Package: iproute2
Version: 3.16.0-2
Severity: normal
0-0-17:20:59, Thu Aug 27 tconnors@pi:~ (bash)
7185,30> sudo ss -anu
State Recv-Q Send-Q Local Address:Port
Peer Address:Port
0-0-17:21:54, Thu Aug 27 tconnors@pi:~ (bash)
Not sure whether it's a kernel 3.18 thing or not, because rkhunter
didn't use to false-detect that it thought a whole bunch of UDP ports
were being used. An another box running kernel 3.17, I do get
expected output:
445024,1> sudo ss -anu
State Recv-Q Send-Q Local Address:Port
Peer Address:Port
UNCONN 0 0 *:36557
*:*
...
Issue not fixed with iproute2 from testing.
Eg, from rkhunter:
Port number: UDP:123 is being used by /usr/sbin/ntpd
6853,29> ps 714
PID TTY STAT TIME COMMAND
714 ? Ss 2:32 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 102:104
6854,30> cat /proc/714/net/udp
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt
uid timeout inode ref pointer drops
31: 00000000:82C3 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 9385 2 db301400 0
57: 00000000:03DD 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 7244 2 db301180 0
69: 00000000:14E9 00000000:0000 07 00000000:00000000 00:00000000 00000000
110 0 8592 2 db300c80 0
93: 00000000:0801 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 9363 2 db300280 0
108: 00000000:A510 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 9660 2 d87fe280 0
128: 00000000:8324 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 9693 2 d87fe500 0
179: 00000000:0357 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 3555 2 db300000 0
192: 00000000:B664 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 8067 2 db300a00 0
203: 00000000:006F 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 7241 2 db300f00 0
210: 00000000:9F76 00000000:0000 07 00000000:00000000 00:00000000 00000000
110 0 8594 2 db300780 0
215: 1C01A8C0:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 9450 2 d87fe000 0
215: 0100007F:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 9449 2 db301b80 0
215: 00000000:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 9438 2 db301680 0
245: 00000000:E899 00000000:0000 07 00000000:00000000 00:00000000 00000000
0 0 9729 2 d87fe780 0
6855,31> sudo lsof -p 714
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ntpd 714 ntp cwd DIR 0,13 4096 2 /
(192.168.1.17:/piroot)
ntpd 714 ntp rtd DIR 0,13 4096 2 /
(192.168.1.17:/piroot)
ntpd 714 ntp txt REG 0,13 453328 2054 /usr/sbin/ntpd
(192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 38612 171210
/lib/arm-linux-gnueabihf/libnss_nis-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 71628 149467
/lib/arm-linux-gnueabihf/libnsl-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 30592 166482
/lib/arm-linux-gnueabihf/libnss_compat-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 75644 171217
/lib/arm-linux-gnueabihf/libresolv-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 18048 171207
/lib/arm-linux-gnueabihf/libnss_dns-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 9600 133334
/lib/arm-linux-gnueabihf/libnss_mdns4_minimal.so.2 (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 42724 171208
/lib/arm-linux-gnueabihf/libnss_files-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 17868 147644
/lib/arm-linux-gnueabihf/libattr.so.1.1.0 (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 9820 145906
/lib/arm-linux-gnueabihf/libdl-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 1226392 145303
/lib/arm-linux-gnueabihf/libc-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 13928 147647
/lib/arm-linux-gnueabihf/libcap.so.2.24 (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 1414384 22941
/usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 435804 145907
/lib/arm-linux-gnueabihf/libm-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 114620 13467
/usr/lib/arm-linux-gnueabihf/libopts.so.25.16.0 (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 134448 145300
/lib/arm-linux-gnueabihf/ld-2.19.so (192.168.1.17:/piroot)
ntpd 714 ntp mem REG 0,13 10170 11266
/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so (192.168.1.17:/piroot)
ntpd 714 ntp 0u CHR 1,3 0t0 3262 /dev/null
ntpd 714 ntp 1u CHR 1,3 0t0 3262 /dev/null
ntpd 714 ntp 2u CHR 1,3 0t0 3262 /dev/null
ntpd 714 ntp 3u unix 0xda473100 0t0 9418 socket
ntpd 714 ntp 16u IPv4 9438 0t0 UDP *:ntp
ntpd 714 ntp 17u IPv6 9439 0t0 UDP *:ntp
ntpd 714 ntp 18u IPv4 9449 0t0 UDP localhost:ntp
ntpd 714 ntp 19u IPv4 9450 0t0 UDP
pi.rather.puzzling.org:ntp
ntpd 714 ntp 20u IPv6 9451 0t0 UDP localhost:ntp
ntpd 714 ntp 21u IPv6 9452 0t0 UDP
[fe80::ba27:ebff:fe52:827c]:ntp
ntpd 714 ntp 22u netlink 0t0 9453 ROUTE
6859,35> sudo netstat -lnpu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
udp 0 0 0.0.0.0:33475 0.0.0.0:*
-
udp 0 0 0.0.0.0:989 0.0.0.0:*
390/rpcbind
udp 0 0 0.0.0.0:5353 0.0.0.0:*
400/avahi-daemon: r
udp 0 0 0.0.0.0:2049 0.0.0.0:*
-
udp 0 0 0.0.0.0:42256 0.0.0.0:*
751/rpc.mountd
udp 0 0 0.0.0.0:33572 0.0.0.0:*
751/rpc.mountd
udp 0 0 0.0.0.0:855 0.0.0.0:*
-
udp 0 0 0.0.0.0:46692 0.0.0.0:*
397/rsyslogd
udp 0 0 0.0.0.0:111 0.0.0.0:*
390/rpcbind
udp 0 0 0.0.0.0:40822 0.0.0.0:*
400/avahi-daemon: r
udp 0 0 192.168.1.28:123 0.0.0.0:*
714/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:*
714/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:*
714/ntpd
udp 0 0 0.0.0.0:59545 0.0.0.0:*
751/rpc.mountd
udp6 0 0 :::34497 :::*
751/rpc.mountd
udp6 0 0 :::53467 :::*
751/rpc.mountd
udp6 0 0 :::989 :::*
390/rpcbind
udp6 0 0 :::5353 :::*
400/avahi-daemon: r
udp6 0 0 :::2049 :::*
-
udp6 0 0 :::59141 :::*
751/rpc.mountd
udp6 0 0 :::48954 :::*
-
udp6 0 0 :::111 :::*
390/rpcbind
udp6 0 0 :::36985 :::*
400/avahi-daemon: r
udp6 0 0 fe80::ba27:ebff:fe5:123 :::*
714/ntpd
udp6 0 0 ::1:123 :::*
714/ntpd
udp6 0 0 :::123 :::*
714/ntpd
-- System Information:
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 8.0 (jessie)
Release: 8.0
Codename: jessie
Architecture: armv6l
Kernel: Linux 3.18.7+ (PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages iproute2 depends on:
ii libc6 2.19-18
ii libdb5.3 5.3.28-9
ii libselinux1 2.3-2
Versions of packages iproute2 recommends:
ii libatm1 1:2.5.1-1.5
ii libxtables10 1.4.21-2
Versions of packages iproute2 suggests:
pn iproute2-doc <none>
-- Configuration Files:
/etc/iproute2/nl_protos c0fc5315e2dd3c6b50f19da3678bce80 [Errno 2] No such file
or directory: u'/etc/iproute2/nl_protos c0fc5315e2dd3c6b50f19da3678bce80'
-- no debconf information
