2 [ ] STREAM CONNECTED 1179910
unix 2 [ ] STREAM CONNECTED 1179728
unix 2 [ ] STREAM CONNECTED 1179566
unix 2 [ ] STREAM CONNECTED 1138799
unix 2 [ ] STREAM CONNECTED 1127780
unix 2 [ ] STREAM CONNECTED 1121622
unix 2 [ ] STREAM CONNECTED 1114216
unix 2 [ ] STREAM CONNECTED 1091841
unix 2 [ ] STREAM CONNECTED 1072389
unix 2 [ ] STREAM CONNECTED 1066573
unix 2 [ ] STREAM CONNECTED 1061598
unix 2 [ ] STREAM CONNECTED 1050690
unix 2 [ ] STREAM CONNECTED 1048044
unix 2 [ ] STREAM CONNECTED 1029438
unix 2 [ ] STREAM CONNECTED 1024403
unix 2 [ ] STREAM CONNECTED 1014449
unix 2 [ ] STREAM CONNECTED 992738
unix 2 [ ] STREAM CONNECTED 979370
unix 2 [ ] STREAM CONNECTED 957591
unix 2 [ ] STREAM CONNECTED 954550
unix 2 [ ] STREAM CONNECTED 925758
unix 2 [ ] STREAM CONNECTED 923794
unix 2 [ ] STREAM CONNECTED 923717
unix 2 [ ] STREAM CONNECTED 869636
unix 2 [ ] STREAM CONNECTED 865727
unix 2 [ ] STREAM CONNECTED 859472
unix 2 [ ] STREAM CONNECTED 798714
unix 2 [ ] STREAM CONNECTED 798019
unix 2 [ ] STREAM CONNECTED 795534
unix 2 [ ] STREAM CONNECTED 794874
unix 2 [ ] STREAM CONNECTED 794309
unix 2 [ ] STREAM CONNECTED 629641
unix 3 [ ] STREAM CONNECTED 501731
unix 3 [ ] STREAM CONNECTED 501730
unix 2 [ ] STREAM CONNECTED 501711
unix 2 [ ] STREAM CONNECTED 434960
unix 2 [ ] DGRAM 274055
unix 3 [ ] STREAM CONNECTED 15571 @/tmp/fam-root-
unix 3 [ ] STREAM CONNECTED 15570
unix 2 [ ] DGRAM 13825
unix 2 [ ] DGRAM 12101
unix 2 [ ] STREAM CONNECTED 7296
unix 2 [ ] DGRAM 7218
unix 2 [ ] DGRAM 6371
unix 2 [ ] DGRAM 5802
unix 2 [ ] DGRAM 5769
unix 2 [ ] DGRAM 5746
unix 2 [ ] DGRAM 5725
unix 2 [ ] DGRAM 5703
unix 2 [ ] DGRAM 5631
unix 2 [ ] DGRAM 5586
unix 2 [ ] DGRAM 5208
unix 3 [ ] STREAM CONNECTED 5131
unix 3 [ ] STREAM CONNECTED 5130

Unread post by **scott** » Thu Dec 03, 2009 5:32 pm

netstat -pan |grep :80.*LISTEN

JnascECSI · Unread post by **JnascECSI** » Thu Dec 03, 2009 5:39 pm

Ran it twice just tyo make sure..

[xxxxxx@xxxxxxxx ~]# netstat -pan |grep :80.*LISTEN
tcp 0 0 :::80 :::* LISTEN 8809/httpd
[xxxxx@xxxxxxxxx ~]# netstat -pan |grep :80.*LISTEN
tcp 0 0 :::80 :::* LISTEN 8809/httpd

Unread post by **scott** » Thu Dec 03, 2009 6:27 pm

So thats the process ID (8809) and the process name "httpd" thats listening on 80

JnascECSI · Unread post by **JnascECSI** » Mon Dec 07, 2009 11:56 am

Scott,
After dong a full audit only thing i found was that awstats was listening on this PID with httpd for the domains on the box.

Another thing i found is that rkhunter is showing these in the rkhunter.log, i ran it probably 30 times over the weekend and it's always the same info.

What do you think?

Performing filesystem checks
[09:00:08] Info: Starting test name 'filesystem'
[09:00:08] Info: SCAN_MODE_DEV set to 'THOROUGH'
[09:00:08] Checking /dev for suspicious file types [ None found ]
[09:00:09] Info: Found hidden directory '/dev/.udev': it is whitelisted.
[09:00:09] Info: Found hidden file '/usr/share/man/man1/..1.gz': it is whitelisted.
[09:00:09] Checking for hidden files and directories [ Warning ]
[09:00:09] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
[09:00:09] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
[09:00:09] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
[09:00:12]
[09:00:12] Checking application versions...
[09:00:12] Info: Starting test name 'apps'
[09:00:13] Info: Application 'exim' not found.
[09:00:13] Checking version of GnuPG [ OK ]
[09:00:13] Info: Application 'gpg' version '1.4.5' found.
[09:00:13] Checking version of Apache [ Warning ]
[09:00:13] Warning: Application 'httpd', version '2.2.3', is out of date, and possibly a security risk.
[09:00:13] Checking version of Bind DNS [ Warning ]
[09:00:13] Warning: Application 'named', version '9.3.6', is out of date, and possibly a security risk.
[09:00:13] Checking version of OpenSSL [ OK ]
[09:00:13] Info: Application 'openssl' version '0.9.8e-fips-rhel5' found.
[09:00:13] Checking version of PHP [ OK ]
[09:00:13] Info: Application 'php' version '5.2.11' found.
[09:00:13] Checking version of Procmail MTA [ OK ]
[09:00:13] Info: Application 'procmail' version '3.22' found.
[09:00:14] Checking version of ProFTPd [ Skipped ]
[09:00:14] Info: Unable to obtain version number for 'proftpd': version option gives: ProFTPD Version 1.3.2a
[09:00:14] Checking version of OpenSSH [ Warning ]
[09:00:14] Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.
[09:00:14] Info: Applications checked: 8 out of 9

Unread post by **scott** » Tue Dec 08, 2009 10:01 am

Ive never seen awstats listen on a port before. It shouldnt even be spawned as apache unless someone was doing something weird like invoking it manually via php or something.

Those rkhunter results are what I would expect to see on a normal box.

Atomicorp

Apache not repsonding

Apache not repsonding

Re: Apache not repsonding

Re: Apache not repsonding

Re: Apache not repsonding

Re: Apache not repsonding

Re: Apache not repsonding

Re: Apache not repsonding

Re: Apache not repsonding

Re: Apache not repsonding

Re: Apache not repsonding