You should be mostly concerned with what is in your startup scripts and init.d directory. Do a "netstat -antu" and start with those. Look for anything "LISTEN"ing on a non-loopback interface. Do you know what they all are and why they are running? If not, then figure out what they are and eliminate them.
99.9999967% of systems should only be listening on 22, 80 and 443. FTP is also good for file distribution situations that require no security...but in these instances I still recommend bit torrent and seeding. Its more "net-friendly".
.
On Mon, 17 Mar 2008 09:17, Matt Graham wrote (in part)
> After a long battle with technology, Josef Lowder wrote:As far as I know, I am not running any of those things.
> > This is all very interesting ... and confusing for my simple mind.
> > It sounds like most of the replies to my question pertain to
> > boxes that are used as "servers" and not just "regular users."
> > Or are we all "servers"?
>
> If you're running sshd/apache/smbd/postfix/sendmail/exim/telnetd/
> anything like that, then you are a server.
I don't have either of those ... and again it sounds like those
> > How can I determine if one of my computers has had something
> > like this done?
>
> "chkrootkit" is a starting point. tripwire is another
have something to do with checking things on a server box.
My system seems to have slowed down quite a bit (even when I don't
have any programs running) and I can't figure out why.
When I run 'top' I can only see the top 50 or so entries on my monitor
and I don't know how to see what else might be there farther down the
list.
And when I do 'ps -ef' (see the list below) how can I tell which,
if any, of those processes could be or should be eliminated ...
and how to do that?
-------------------------------------
root 1 0 0 Mar07 ? 00:00:03 init [5]
root 2 1 0 Mar07 ? 00:00:00 [ksoftirqd/0]
root 3 1 0 Mar07 ? 00:00:03 [events/0]
root 4 1 0 Mar07 ? 00:00:00 [khelper]
root 5 1 0 Mar07 ? 00:00:00 [kthread]
root 7 5 0 Mar07 ? 00:00:00 [kacpid]
root 81 5 0 Mar07 ? 00:00:00 [kblockd/0]
root 113 5 0 Mar07 ? 00:00:00 [pdflush]
root 114 5 0 Mar07 ? 00:00:01 [pdflush]
root 116 5 0 Mar07 ? 00:00:00 [aio/0]
root 115 1 0 Mar07 ? 00:00:09 [kswapd0]
root 704 1 0 Mar07 ? 00:00:00 [kseriod]
root 796 1 0 Mar07 ? 00:00:02 [kjournald]
root 938 1 0 Mar07 ? 00:00:00 udevd -d
root 1192 1 0 Mar07 ? 00:00:00 [khubd]
root 1577 1 0 Mar07 ? 00:00:12 [kjournald]
root 1583 1 0 Mar07 ? 00:00:00 [kjournald]
root 2359 1 0 Mar07 ? 00:00:40 /sbin/ifplugd -b -i eth0
rpc 2442 1 0 Mar07 ? 00:00:00 portmap
root 2466 1 0 Mar07 ? 00:00:00 syslogd -m 0
root 2483 1 0 Mar07 ? 00:00:00 klogd -2
root 2515 1 0 Mar07 ? 00:00:00 /usr/sbin/acpid
root 2551 1 0 Mar07 ? 00:00:00 rpc.statd
root 2635 1 0 Mar07 ? 00:00:03 cupsd
root 2780 1 0 Mar07 ? 00:00:00 [kgameportd]
root 2814 1 0 Mar07 ? 00:00:00 dhclient -1 -q -lf
/var/lib/dhcp/dhclient-eth0.leases -pf /var/run/dhc
