Locking Down a Linux box part II
Continuing with my look at different tools to monitor a Linux box, the next command I want to look at is the netstat command. Before I look at the netstat cpmmand I want to look at the file which determines which services get started at boot time. This file is the /etc/initd.conf, this file manages all the incoming connections into the Linux box. When a connection is made, inetd starts a copy of the appropriate daemon for that port. These are the services which are running in the background and which can potentially be security risks on a system. Running the command cat /etc/initd.conf and looking for uncommented lines will show you which services are running.
netstat command
Prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Essentially it will show you all the sockets that are in the LISTEN state and the programs that are listening on each port. Netstat prints information about the Linux networking subsystem.
OPTIONS
(none)
By default, netstat displays a list of open sockets. If you don't specify any address families, then the active sockets of all configured address families will be printed.
--route , -r
Display the kernel routing tables.
--interface=iface , -i
Display a table of all network interfaces, or the specified iface).
--verbose , -v
Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
-p, --program
Show the PID and name of the program to which each socket belongs.
-l, --listening
Show only listening sockets. (These are omitted by default.)
-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not marked
netstat command
Prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Essentially it will show you all the sockets that are in the LISTEN state and the programs that are listening on each port. Netstat prints information about the Linux networking subsystem.
OPTIONS
(none)
By default, netstat displays a list of open sockets. If you don't specify any address families, then the active sockets of all configured address families will be printed.
--route , -r
Display the kernel routing tables.
--interface=iface , -i
Display a table of all network interfaces, or the specified iface).
--verbose , -v
Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
-p, --program
Show the PID and name of the program to which each socket belongs.
-l, --listening
Show only listening sockets. (These are omitted by default.)
-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not marked
<< Home