xfs 3003 1 0 Mar07 ? 00:00:00 xfs -port -1 -daemon -droppriv
-user xfs
71 3018 1 0 Mar07 ? 00:00:00 dbus-daemon-1 --system
root 3033 1 0 Mar07 ? 00:05:21 hald
root 3180 1 0 Mar07 ? 00:00:00 /usr/bin/kdm -nodaemon
root 3189 3180 69 Mar07 tty7 7-01:53:38 /etc/X11/X -deferglyphs 16
:0 -auth /var/run/xauth/A:0-K9voZd
root 3190 1 0 Mar07 ? 00:01:00 nifd -n
nobody 3252 1 0 Mar07 ? 00:00:00 mDNSResponder
daemon 3268 1 0 Mar07 ? 00:00:00 /usr/sbin/atd
root 3322 1 0 Mar07 ? 00:00:00 xinetd -stayalive -reuse
-pidfile /var/run/xinetd.pid
root 3699 1 0 Mar07 ? 00:00:00 /opt/win4lin/bin/vnetd
clamav 3775 1 0 Mar07 ? 00:00:08 /usr/bin/freshclam
--config-file=/etc/freshclam.conf --quiet --daemon
root 3791 1 0 Mar07 ? 00:00:00 crond
root 3861 1 0 Mar07 ? 00:00:00 /usr/bin/lisa -c /etc/lisarc
root 3900 1 0 Mar07 tty1 00:00:00 /sbin/mingetty tty1
root 3901 1 0 Mar07 tty2 00:00:00 /sbin/mingetty tty2
root 3902 1 0 Mar07 tty3 00:00:00 /sbin/mingetty tty3
root 3903 1 0 Mar07 ? 00:00:00 login -- root
root 3904 1 0 Mar07 tty5 00:00:00 /sbin/mingetty tty5
root 3905 1 0 Mar07 tty6 00:00:00 /sbin/mingetty tty6
joe 4071 1 0 Mar07 ? 00:01:37 /usr/lib/gam_server
root 7763 3903 0 Mar10 tty4 00:00:00 -bash
joe 21126 1 0 Mar15 ? 00:00:00 /usr/lib/gconfd-2 13
root 17244 3180 0 12:24 ? 00:00:00 -:0
joe 17264 17244 0 12:24 ? 00:00:00 /bin/sh /usr/bin/startkde
joe 17325 17264 0 12:24 ? 00:00:00 /usr/bin/perl /usr/bin/mdkapplet
joe 17336 17264 0 12:24 ? 00:00:00 /usr/bin/perl /usr/bin/net_applet
joe 17349 1 0 12:24 ? 00:00:00 s2u --daemon=yes
joe 17370 17264 0 12:24 ? 00:00:00 /bin/sh /usr/bin/startkde
joe 17371 17370 0 12:24 ? 00:00:00 gnome-volume-manager
joe 17390 1 0 12:24 ? 00:00:00 kdeinit Running...
joe 17393 1 0 12:24 ? 00:00:00 dcopserver [kdeinit] --nosid
joe 17395 17390 0 12:24 ? 00:00:00 klauncher [kdeinit]
joe 17398 1 0 12:24 ? 00:00:00 kded [kdeinit]
joe 17410 17390 0 12:24 ? 00:00:00 /usr/bin/artsd -F 10 -S 4096
-s 60 -m artsmessage -c drkonqi -l 3 -f
joe 17412 1 0 12:24 ? 00:00:00 kaccess [kdeinit]
joe 17413 17264 0 12:24 ? 00:00:00 kwrapper ksmserver
joe 17415 1 0 12:24 ? 00:00:00 ksmserver [kdeinit]
joe 17417 17390 0 12:24 ? 00:00:00 kwin [kdeinit] -session
1014cd7d2d4000120328531400000141940000_1205781
joe 17419 1 0 12:24 ? 00:00:00 kdesktop [kdeinit]
joe 17422 1 0 12:24 ? 00:00:02 kicker [kdeinit]
joe 17424 17390 0 12:24 ? 00:00:00 xsettings-kde
joe 17426 1 0 12:24 ? 00:00:00 korgac --miniicon korganizer
joe 17427 1 0 12:24 ? 00:00:00 krandrtray -session
1014cd7d2d4000115565379600000042880006_1205781767_
joe 17429 1 0 12:24 ? 00:00:00 knotify [kdeinit]
joe 17554 17390 0 12:29 ? 00:00:00 kio_file [kdeinit] file
/home/joe/tmp/ksocket-joe/klauncherFALPab.slav
joe 17556 1 0 12:29 ? 00:00:00 kio_uiserver [kdeinit]
joe 17864 17390 1 12:33 ? 00:00:00 konsole [kdeinit]
joe 17865 17864 0 12:34 pts/1 00:00:00 /bin/bash
joe 17910 17865 0 12:34 pts/1 00:00:00 ps -ef
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss