error "too many open files"
477 views
Skip to first unread message
Erwin Commandeur
May 25, 2012, 6:26:00 AM5/25/12
to security-onion
Hi all,
I am starting this discussion to see if i am on the right track:
My onion is (hopely was) experiencing errors with the amount of "open
files"
When this happens the server (virtual on xen) is not excepting sguil
connections.
Restarting the box is not helping, squil just can not cope.
Errors are logged in squil.log
(ERROR: couldn't open "/var/log/sguild/agent.log": too many open
files)
(ERROR: unable to set certificate file /etc/nsm/securityonion/certs/
sguild.pem: Too many open files)
In the FAQ of onion mysql can be tweaked to accept more open files.
This was not helping my case.
Googling away i found some info about ulimit.
> ulimit -a
gave 1024 max open files
> ulimit -n 4096
> service nsm restart
was a solution for my problem. But not a permanent one. ulimit -n 4096
gives the box the extra open files just for that session.
Permanent solution (am i on the right track?)
add to /etc/security/limits.conf
root soft nofile 4096
root hard nofile 4096
* soft nofile 4096
* hard nofile 4096
and add to /etc/pam.d/common-session
session required pam_limits.so
Regards Erwin
btw thanks all who contribute to this "rocking" software
I am starting this discussion to see if i am on the right track:
My onion is (hopely was) experiencing errors with the amount of "open
files"
When this happens the server (virtual on xen) is not excepting sguil
connections.
Restarting the box is not helping, squil just can not cope.
Errors are logged in squil.log
(ERROR: couldn't open "/var/log/sguild/agent.log": too many open
files)
(ERROR: unable to set certificate file /etc/nsm/securityonion/certs/
sguild.pem: Too many open files)
In the FAQ of onion mysql can be tweaked to accept more open files.
This was not helping my case.
Googling away i found some info about ulimit.
> ulimit -a
gave 1024 max open files
> ulimit -n 4096
> service nsm restart
was a solution for my problem. But not a permanent one. ulimit -n 4096
gives the box the extra open files just for that session.
Permanent solution (am i on the right track?)
add to /etc/security/limits.conf
root soft nofile 4096
root hard nofile 4096
* soft nofile 4096
* hard nofile 4096
and add to /etc/pam.d/common-session
session required pam_limits.so
Regards Erwin
btw thanks all who contribute to this "rocking" software
Stephane Chazelas
May 25, 2012, 8:04:07 AM5/25/12
to securit...@googlegroups.com
2012-05-25 03:26:00 -0700, Erwin Commandeur:
[...]
Have you tried finding out why you had so many open files. Maybe
there's something wrong going on there.
Try running
sudo lsof -nP | pager
and see what all those open files are.
--
Stephane
[...]
> > ulimit -a
>
> gave 1024 max open files
>
> > ulimit -n 4096
> > service nsm restart
>
> was a solution for my problem. But not a permanent one. ulimit -n 4096
> gives the box the extra open files just for that session.
[...]
>
> gave 1024 max open files
>
> > ulimit -n 4096
> > service nsm restart
>
> was a solution for my problem. But not a permanent one. ulimit -n 4096
> gives the box the extra open files just for that session.
Have you tried finding out why you had so many open files. Maybe
there's something wrong going on there.
Try running
sudo lsof -nP | pager
and see what all those open files are.
--
Stephane
Erwin Commandeur
May 29, 2012, 8:43:39 AM5/29/12
to security-onion
Thanks Stephane for your reply,
Finaly got round to look further:
Output of
lsof -nP
gives a lot of:
tclsh 1387 root 995u IPv4 538274 0t0
TCP 127.0.0.1:58503->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 996u IPv4 538279 0t0
TCP 127.0.0.1:58504->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 997u IPv4 538284 0t0
TCP 127.0.0.1:58505->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 998u IPv4 538288 0t0
TCP 127.0.0.1:58506->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 999u IPv4 538293 0t0
TCP 127.0.0.1:58507->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 1000u IPv4 538298 0t0
TCP 127.0.0.1:58508->127.0.0.1:7736 (CLOSE_WAIT)
7736 is de sguil port, but why there are so many close waits, i dont
know.
Greatings Erwin
On May 25, 2:04 pm, Stephane Chazelas <stephane.chaze...@gmail.com>
wrote:
Finaly got round to look further:
Output of
lsof -nP
gives a lot of:
tclsh 1387 root 995u IPv4 538274 0t0
TCP 127.0.0.1:58503->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 996u IPv4 538279 0t0
TCP 127.0.0.1:58504->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 997u IPv4 538284 0t0
TCP 127.0.0.1:58505->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 998u IPv4 538288 0t0
TCP 127.0.0.1:58506->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 999u IPv4 538293 0t0
TCP 127.0.0.1:58507->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1387 root 1000u IPv4 538298 0t0
TCP 127.0.0.1:58508->127.0.0.1:7736 (CLOSE_WAIT)
7736 is de sguil port, but why there are so many close waits, i dont
know.
Greatings Erwin
On May 25, 2:04 pm, Stephane Chazelas <stephane.chaze...@gmail.com>
wrote:
Stephane Chazelas
May 29, 2012, 9:38:08 AM5/29/12
to securit...@googlegroups.com
2012-05-29 05:43:39 -0700, Erwin Commandeur:
That would be the connections between some agent(s) and sguild
Here you see the agent part of it. Which agent is it?
ps -fp 1387
would tell you. You can have a look at its log (somewhere in
/var/log/nsm), see also lsof -ap 1387 -d2
to see what's going on.
The sguild logs may have some information on which the
connections drop as well.
--
Stephane
> Thanks Stephane for your reply,
> Finaly got round to look further:
>
> Output of
> lsof -nP
> gives a lot of:
> tclsh 1387 root 995u IPv4 538274 0t0
> TCP 127.0.0.1:58503->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 996u IPv4 538279 0t0
> TCP 127.0.0.1:58504->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 997u IPv4 538284 0t0
> TCP 127.0.0.1:58505->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 998u IPv4 538288 0t0
> TCP 127.0.0.1:58506->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 999u IPv4 538293 0t0
> TCP 127.0.0.1:58507->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 1000u IPv4 538298 0t0
> TCP 127.0.0.1:58508->127.0.0.1:7736 (CLOSE_WAIT)
>
> 7736 is de sguil port, but why there are so many close waits, i dont
> know.
[...]
> Finaly got round to look further:
>
> Output of
> lsof -nP
> gives a lot of:
> tclsh 1387 root 995u IPv4 538274 0t0
> TCP 127.0.0.1:58503->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 996u IPv4 538279 0t0
> TCP 127.0.0.1:58504->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 997u IPv4 538284 0t0
> TCP 127.0.0.1:58505->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 998u IPv4 538288 0t0
> TCP 127.0.0.1:58506->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 999u IPv4 538293 0t0
> TCP 127.0.0.1:58507->127.0.0.1:7736 (CLOSE_WAIT)
> tclsh 1387 root 1000u IPv4 538298 0t0
> TCP 127.0.0.1:58508->127.0.0.1:7736 (CLOSE_WAIT)
>
> 7736 is de sguil port, but why there are so many close waits, i dont
> know.
That would be the connections between some agent(s) and sguild
Here you see the agent part of it. Which agent is it?
ps -fp 1387
would tell you. You can have a look at its log (somewhere in
/var/log/nsm), see also lsof -ap 1387 -d2
to see what's going on.
The sguild logs may have some information on which the
connections drop as well.
--
Stephane
Erwin Commandeur
May 31, 2012, 10:41:03 AM5/31/12
to security-onion
ps -fp 1387 points out that ossec is the proces
The logging reveals that there are allerts regarding an interface
(eth0) entering into promiscuous mode.
Eth0 is the management interface of the sensor.
Ossec is reacting on a log in /var/log/messages which is reaccuring
every 5 min or so.
I don't understand why the interface is entering this mode. Is there a
proces that tries to "sniff" on a interface which is not a sensor
interface?
greating Erwin
On May 29, 3:38 pm, Stephane Chazelas <stephane.chaze...@gmail.com>
wrote:
The logging reveals that there are allerts regarding an interface
(eth0) entering into promiscuous mode.
Eth0 is the management interface of the sensor.
Ossec is reacting on a log in /var/log/messages which is reaccuring
every 5 min or so.
I don't understand why the interface is entering this mode. Is there a
proces that tries to "sniff" on a interface which is not a sensor
interface?
greating Erwin
On May 29, 3:38 pm, Stephane Chazelas <stephane.chaze...@gmail.com>
wrote:
Doug Burks
May 31, 2012, 1:06:26 PM5/31/12
to securit...@googlegroups.com
Hi Erwin,
Please send the output of the following:
sudo sostat
(redacting sensitive info as necessary)
Thanks,
Doug
--
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012
Please send the output of the following:
sudo sostat
(redacting sensitive info as necessary)
Thanks,
Doug
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012
Erwin Commandeur
Jun 11, 2012, 2:37:17 PM6/11/12
to security-onion
Hi Doug,
Sorry for the delay.
Regards Erwin
=========================================================================
Service Status
=========================================================================
Status: securityonion
* sguil server[ OK ]
Status: HIDS
* ossec_agent (sguil)[ OK ]
=========================================================================
Interface Status
=========================================================================
eth0 Link encap:Ethernet HWaddr 9a:ce:e1:27:e4:0e
inet addr:10.50.1.245 Bcast:10.50.255.255 Mask:255.255.0.0
inet6 addr: fe80::98ce:e1ff:fe27:e40e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:112162 errors:0 dropped:0 overruns:0 frame:0
TX packets:35191 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:48461695 (48.4 MB) TX bytes:10589281 (10.5 MB)
Interrupt:32 Base address:0x4000
eth1 Link encap:Ethernet HWaddr 4a:44:83:e4:de:3d
inet6 addr: fe80::4844:83ff:fee4:de3d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:76838 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5669078 (5.6 MB) TX bytes:328 (328.0 B)
Interrupt:36 Base address:0xe100
eth2 Link encap:Ethernet HWaddr da:0c:25:58:13:4c
inet6 addr: fe80::d80c:25ff:fe58:134c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:238 (238.0 B)
Interrupt:40 Base address:0x4200
eth3 Link encap:Ethernet HWaddr 42:8a:02:1a:3d:d6
inet6 addr: fe80::408a:2ff:fe1a:3dd6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:238 (238.0 B)
Interrupt:44 Base address:0xc300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9404 errors:0 dropped:0 overruns:0 frame:0
TX packets:9404 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1641820 (1.6 MB) TX bytes:1641820 (1.6 MB)
=========================================================================
Disk Usage
=========================================================================
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 38G 9.6G 27G 27% /
none 1.9G 192K 1.9G 1% /dev
none 1.9G 124K 1.9G 1% /dev/shm
none 1.9G 108K 1.9G 1% /var/run
none 1.9G 0 1.9G 0% /var/lock
none 1.9G 0 1.9G 0% /lib/init/rw
=========================================================================
Network Sockets
=========================================================================
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 672 root 3r IPv4 3989 0t0 TCP *:22
(LISTEN)
sshd 672 root 4u IPv6 3991 0t0 TCP *:22
(LISTEN)
avahi-dae 729 avahi 13u IPv4 4111 0t0 UDP *:5353
avahi-dae 729 avahi 14u IPv4 4112 0t0 UDP *:58339
mysqld 1041 mysql 10u IPv4 4703 0t0 TCP
127.0.0.1:3306 (LISTEN)
mysqld 1041 mysql 45u IPv4 173602 0t0 TCP
127.0.0.1:3306->127.0.0.1:47932 (ESTABLISHED)
mysqld 1041 mysql 63u IPv4 174009 0t0 TCP
127.0.0.1:3306->127.0.0.1:48032 (ESTABLISHED)
ntpd 1191 ntp 16u IPv4 4813 0t0 UDP *:123
ntpd 1191 ntp 17u IPv6 4814 0t0 UDP *:123
ntpd 1191 ntp 18u IPv4 4818 0t0 UDP
127.0.0.1:123
ntpd 1191 ntp 19u IPv4 4819 0t0 UDP
10.50.1.245:123
ntpd 1191 ntp 20u IPv6 4820 0t0 UDP
[fe80::4844:83ff:fee4:de3d]:123
ntpd 1191 ntp 21u IPv6 4821 0t0 UDP [::1]:123
ntpd 1191 ntp 22u IPv6 4822 0t0 UDP [fe80::d80c:
25ff:fe58:134c]:123
ntpd 1191 ntp 23u IPv6 4823 0t0 UDP [fe80::408a:
2ff:fe1a:3dd6]:123
ntpd 1191 ntp 24u IPv6 4824 0t0 UDP
[fe80::98ce:e1ff:fe27:e40e]:123
cupsd 1339 root 6u IPv6 5503 0t0 TCP [::1]:631
(LISTEN)
cupsd 1339 root 7u IPv4 5504 0t0 TCP
127.0.0.1:631 (LISTEN)
tclsh 1414 root 3u IPv4 7606 0t0 TCP
127.0.0.1:53665->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1414 root 5u IPv4 173607 0t0 TCP
127.0.0.1:53990->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 7u IPv4 8068 0t0 TCP
127.0.0.1:53667->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1414 root 9u IPv4 173613 0t0 TCP
127.0.0.1:53992->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 10u IPv4 173617 0t0 TCP
127.0.0.1:53993->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 11u IPv4 173621 0t0 TCP
127.0.0.1:53994->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 13u IPv4 173625 0t0 TCP
127.0.0.1:53995->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 14u IPv4 173629 0t0 TCP
127.0.0.1:53996->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 15u IPv4 173633 0t0 TCP
127.0.0.1:53997->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 16u IPv4 173638 0t0 TCP
127.0.0.1:53998->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 17u IPv4 173642 0t0 TCP
127.0.0.1:53999->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 18u IPv4 173646 0t0 TCP
127.0.0.1:54000->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 19u IPv4 173653 0t0 TCP
127.0.0.1:54001->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 20u IPv4 173657 0t0 TCP
127.0.0.1:54002->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 21u IPv4 173661 0t0 TCP
127.0.0.1:54003->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 22u IPv4 173665 0t0 TCP
127.0.0.1:54004->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 23u IPv4 173669 0t0 TCP
127.0.0.1:54005->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 24u IPv4 173675 0t0 TCP
127.0.0.1:54006->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 25u IPv4 173679 0t0 TCP
127.0.0.1:54007->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 26u IPv4 173683 0t0 TCP
127.0.0.1:54008->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 27u IPv4 173687 0t0 TCP
127.0.0.1:54009->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 28u IPv4 173691 0t0 TCP
127.0.0.1:54010->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 29u IPv4 173695 0t0 TCP
127.0.0.1:54011->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 30u IPv4 173699 0t0 TCP
127.0.0.1:54012->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 31u IPv4 173703 0t0 TCP
127.0.0.1:54013->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 32u IPv4 173707 0t0 TCP
127.0.0.1:54014->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 33u IPv4 173711 0t0 TCP
127.0.0.1:54015->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 34u IPv4 173715 0t0 TCP
127.0.0.1:54016->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 35u IPv4 173719 0t0 TCP
127.0.0.1:54017->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 36u IPv4 173723 0t0 TCP
127.0.0.1:54018->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 37u IPv4 173727 0t0 TCP
127.0.0.1:54019->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 38u IPv4 173731 0t0 TCP
127.0.0.1:54020->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 39u IPv4 173735 0t0 TCP
127.0.0.1:54021->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 40u IPv4 173739 0t0 TCP
127.0.0.1:54022->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 41u IPv4 173743 0t0 TCP
127.0.0.1:54023->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 42u IPv4 173747 0t0 TCP
127.0.0.1:54024->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 43u IPv4 173751 0t0 TCP
127.0.0.1:54025->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 44u IPv4 173755 0t0 TCP
127.0.0.1:54026->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 45u IPv4 173759 0t0 TCP
127.0.0.1:54027->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 46u IPv4 173763 0t0 TCP
127.0.0.1:54028->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 47u IPv4 173767 0t0 TCP
127.0.0.1:54029->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 48u IPv4 173771 0t0 TCP
127.0.0.1:54030->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 49u IPv4 173775 0t0 TCP
127.0.0.1:54031->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 50u IPv4 173779 0t0 TCP
127.0.0.1:54032->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 51u IPv4 173783 0t0 TCP
127.0.0.1:54033->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 52u IPv4 173787 0t0 TCP
127.0.0.1:54034->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 53u IPv4 173791 0t0 TCP
127.0.0.1:54035->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 54u IPv4 173795 0t0 TCP
127.0.0.1:54036->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 55u IPv4 173799 0t0 TCP
127.0.0.1:54037->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 56u IPv4 173803 0t0 TCP
127.0.0.1:54038->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 57u IPv4 173807 0t0 TCP
127.0.0.1:54039->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 58u IPv4 173811 0t0 TCP
127.0.0.1:54040->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 59u IPv4 173815 0t0 TCP
127.0.0.1:54041->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 60u IPv4 173819 0t0 TCP
127.0.0.1:54042->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 61u IPv4 173823 0t0 TCP
127.0.0.1:54043->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 62u IPv4 173827 0t0 TCP
127.0.0.1:54044->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 63u IPv4 173831 0t0 TCP
127.0.0.1:54045->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 64u IPv4 173835 0t0 TCP
127.0.0.1:54046->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 65u IPv4 173839 0t0 TCP
127.0.0.1:54047->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 66u IPv4 173843 0t0 TCP
127.0.0.1:54048->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 67u IPv4 173847 0t0 TCP
127.0.0.1:54049->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 68u IPv4 173851 0t0 TCP
127.0.0.1:54050->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 69u IPv4 173855 0t0 TCP
127.0.0.1:54051->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 70u IPv4 173859 0t0 TCP
127.0.0.1:54052->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 71u IPv4 173863 0t0 TCP
127.0.0.1:54053->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 72u IPv4 173867 0t0 TCP
127.0.0.1:54054->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 73u IPv4 173871 0t0 TCP
127.0.0.1:54055->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 74u IPv4 173875 0t0 TCP
127.0.0.1:54056->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 75u IPv4 173879 0t0 TCP
127.0.0.1:54057->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 76u IPv4 173883 0t0 TCP
127.0.0.1:54058->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 77u IPv4 173887 0t0 TCP
127.0.0.1:54059->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 78u IPv4 173891 0t0 TCP
127.0.0.1:54060->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 79u IPv4 173895 0t0 TCP
127.0.0.1:54061->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 80u IPv4 173899 0t0 TCP
127.0.0.1:54062->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 81u IPv4 173903 0t0 TCP
127.0.0.1:54063->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 82u IPv4 173907 0t0 TCP
127.0.0.1:54064->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 83u IPv4 173911 0t0 TCP
127.0.0.1:54065->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 84u IPv4 173915 0t0 TCP
127.0.0.1:54066->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 85u IPv4 173919 0t0 TCP
127.0.0.1:54067->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 86u IPv4 173923 0t0 TCP
127.0.0.1:54068->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 87u IPv4 173927 0t0 TCP
127.0.0.1:54069->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 88u IPv4 173931 0t0 TCP
127.0.0.1:54070->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 89u IPv4 173935 0t0 TCP
127.0.0.1:54071->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 90u IPv4 173939 0t0 TCP
127.0.0.1:54072->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 91u IPv4 173943 0t0 TCP
127.0.0.1:54073->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 92u IPv4 173947 0t0 TCP
127.0.0.1:54074->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 93u IPv4 173951 0t0 TCP
127.0.0.1:54075->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 94u IPv4 173955 0t0 TCP
127.0.0.1:54076->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 95u IPv4 173959 0t0 TCP
127.0.0.1:54077->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 96u IPv4 173963 0t0 TCP
127.0.0.1:54078->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 97u IPv4 173967 0t0 TCP
127.0.0.1:54079->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 98u IPv4 173971 0t0 TCP
127.0.0.1:54080->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 99u IPv4 173975 0t0 TCP
127.0.0.1:54081->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 100u IPv4 173979 0t0 TCP
127.0.0.1:54082->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 101u IPv4 173984 0t0 TCP
127.0.0.1:54083->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 102u IPv4 173988 0t0 TCP
127.0.0.1:54084->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 103u IPv4 173992 0t0 TCP
127.0.0.1:54085->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 104u IPv4 173996 0t0 TCP
127.0.0.1:54086->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 105u IPv4 174000 0t0 TCP
127.0.0.1:54087->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 106u IPv4 174004 0t0 TCP
127.0.0.1:54088->127.0.0.1:7736 (ESTABLISHED)
apache2 1535 root 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1535 root 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1535 root 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1580 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1580 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1580 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1583 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1583 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1583 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1584 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1584 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1584 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1586 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1586 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1586 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1587 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1587 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1587 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 2077 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2077 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2077 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
ruby 2094 nobody 9u IPv4 9833 0t0 TCP
127.0.0.1:50640 (LISTEN)
apache2 2118 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2118 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2118 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 2119 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2119 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2119 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 2120 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2120 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2120 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 2121 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2121 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2121 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
sshd 10294 root 3r IPv4 173001 0t0 TCP
10.50.1.245:22->10.50.1.247:34598 (ESTABLISHED)
sshd 10365 sysnet 3u IPv4 173001 0t0 TCP
10.50.1.245:22->10.50.1.247:34598 (ESTABLISHED)
sshd 10365 sysnet 9u IPv4 173601 0t0 TCP
127.0.0.1:47932->127.0.0.1:3306 (ESTABLISHED)
sshd 10365 sysnet 10u IPv4 174008 0t0 TCP
127.0.0.1:48032->127.0.0.1:3306 (ESTABLISHED)
tclsh 10412 root 13u IPv4 173585 0t0 TCP *:7734
(LISTEN)
tclsh 10412 root 14u IPv4 173586 0t0 TCP *:7736
(LISTEN)
tclsh 10412 root 15u IPv4 173587 0t0 TCP
10.50.1.245:7736->10.50.1.247:34822 (ESTABLISHED)
tclsh 10412 root 16u IPv4 173588 0t0 TCP
10.50.1.245:7736->10.50.1.247:34823 (ESTABLISHED)
tclsh 10412 root 17u IPv4 173589 0t0 TCP
10.50.1.245:7736->10.50.1.247:34824 (ESTABLISHED)
tclsh 10412 root 18u IPv4 173590 0t0 TCP
10.50.1.245:7736->10.50.1.247:34825 (ESTABLISHED)
tclsh 10412 root 19u IPv4 173597 0t0 TCP
10.50.1.245:7736->10.50.1.247:34826 (ESTABLISHED)
tclsh 10412 root 20u IPv4 173598 0t0 TCP
10.50.1.245:7736->10.50.1.247:34827 (ESTABLISHED)
tclsh 10412 root 21u IPv4 173599 0t0 TCP
10.50.1.245:7736->10.50.1.247:34828 (ESTABLISHED)
tclsh 10412 root 22u IPv4 173603 0t0 TCP
10.50.1.245:7736->10.50.1.247:34830 (ESTABLISHED)
tclsh 10412 root 23u IPv4 173608 0t0 TCP
127.0.0.1:7736->127.0.0.1:53990 (ESTABLISHED)
tclsh 10412 root 24u IPv4 173614 0t0 TCP
127.0.0.1:7736->127.0.0.1:53992 (ESTABLISHED)
tclsh 10412 root 25u IPv4 173618 0t0 TCP
127.0.0.1:7736->127.0.0.1:53993 (ESTABLISHED)
tclsh 10412 root 26u IPv4 173622 0t0 TCP
127.0.0.1:7736->127.0.0.1:53994 (ESTABLISHED)
tclsh 10412 root 27u IPv4 173626 0t0 TCP
127.0.0.1:7736->127.0.0.1:53995 (ESTABLISHED)
tclsh 10412 root 28u IPv4 173630 0t0 TCP
127.0.0.1:7736->127.0.0.1:53996 (ESTABLISHED)
tclsh 10412 root 29u IPv4 173634 0t0 TCP
127.0.0.1:7736->127.0.0.1:53997 (ESTABLISHED)
tclsh 10412 root 30u IPv4 173639 0t0 TCP
127.0.0.1:7736->127.0.0.1:53998 (ESTABLISHED)
tclsh 10412 root 31u IPv4 173643 0t0 TCP
127.0.0.1:7736->127.0.0.1:53999 (ESTABLISHED)
tclsh 10412 root 32u IPv4 173647 0t0 TCP
127.0.0.1:7736->127.0.0.1:54000 (ESTABLISHED)
tclsh 10412 root 33u IPv4 173654 0t0 TCP
127.0.0.1:7736->127.0.0.1:54001 (ESTABLISHED)
tclsh 10412 root 34u IPv4 173658 0t0 TCP
127.0.0.1:7736->127.0.0.1:54002 (ESTABLISHED)
tclsh 10412 root 35u IPv4 173662 0t0 TCP
127.0.0.1:7736->127.0.0.1:54003 (ESTABLISHED)
tclsh 10412 root 36u IPv4 173666 0t0 TCP
127.0.0.1:7736->127.0.0.1:54004 (ESTABLISHED)
tclsh 10412 root 37u IPv4 173670 0t0 TCP
127.0.0.1:7736->127.0.0.1:54005 (ESTABLISHED)
tclsh 10412 root 38u IPv4 173676 0t0 TCP
127.0.0.1:7736->127.0.0.1:54006 (ESTABLISHED)
tclsh 10412 root 39u IPv4 173680 0t0 TCP
127.0.0.1:7736->127.0.0.1:54007 (ESTABLISHED)
tclsh 10412 root 40u IPv4 173684 0t0 TCP
127.0.0.1:7736->127.0.0.1:54008 (ESTABLISHED)
tclsh 10412 root 41u IPv4 173688 0t0 TCP
127.0.0.1:7736->127.0.0.1:54009 (ESTABLISHED)
tclsh 10412 root 42u IPv4 173692 0t0 TCP
127.0.0.1:7736->127.0.0.1:54010 (ESTABLISHED)
tclsh 10412 root 43u IPv4 173696 0t0 TCP
127.0.0.1:7736->127.0.0.1:54011 (ESTABLISHED)
tclsh 10412 root 44u IPv4 173700 0t0 TCP
127.0.0.1:7736->127.0.0.1:54012 (ESTABLISHED)
tclsh 10412 root 45u IPv4 173704 0t0 TCP
127.0.0.1:7736->127.0.0.1:54013 (ESTABLISHED)
tclsh 10412 root 46u IPv4 173708 0t0 TCP
127.0.0.1:7736->127.0.0.1:54014 (ESTABLISHED)
tclsh 10412 root 47u IPv4 173712 0t0 TCP
127.0.0.1:7736->127.0.0.1:54015 (ESTABLISHED)
tclsh 10412 root 48u IPv4 173716 0t0 TCP
127.0.0.1:7736->127.0.0.1:54016 (ESTABLISHED)
tclsh 10412 root 49u IPv4 173720 0t0 TCP
127.0.0.1:7736->127.0.0.1:54017 (ESTABLISHED)
tclsh 10412 root 50u IPv4 173724 0t0 TCP
127.0.0.1:7736->127.0.0.1:54018 (ESTABLISHED)
tclsh 10412 root 51u IPv4 173728 0t0 TCP
127.0.0.1:7736->127.0.0.1:54019 (ESTABLISHED)
tclsh 10412 root 52u IPv4 173732 0t0 TCP
127.0.0.1:7736->127.0.0.1:54020 (ESTABLISHED)
tclsh 10412 root 53u IPv4 173736 0t0 TCP
127.0.0.1:7736->127.0.0.1:54021 (ESTABLISHED)
tclsh 10412 root 54u IPv4 173740 0t0 TCP
127.0.0.1:7736->127.0.0.1:54022 (ESTABLISHED)
tclsh 10412 root 55u IPv4 173744 0t0 TCP
127.0.0.1:7736->127.0.0.1:54023 (ESTABLISHED)
tclsh 10412 root 56u IPv4 173748 0t0 TCP
127.0.0.1:7736->127.0.0.1:54024 (ESTABLISHED)
tclsh 10412 root 57u IPv4 173752 0t0 TCP
127.0.0.1:7736->127.0.0.1:54025 (ESTABLISHED)
tclsh 10412 root 58u IPv4 173756 0t0 TCP
127.0.0.1:7736->127.0.0.1:54026 (ESTABLISHED)
tclsh 10412 root 59u IPv4 173760 0t0 TCP
127.0.0.1:7736->127.0.0.1:54027 (ESTABLISHED)
tclsh 10412 root 60u IPv4 173764 0t0 TCP
127.0.0.1:7736->127.0.0.1:54028 (ESTABLISHED)
tclsh 10412 root 61u IPv4 173768 0t0 TCP
127.0.0.1:7736->127.0.0.1:54029 (ESTABLISHED)
tclsh 10412 root 62u IPv4 173772 0t0 TCP
127.0.0.1:7736->127.0.0.1:54030 (ESTABLISHED)
tclsh 10412 root 63u IPv4 173776 0t0 TCP
127.0.0.1:7736->127.0.0.1:54031 (ESTABLISHED)
tclsh 10412 root 64u IPv4 173780 0t0 TCP
127.0.0.1:7736->127.0.0.1:54032 (ESTABLISHED)
tclsh 10412 root 65u IPv4 173784 0t0 TCP
127.0.0.1:7736->127.0.0.1:54033 (ESTABLISHED)
tclsh 10412 root 66u IPv4 173788 0t0 TCP
127.0.0.1:7736->127.0.0.1:54034 (ESTABLISHED)
tclsh 10412 root 67u IPv4 173792 0t0 TCP
127.0.0.1:7736->127.0.0.1:54035 (ESTABLISHED)
tclsh 10412 root 68u IPv4 173796 0t0 TCP
127.0.0.1:7736->127.0.0.1:54036 (ESTABLISHED)
tclsh 10412 root 69u IPv4 173800 0t0 TCP
127.0.0.1:7736->127.0.0.1:54037 (ESTABLISHED)
tclsh 10412 root 70u IPv4 173804 0t0 TCP
127.0.0.1:7736->127.0.0.1:54038 (ESTABLISHED)
tclsh 10412 root 71u IPv4 173808 0t0 TCP
127.0.0.1:7736->127.0.0.1:54039 (ESTABLISHED)
tclsh 10412 root 72u IPv4 173812 0t0 TCP
127.0.0.1:7736->127.0.0.1:54040 (ESTABLISHED)
tclsh 10412 root 73u IPv4 173816 0t0 TCP
127.0.0.1:7736->127.0.0.1:54041 (ESTABLISHED)
tclsh 10412 root 74u IPv4 173820 0t0 TCP
127.0.0.1:7736->127.0.0.1:54042 (ESTABLISHED)
tclsh 10412 root 75u IPv4 173824 0t0 TCP
127.0.0.1:7736->127.0.0.1:54043 (ESTABLISHED)
tclsh 10412 root 76u IPv4 173828 0t0 TCP
127.0.0.1:7736->127.0.0.1:54044 (ESTABLISHED)
tclsh 10412 root 77u IPv4 173832 0t0 TCP
127.0.0.1:7736->127.0.0.1:54045 (ESTABLISHED)
tclsh 10412 root 78u IPv4 173836 0t0 TCP
127.0.0.1:7736->127.0.0.1:54046 (ESTABLISHED)
tclsh 10412 root 79u IPv4 173840 0t0 TCP
127.0.0.1:7736->127.0.0.1:54047 (ESTABLISHED)
tclsh 10412 root 80u IPv4 173844 0t0 TCP
127.0.0.1:7736->127.0.0.1:54048 (ESTABLISHED)
tclsh 10412 root 81u IPv4 173848 0t0 TCP
127.0.0.1:7736->127.0.0.1:54049 (ESTABLISHED)
tclsh 10412 root 82u IPv4 173852 0t0 TCP
127.0.0.1:7736->127.0.0.1:54050 (ESTABLISHED)
tclsh 10412 root 83u IPv4 173856 0t0 TCP
127.0.0.1:7736->127.0.0.1:54051 (ESTABLISHED)
tclsh 10412 root 84u IPv4 173860 0t0 TCP
127.0.0.1:7736->127.0.0.1:54052 (ESTABLISHED)
tclsh 10412 root 85u IPv4 173864 0t0 TCP
127.0.0.1:7736->127.0.0.1:54053 (ESTABLISHED)
tclsh 10412 root 86u IPv4 173868 0t0 TCP
127.0.0.1:7736->127.0.0.1:54054 (ESTABLISHED)
tclsh 10412 root 87u IPv4 173872 0t0 TCP
127.0.0.1:7736->127.0.0.1:54055 (ESTABLISHED)
tclsh 10412 root 88u IPv4 173876 0t0 TCP
127.0.0.1:7736->127.0.0.1:54056 (ESTABLISHED)
tclsh 10412 root 89u IPv4 173880 0t0 TCP
127.0.0.1:7736->127.0.0.1:54057 (ESTABLISHED)
tclsh 10412 root 90u IPv4 173884 0t0 TCP
127.0.0.1:7736->127.0.0.1:54058 (ESTABLISHED)
tclsh 10412 root 91u IPv4 173888 0t0 TCP
127.0.0.1:7736->127.0.0.1:54059 (ESTABLISHED)
tclsh 10412 root 92u IPv4 173892 0t0 TCP
127.0.0.1:7736->127.0.0.1:54060 (ESTABLISHED)
tclsh 10412 root 93u IPv4 173896 0t0 TCP
127.0.0.1:7736->127.0.0.1:54061 (ESTABLISHED)
tclsh 10412 root 94u IPv4 173900 0t0 TCP
127.0.0.1:7736->127.0.0.1:54062 (ESTABLISHED)
tclsh 10412 root 95u IPv4 173904 0t0 TCP
127.0.0.1:7736->127.0.0.1:54063 (ESTABLISHED)
tclsh 10412 root 96u IPv4 173908 0t0 TCP
127.0.0.1:7736->127.0.0.1:54064 (ESTABLISHED)
tclsh 10412 root 97u IPv4 173912 0t0 TCP
127.0.0.1:7736->127.0.0.1:54065 (ESTABLISHED)
tclsh 10412 root 98u IPv4 173916 0t0 TCP
127.0.0.1:7736->127.0.0.1:54066 (ESTABLISHED)
tclsh 10412 root 99u IPv4 173920 0t0 TCP
127.0.0.1:7736->127.0.0.1:54067 (ESTABLISHED)
tclsh 10412 root 100u IPv4 173924 0t0 TCP
127.0.0.1:7736->127.0.0.1:54068 (ESTABLISHED)
tclsh 10412 root 101u IPv4 173928 0t0 TCP
127.0.0.1:7736->127.0.0.1:54069 (ESTABLISHED)
tclsh 10412 root 102u IPv4 173932 0t0 TCP
127.0.0.1:7736->127.0.0.1:54070 (ESTABLISHED)
tclsh 10412 root 103u IPv4 173936 0t0 TCP
127.0.0.1:7736->127.0.0.1:54071 (ESTABLISHED)
tclsh 10412 root 104u IPv4 173940 0t0 TCP
127.0.0.1:7736->127.0.0.1:54072 (ESTABLISHED)
tclsh 10412 root 105u IPv4 173944 0t0 TCP
127.0.0.1:7736->127.0.0.1:54073 (ESTABLISHED)
tclsh 10412 root 106u IPv4 173948 0t0 TCP
127.0.0.1:7736->127.0.0.1:54074 (ESTABLISHED)
tclsh 10412 root 107u IPv4 173952 0t0 TCP
127.0.0.1:7736->127.0.0.1:54075 (ESTABLISHED)
tclsh 10412 root 108u IPv4 173956 0t0 TCP
127.0.0.1:7736->127.0.0.1:54076 (ESTABLISHED)
tclsh 10412 root 109u IPv4 173960 0t0 TCP
127.0.0.1:7736->127.0.0.1:54077 (ESTABLISHED)
tclsh 10412 root 110u IPv4 173964 0t0 TCP
127.0.0.1:7736->127.0.0.1:54078 (ESTABLISHED)
tclsh 10412 root 111u IPv4 173968 0t0 TCP
127.0.0.1:7736->127.0.0.1:54079 (ESTABLISHED)
tclsh 10412 root 112u IPv4 173972 0t0 TCP
127.0.0.1:7736->127.0.0.1:54080 (ESTABLISHED)
tclsh 10412 root 113u IPv4 173976 0t0 TCP
127.0.0.1:7736->127.0.0.1:54081 (ESTABLISHED)
tclsh 10412 root 114u IPv4 173980 0t0 TCP
10.50.1.245:7736->10.50.1.247:34831 (ESTABLISHED)
tclsh 10412 root 115u IPv4 173981 0t0 TCP
127.0.0.1:7736->127.0.0.1:54082 (ESTABLISHED)
tclsh 10412 root 116u IPv4 173985 0t0 TCP
127.0.0.1:7736->127.0.0.1:54083 (ESTABLISHED)
tclsh 10412 root 117u IPv4 173989 0t0 TCP
127.0.0.1:7736->127.0.0.1:54084 (ESTABLISHED)
tclsh 10412 root 118u IPv4 173993 0t0 TCP
127.0.0.1:7736->127.0.0.1:54085 (ESTABLISHED)
tclsh 10412 root 119u IPv4 173997 0t0 TCP
127.0.0.1:7736->127.0.0.1:54086 (ESTABLISHED)
tclsh 10412 root 120u IPv4 174001 0t0 TCP
127.0.0.1:7736->127.0.0.1:54087 (ESTABLISHED)
tclsh 10412 root 121u IPv4 174005 0t0 TCP
127.0.0.1:7736->127.0.0.1:54088 (ESTABLISHED)
tclsh 10412 root 122u IPv4 174013 0t0 TCP
127.0.0.1:7736->127.0.0.1:54090 (ESTABLISHED)
tclsh 10412 root 123u IPv4 174019 0t0 TCP
10.50.1.245:7736->10.50.1.247:34834 (ESTABLISHED)
tclsh 10412 root 124u IPv4 174020 0t0 TCP
10.50.1.245:7736->10.50.1.247:34835 (ESTABLISHED)
tclsh 10412 root 125u IPv4 174488 0t0 TCP
127.0.0.1:7734->127.0.0.1:37209 (ESTABLISHED)
tclsh 10412 root 126u IPv4 176294 0t0 TCP
127.0.0.1:7736->127.0.0.1:54181 (ESTABLISHED)
tclsh 10412 root 127u IPv4 174038 0t0 TCP
10.50.1.245:7736->10.50.1.247:34839 (ESTABLISHED)
tclsh 10412 root 128u IPv4 174623 0t0 TCP
10.50.1.245:7734->10.50.4.45:3360 (ESTABLISHED)
tclsh 10452 root 3u IPv4 174012 0t0 TCP
127.0.0.1:54090->127.0.0.1:7736 (ESTABLISHED)
tclsh 10452 root 5u IPv4 176293 0t0 TCP
127.0.0.1:54181->127.0.0.1:7736 (ESTABLISHED)
wish 10540 sysnet 4r IPv4 174487 0t0 TCP
127.0.0.1:37209->127.0.0.1:7734 (ESTABLISHED)
sshd 11009 root 3r IPv4 176037 0t0 TCP
10.50.1.245:22->10.50.4.45:3882 (ESTABLISHED)
sshd 11085 sysnet 3u IPv4 176037 0t0 TCP
10.50.1.245:22->10.50.4.45:3882 (ESTABLISHED)
=========================================================================
IDS Rules Update
=========================================================================
Mon Jun 11 07:01:01 UTC 2012
Backing up current downloaded.rules file before it gets overwritten.
Cleaning up downloaded.rules backup files older than 30 days.
Running PulledPork.
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.5.0 The Drowning Rat
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings
@_/ / 66\_ cumm...@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5 for emerging.rules.tar.gz....
They Match
Done!
Prepping rules from emerging.rules.tar.gz for work....
Done!
Reading rules...
Generating Stub Rules....
Done
Reading rules...
Reading rules...
Reading rules...
Processing /etc/pulledpork/enablesid.conf....
Modified 0 rules
Done
Processing /etc/pulledpork/dropsid.conf....
Modified 0 rules
Done
Processing /etc/pulledpork/disablesid.conf....
Modified 799 rules
Done
Modifying Sids....
Done!
Setting Flowbit State....
Enabled 13 flowbits
Done
Writing /etc/nsm/rules/downloaded.rules....
Done
Writing /etc/nsm/rules/so_rules.rules....
Done
Generating sid-msg.map....
Done
Writing /etc/snort/sid-msg.map....
Done
Writing /var/log/sid_changes.log....
Done
Rule Stats....
New:-------0
Deleted:---0
Enabled Rules:----11917
Dropped Rules:----0
Disabled Rules:---3357
Total Rules:------15274
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!
=========================================================================
CPU Usage
=========================================================================
top - 14:43:17 up 3:17, 2 users, load average: 0.48, 0.43, 0.49
Tasks: 147 total, 1 running, 146 sleeping, 0 stopped, 0 zombie
Cpu(s): 3.8%us, 6.2%sy, 0.1%ni, 88.9%id, 0.3%wa, 0.6%hi,
0.2%si, 0.0%st
Mem: 3873468k total, 1631752k used, 2241716k free, 128272k
buffers
Swap: 3701072k total, 0k used, 3701072k free, 1103968k
cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
COMMAND
1556 root 20 0 11036 7628 2292 S 1.9 0.2 0:10.72
ruby
1771 www-data 20 0 74272 61m 3432 S 1.9 1.6 0:32.93
ruby
1925 sysnet 20 0 32192 10m 8800 S 1.9 0.3 0:00.55 update-
notifier
11204 root 20 0 2540 1084 808 R 1.9 0.0 0:00.03
top
1 root 20 0 2808 1780 1236 S 0.0 0.0 0:01.30
init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01
kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/
0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.95 ksoftirqd/
0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/
0
6 root 20 0 0 0 0 S 0.0 0.0 0:00.12 events/
0
7 root 20 0 0 0 0 S 0.0 0.0 0:00.00
cpuset
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00
khelper
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00
netns
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/
mgr
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00
pm
12 root 20 0 0 0 0 S 0.0 0.0 0:00.01
sync_supers
13 root 20 0 0 0 0 S 0.0 0.0 0:00.02 bdi-
default
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kintegrityd/0
15 root 20 0 0 0 0 S 0.0 0.0 0:00.86 kblockd/
0
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kacpid
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kacpi_notify
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kacpi_hotplug
19 root 20 0 0 0 0 S 0.0 0.0 1:00.54 ata/
0
20 root 20 0 0 0 0 S 0.0 0.0 0:00.00
ata_aux
21 root 20 0 0 0 0 S 0.0 0.0 0:00.00
ksuspend_usbd
22 root 20 0 0 0 0 S 0.0 0.0 0:00.00
khubd
23 root 20 0 0 0 0 S 0.0 0.0 0:00.02
kseriod
24 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kmmcd
27 root 20 0 0 0 0 S 0.0 0.0 0:00.00
khungtaskd
28 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kswapd0
29 root 25 5 0 0 0 S 0.0 0.0 0:00.00
ksmd
30 root 20 0 0 0 0 S 0.0 0.0 0:00.00 aio/
0
31 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ecryptfs-
kthrea
32 root 20 0 0 0 0 S 0.0 0.0 0:00.00 crypto/
0
36 root 20 0 0 0 0 S 0.0 0.0 0:00.00
scsi_eh_0
37 root 20 0 0 0 0 S 0.0 0.0 0:32.97
scsi_eh_1
39 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kstriped
41 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kmpathd/
0
42 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kmpath_handlerd
43 root 20 0 0 0 0 S 0.0 0.0 0:00.00
ksnapd
44 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kondemand/
0
45 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kconservative/0
137 root 20 0 0 0 0 S 0.0 0.0 0:00.00
usbhid_resumer
225 root 20 0 0 0 0 S 0.0 0.0 0:13.76
flush-8:0
253 root 20 0 0 0 0 S 0.0 0.0 0:07.62 jbd2/
sda1-8
254 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ext4-dio-
unwrit
296 root 20 0 2444 972 680 S 0.0 0.0 0:00.08 upstart-
udev-br
300 root 16 -4 2556 896 336 S 0.0 0.0 0:00.14
udevd
395 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kpsmoused
465 root 18 -2 2552 876 316 S 0.0 0.0 0:00.00
udevd
469 root 18 -2 2552 860 300 S 0.0 0.0 0:00.00
udevd
672 root 20 0 5548 2148 1736 S 0.0 0.1 0:00.30
sshd
685 syslog 20 0 33508 1500 1040 S 0.0 0.0 0:00.20
rsyslogd
688 messageb 20 0 3052 1464 788 S 0.0 0.0 0:00.50 dbus-
daemon
717 root 20 0 18784 3276 2700 S 0.0 0.1 0:00.16 gdm-
binary
719 root 20 0 8756 3876 3216 S 0.0 0.1 0:00.20
NetworkManager
728 root 20 0 4164 2304 1868 S 0.0 0.1 0:00.85 modem-
manager
729 avahi 20 0 3036 1592 1304 S 0.0 0.0 0:00.19 avahi-
daemon
732 avahi 20 0 2924 548 320 S 0.0 0.0 0:00.00 avahi-
daemon
744 root 20 0 20596 3136 2252 S 0.0 0.1 0:00.54 console-
kit-dae
819 root 20 0 20500 3792 2988 S 0.0 0.1 0:00.17 gdm-
simple-slav
825 root 20 0 4836 1740 1476 S 0.0 0.0 0:00.03
wpa_supplicant
843 root 20 0 29616 17m 5416 S 0.0 0.5 0:12.57
Xorg
927 root 20 0 1788 564 480 S 0.0 0.0 0:00.01
getty
937 root 20 0 1788 568 484 S 0.0 0.0 0:00.01
getty
955 root 20 0 1788 564 484 S 0.0 0.0 0:00.01
getty
960 root 20 0 1788 564 484 S 0.0 0.0 0:00.01
getty
973 root 20 0 1788 564 484 S 0.0 0.0 0:00.01
getty
983 root 20 0 2044 860 504 S 0.0 0.0 0:00.01
acpid
989 daemon 20 0 2244 428 292 S 0.0 0.0 0:00.00
atd
990 root 20 0 2372 908 716 S 0.0 0.0 0:00.63
cron
1041 mysql 20 0 154m 44m 6584 S 0.0 1.2 0:57.86
mysqld
1126 ossec 20 0 3008 1632 692 S 0.0 0.0 0:12.31 ossec-
analysisd
1138 root 20 0 1956 504 388 S 0.0 0.0 0:00.60 ossec-
logcollec
1163 root 20 0 2988 1856 616 S 0.0 0.0 1:47.91 ossec-
syscheckd
1176 ossec 20 0 2232 548 404 S 0.0 0.0 0:00.02 ossec-
monitord
1191 ntp 20 0 4420 1376 1036 S 0.0 0.0 0:00.80
ntpd
1321 gdm 20 0 3380 776 516 S 0.0 0.0 0:00.00 dbus-
launch
1339 root 20 0 6696 2528 1896 S 0.0 0.1 0:00.04
cupsd
1414 root 20 0 14112 7508 2520 S 0.0 0.2 0:01.21
tclsh
1474 root 20 0 20856 3600 2848 S 0.0 0.1 0:00.17 gdm-
session-wor
1483 haldaemo 20 0 16328 3940 3336 S 0.0 0.1 0:02.66
hald
1484 root 20 0 3532 1292 1080 S 0.0 0.0 0:00.10 hald-
runner
1535 root 20 0 39716 9056 5308 S 0.0 0.2 0:00.61
apache2
1537 root 20 0 4372 1752 1536 S 0.0 0.0 0:00.05
PassengerWatchd
1548 root 20 0 15376 2232 1876 S 0.0 0.1 0:25.98
PassengerHelper
1561 nobody 20 0 9576 3136 2580 S 0.0 0.1 0:00.08
PassengerLoggin
1580 www-data 20 0 40416 6500 2296 S 0.0 0.2 0:00.07
apache2
1583 www-data 20 0 39856 5668 1812 S 0.0 0.1 0:00.06
apache2
1584 www-data 20 0 39856 5724 1840 S 0.0 0.1 0:00.02
apache2
1586 www-data 20 0 40276 6120 1872 S 0.0 0.2 0:00.04
apache2
1587 www-data 20 0 39856 5660 1808 S 0.0 0.1 0:00.02
apache2
1618 root 20 0 1788 568 484 S 0.0 0.0 0:00.01
getty
1676 root 20 0 3608 1244 1068 S 0.0 0.0 0:00.03 hald-
addon-inpu
1717 root 20 0 3612 1240 1060 S 0.0 0.0 0:16.32 hald-
addon-stor
1719 haldaemo 20 0 3416 1184 1008 S 0.0 0.0 0:00.02 hald-
addon-acpi
1736 root 20 0 1792 496 428 S 0.0 0.0 0:00.71
tail
1789 sysnet 20 0 23980 2508 2060 S 0.0 0.1 0:00.03 gnome-
keyring-d
1808 sysnet 20 0 1828 576 488 S 0.0 0.0 0:00.37
sh
1837 sysnet 20 0 3280 352 144 S 0.0 0.0 0:00.04 ssh-
agent
1840 sysnet 20 0 3380 776 508 S 0.0 0.0 0:00.00 dbus-
launch
1841 sysnet 20 0 2864 1088 676 S 0.0 0.0 0:00.17 dbus-
daemon
1850 sysnet 20 0 4736 2280 1680 S 0.0 0.1 0:01.21
xscreensaver
1854 sysnet 20 0 26252 6900 5548 S 0.0 0.2 0:00.67 xfce4-
session
1856 sysnet 20 0 3852 1984 1692 S 0.0 0.1 0:00.08
xfconfd
1862 sysnet 20 0 6500 3140 2228 S 0.0 0.1 0:00.16
gconfd-2
1863 sysnet 20 0 16480 3280 2252 S 0.0 0.1 0:00.01
xfsettingsd
1865 sysnet 20 0 19324 9072 7508 S 0.0 0.2 0:00.53
xfwm4
1866 sysnet 20 0 17956 6428 5148 S 0.0 0.2 0:00.39
Thunar
1868 sysnet 20 0 3064 1288 1096 S 0.0 0.0 0:00.03
gam_server
1869 sysnet 20 0 41120 11m 9072 S 0.0 0.3 0:00.92 xfce4-
panel
1870 sysnet 20 0 69068 14m 11m S 0.0 0.4 0:01.17
xfdesktop
1873 sysnet 20 0 17312 3400 2232 S 0.0 0.1 0:00.04 xfce4-
power-man
1874 sysnet 20 0 19092 4072 2668 S 0.0 0.1 0:00.10 xfce4-
settings-
1879 sysnet 20 0 30660 10m 7704 S 0.0 0.3 0:00.49 xfce4-
menu-plug
1880 sysnet 20 0 32224 10m 8176 S 0.0 0.3 0:00.32 xfce4-
places-pl
1882 sysnet 20 0 6376 2232 1892 S 0.0 0.1 0:00.03
gvfsd
1885 sysnet 20 0 177m 10m 8024 S 0.0 0.3 0:00.25 xfce4-
mixer-plu
1889 sysnet 9 -11 84728 3400 2568 S 0.0 0.1 0:00.09
pulseaudio
1891 rtkit 21 1 22904 1220 1024 S 0.0 0.0 0:00.11 rtkit-
daemon
1895 root 20 0 6132 3712 2952 S 0.0 0.1 0:00.15
polkitd
1903 sysnet 20 0 43624 10m 8336 S 0.0 0.3 0:00.28 nm-
applet
1910 sysnet 20 0 31368 14m 8680 S 0.0 0.4 0:00.48
python
1921 sysnet 20 0 166m 6004 4300 S 0.0 0.2 0:00.08 xfce4-
volumed
1930 sysnet 20 0 32216 10m 8576 S 0.0 0.3 0:00.54 notify-
osd
1932 sysnet 20 0 18292 5996 4880 S 0.0 0.2 0:00.13 polkit-
gnome-au
1934 root 20 0 5304 2788 2332 S 0.0 0.1 0:00.16 udisks-
daemon
1938 root 20 0 5184 876 608 S 0.0 0.0 0:08.86 udisks-
daemon
2077 www-data 20 0 39856 5656 1808 S 0.0 0.1 0:00.02
apache2
2094 nobody 20 0 71292 59m 3300 S 0.0 1.6 0:13.24
ruby
2118 www-data 20 0 40276 6236 2120 S 0.0 0.2 0:00.03
apache2
2119 www-data 20 0 39856 5672 1824 S 0.0 0.1 0:00.02
apache2
2120 www-data 20 0 39856 5900 2048 S 0.0 0.2 0:00.02
apache2
2121 www-data 20 0 39856 5660 1812 S 0.0 0.1 0:00.02
apache2
10294 root 20 0 10864 3564 2752 S 0.0 0.1 0:00.10
sshd
10365 sysnet 20 0 10864 1768 936 S 0.0 0.0 0:00.54
sshd
10412 root 20 0 32368 23m 3380 S 0.0 0.6 0:57.50
tclsh
10415 root 20 0 9076 2996 1100 S 0.0 0.1 0:00.17
tclsh
10416 root 20 0 9076 2652 780 S 0.0 0.1 0:00.00
tclsh
10452 root 20 0 7268 4620 2520 S 0.0 0.1 0:00.17
tclsh
10476 root 20 0 3256 660 572 S 0.0 0.0 0:00.03
tail
10540 sysnet 20 0 23708 19m 5656 S 0.0 0.5 0:04.45
wish
11009 root 20 0 10976 3668 2760 S 0.0 0.1 0:00.20
sshd
11085 sysnet 20 0 10976 1864 956 S 0.0 0.0 0:00.02
sshd
11086 sysnet 20 0 6472 3856 1564 S 0.0 0.1 0:00.36
bash
11116 root 20 0 4628 1960 1512 S 0.0 0.1 0:00.15
bash
11131 root 20 0 4216 1376 1172 S 0.0 0.0 0:00.08
sostat
=========================================================================
Log Archive
=========================================================================
/nsm/sensor_data/*/dailylogs/
37M .
4.0K ./.aptitude
4.0K ./.cache
16K ./.config
31M ./.cpan
12K ./.dbus
4.0K ./.debtags
4.0K ./.gconf
16K ./.gconfd
4.1M ./.gem
8.0K ./.gnome2
4.0K ./.gnome2_private
8.0K ./.local
4.0K ./.pulse
4.0K ./.ssh
48K ./.subversion
24K ./.synaptic
8.0K ./.vim
1.6M ./.wajig
/nsm/bro/logs/
4.0M .
4.0M ./stats
=========================================================================
IDS Engine (snort) packet drops
=========================================================================
ERROR: No stats found in /nsm/sensor_data/*/snort.stats
=========================================================================
Sguil Uncategorized Events
=========================================================================
COUNT(*)
10991
=========================================================================
Snorby Events Summary for yesterday
=========================================================================
Total
0
=========================================================================
Top 50 All Time Snorby Events
=========================================================================
Totals SignatureID SignatureName
6092 2100538 GPL NETBIOS SMB IPC$ unicode share access
356 2003068 ET SCAN Potential SSH Scan OUTBOUND
356 2001219 ET SCAN Potential SSH Scan
156 1201 GPL WEB_SERVER 403 Forbidden
65 1413 GPL SNMP private access udp
56 2011032 ET SCAN HTTP POST invalid method case
39 2013075 ET CURRENT_EVENTS Large DNS Query possible covert channel
30 2002911 ET SCAN Potential VNC Scan 5900-5920
22 2009832 ET SCAN DCERPC rpcmgmt ifids Unauthenticated BIND
13 2006445 ET WEB_SERVER Possible SQL Injection Attempt SELECT FROM
4 2011582 ET POLICY Vulnerable Java Version 1.6.x Detected
4 2001579 ET SCAN Behavioral Unusual Port 139 traffic, Potential Scan
or Infection
4 2002400 ET USER_AGENTS Suspicious User Agent (Microsoft Internet
Explorer)
2 2011033 ET SCAN HTTP HEAD invalid method case
1 2103192 GPL WEB_CLIENT Windows Media Player directory traversal via
Content-Disposition attempt
1 2002383 ET SCAN Potential FTP Brute-Force attempt
1 2001569 ET SCAN Behavioral Unusual Port 445 traffic, Potential Scan
or Infection
1 2010785 ET CHAT Facebook Chat (buddy list)
1 2013479 ET SCAN Behavioral Unusually fast Terminal Server Traffic,
Potential Scan or Infection
1 2001972 ET SCAN Behavioral Unusually fast Terminal Server Traffic,
Potential Scan or Infection
1 2012708 ET WEB_SERVER HTTP 414 Request URI Too Large
1 2012173 ET WEB_CLIENT eval String.fromCharCode String Which May Be
Malicious
Total
7207
Sorry for the delay.
Regards Erwin
=========================================================================
Service Status
=========================================================================
Status: securityonion
* sguil server[ OK ]
Status: HIDS
* ossec_agent (sguil)[ OK ]
=========================================================================
Interface Status
=========================================================================
eth0 Link encap:Ethernet HWaddr 9a:ce:e1:27:e4:0e
inet addr:10.50.1.245 Bcast:10.50.255.255 Mask:255.255.0.0
inet6 addr: fe80::98ce:e1ff:fe27:e40e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:112162 errors:0 dropped:0 overruns:0 frame:0
TX packets:35191 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:48461695 (48.4 MB) TX bytes:10589281 (10.5 MB)
Interrupt:32 Base address:0x4000
eth1 Link encap:Ethernet HWaddr 4a:44:83:e4:de:3d
inet6 addr: fe80::4844:83ff:fee4:de3d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:76838 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5669078 (5.6 MB) TX bytes:328 (328.0 B)
Interrupt:36 Base address:0xe100
eth2 Link encap:Ethernet HWaddr da:0c:25:58:13:4c
inet6 addr: fe80::d80c:25ff:fe58:134c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:238 (238.0 B)
Interrupt:40 Base address:0x4200
eth3 Link encap:Ethernet HWaddr 42:8a:02:1a:3d:d6
inet6 addr: fe80::408a:2ff:fe1a:3dd6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:238 (238.0 B)
Interrupt:44 Base address:0xc300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9404 errors:0 dropped:0 overruns:0 frame:0
TX packets:9404 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1641820 (1.6 MB) TX bytes:1641820 (1.6 MB)
=========================================================================
Disk Usage
=========================================================================
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 38G 9.6G 27G 27% /
none 1.9G 192K 1.9G 1% /dev
none 1.9G 124K 1.9G 1% /dev/shm
none 1.9G 108K 1.9G 1% /var/run
none 1.9G 0 1.9G 0% /var/lock
none 1.9G 0 1.9G 0% /lib/init/rw
=========================================================================
Network Sockets
=========================================================================
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 672 root 3r IPv4 3989 0t0 TCP *:22
(LISTEN)
sshd 672 root 4u IPv6 3991 0t0 TCP *:22
(LISTEN)
avahi-dae 729 avahi 13u IPv4 4111 0t0 UDP *:5353
avahi-dae 729 avahi 14u IPv4 4112 0t0 UDP *:58339
mysqld 1041 mysql 10u IPv4 4703 0t0 TCP
127.0.0.1:3306 (LISTEN)
mysqld 1041 mysql 45u IPv4 173602 0t0 TCP
127.0.0.1:3306->127.0.0.1:47932 (ESTABLISHED)
mysqld 1041 mysql 63u IPv4 174009 0t0 TCP
127.0.0.1:3306->127.0.0.1:48032 (ESTABLISHED)
ntpd 1191 ntp 16u IPv4 4813 0t0 UDP *:123
ntpd 1191 ntp 17u IPv6 4814 0t0 UDP *:123
ntpd 1191 ntp 18u IPv4 4818 0t0 UDP
127.0.0.1:123
ntpd 1191 ntp 19u IPv4 4819 0t0 UDP
10.50.1.245:123
ntpd 1191 ntp 20u IPv6 4820 0t0 UDP
[fe80::4844:83ff:fee4:de3d]:123
ntpd 1191 ntp 21u IPv6 4821 0t0 UDP [::1]:123
ntpd 1191 ntp 22u IPv6 4822 0t0 UDP [fe80::d80c:
25ff:fe58:134c]:123
ntpd 1191 ntp 23u IPv6 4823 0t0 UDP [fe80::408a:
2ff:fe1a:3dd6]:123
ntpd 1191 ntp 24u IPv6 4824 0t0 UDP
[fe80::98ce:e1ff:fe27:e40e]:123
cupsd 1339 root 6u IPv6 5503 0t0 TCP [::1]:631
(LISTEN)
cupsd 1339 root 7u IPv4 5504 0t0 TCP
127.0.0.1:631 (LISTEN)
tclsh 1414 root 3u IPv4 7606 0t0 TCP
127.0.0.1:53665->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1414 root 5u IPv4 173607 0t0 TCP
127.0.0.1:53990->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 7u IPv4 8068 0t0 TCP
127.0.0.1:53667->127.0.0.1:7736 (CLOSE_WAIT)
tclsh 1414 root 9u IPv4 173613 0t0 TCP
127.0.0.1:53992->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 10u IPv4 173617 0t0 TCP
127.0.0.1:53993->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 11u IPv4 173621 0t0 TCP
127.0.0.1:53994->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 13u IPv4 173625 0t0 TCP
127.0.0.1:53995->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 14u IPv4 173629 0t0 TCP
127.0.0.1:53996->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 15u IPv4 173633 0t0 TCP
127.0.0.1:53997->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 16u IPv4 173638 0t0 TCP
127.0.0.1:53998->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 17u IPv4 173642 0t0 TCP
127.0.0.1:53999->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 18u IPv4 173646 0t0 TCP
127.0.0.1:54000->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 19u IPv4 173653 0t0 TCP
127.0.0.1:54001->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 20u IPv4 173657 0t0 TCP
127.0.0.1:54002->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 21u IPv4 173661 0t0 TCP
127.0.0.1:54003->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 22u IPv4 173665 0t0 TCP
127.0.0.1:54004->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 23u IPv4 173669 0t0 TCP
127.0.0.1:54005->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 24u IPv4 173675 0t0 TCP
127.0.0.1:54006->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 25u IPv4 173679 0t0 TCP
127.0.0.1:54007->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 26u IPv4 173683 0t0 TCP
127.0.0.1:54008->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 27u IPv4 173687 0t0 TCP
127.0.0.1:54009->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 28u IPv4 173691 0t0 TCP
127.0.0.1:54010->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 29u IPv4 173695 0t0 TCP
127.0.0.1:54011->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 30u IPv4 173699 0t0 TCP
127.0.0.1:54012->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 31u IPv4 173703 0t0 TCP
127.0.0.1:54013->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 32u IPv4 173707 0t0 TCP
127.0.0.1:54014->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 33u IPv4 173711 0t0 TCP
127.0.0.1:54015->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 34u IPv4 173715 0t0 TCP
127.0.0.1:54016->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 35u IPv4 173719 0t0 TCP
127.0.0.1:54017->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 36u IPv4 173723 0t0 TCP
127.0.0.1:54018->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 37u IPv4 173727 0t0 TCP
127.0.0.1:54019->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 38u IPv4 173731 0t0 TCP
127.0.0.1:54020->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 39u IPv4 173735 0t0 TCP
127.0.0.1:54021->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 40u IPv4 173739 0t0 TCP
127.0.0.1:54022->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 41u IPv4 173743 0t0 TCP
127.0.0.1:54023->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 42u IPv4 173747 0t0 TCP
127.0.0.1:54024->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 43u IPv4 173751 0t0 TCP
127.0.0.1:54025->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 44u IPv4 173755 0t0 TCP
127.0.0.1:54026->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 45u IPv4 173759 0t0 TCP
127.0.0.1:54027->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 46u IPv4 173763 0t0 TCP
127.0.0.1:54028->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 47u IPv4 173767 0t0 TCP
127.0.0.1:54029->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 48u IPv4 173771 0t0 TCP
127.0.0.1:54030->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 49u IPv4 173775 0t0 TCP
127.0.0.1:54031->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 50u IPv4 173779 0t0 TCP
127.0.0.1:54032->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 51u IPv4 173783 0t0 TCP
127.0.0.1:54033->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 52u IPv4 173787 0t0 TCP
127.0.0.1:54034->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 53u IPv4 173791 0t0 TCP
127.0.0.1:54035->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 54u IPv4 173795 0t0 TCP
127.0.0.1:54036->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 55u IPv4 173799 0t0 TCP
127.0.0.1:54037->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 56u IPv4 173803 0t0 TCP
127.0.0.1:54038->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 57u IPv4 173807 0t0 TCP
127.0.0.1:54039->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 58u IPv4 173811 0t0 TCP
127.0.0.1:54040->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 59u IPv4 173815 0t0 TCP
127.0.0.1:54041->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 60u IPv4 173819 0t0 TCP
127.0.0.1:54042->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 61u IPv4 173823 0t0 TCP
127.0.0.1:54043->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 62u IPv4 173827 0t0 TCP
127.0.0.1:54044->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 63u IPv4 173831 0t0 TCP
127.0.0.1:54045->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 64u IPv4 173835 0t0 TCP
127.0.0.1:54046->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 65u IPv4 173839 0t0 TCP
127.0.0.1:54047->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 66u IPv4 173843 0t0 TCP
127.0.0.1:54048->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 67u IPv4 173847 0t0 TCP
127.0.0.1:54049->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 68u IPv4 173851 0t0 TCP
127.0.0.1:54050->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 69u IPv4 173855 0t0 TCP
127.0.0.1:54051->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 70u IPv4 173859 0t0 TCP
127.0.0.1:54052->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 71u IPv4 173863 0t0 TCP
127.0.0.1:54053->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 72u IPv4 173867 0t0 TCP
127.0.0.1:54054->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 73u IPv4 173871 0t0 TCP
127.0.0.1:54055->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 74u IPv4 173875 0t0 TCP
127.0.0.1:54056->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 75u IPv4 173879 0t0 TCP
127.0.0.1:54057->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 76u IPv4 173883 0t0 TCP
127.0.0.1:54058->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 77u IPv4 173887 0t0 TCP
127.0.0.1:54059->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 78u IPv4 173891 0t0 TCP
127.0.0.1:54060->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 79u IPv4 173895 0t0 TCP
127.0.0.1:54061->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 80u IPv4 173899 0t0 TCP
127.0.0.1:54062->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 81u IPv4 173903 0t0 TCP
127.0.0.1:54063->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 82u IPv4 173907 0t0 TCP
127.0.0.1:54064->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 83u IPv4 173911 0t0 TCP
127.0.0.1:54065->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 84u IPv4 173915 0t0 TCP
127.0.0.1:54066->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 85u IPv4 173919 0t0 TCP
127.0.0.1:54067->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 86u IPv4 173923 0t0 TCP
127.0.0.1:54068->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 87u IPv4 173927 0t0 TCP
127.0.0.1:54069->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 88u IPv4 173931 0t0 TCP
127.0.0.1:54070->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 89u IPv4 173935 0t0 TCP
127.0.0.1:54071->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 90u IPv4 173939 0t0 TCP
127.0.0.1:54072->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 91u IPv4 173943 0t0 TCP
127.0.0.1:54073->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 92u IPv4 173947 0t0 TCP
127.0.0.1:54074->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 93u IPv4 173951 0t0 TCP
127.0.0.1:54075->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 94u IPv4 173955 0t0 TCP
127.0.0.1:54076->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 95u IPv4 173959 0t0 TCP
127.0.0.1:54077->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 96u IPv4 173963 0t0 TCP
127.0.0.1:54078->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 97u IPv4 173967 0t0 TCP
127.0.0.1:54079->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 98u IPv4 173971 0t0 TCP
127.0.0.1:54080->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 99u IPv4 173975 0t0 TCP
127.0.0.1:54081->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 100u IPv4 173979 0t0 TCP
127.0.0.1:54082->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 101u IPv4 173984 0t0 TCP
127.0.0.1:54083->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 102u IPv4 173988 0t0 TCP
127.0.0.1:54084->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 103u IPv4 173992 0t0 TCP
127.0.0.1:54085->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 104u IPv4 173996 0t0 TCP
127.0.0.1:54086->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 105u IPv4 174000 0t0 TCP
127.0.0.1:54087->127.0.0.1:7736 (ESTABLISHED)
tclsh 1414 root 106u IPv4 174004 0t0 TCP
127.0.0.1:54088->127.0.0.1:7736 (ESTABLISHED)
apache2 1535 root 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1535 root 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1535 root 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1580 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1580 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1580 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1583 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1583 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1583 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1584 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1584 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1584 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1586 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1586 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1586 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 1587 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 1587 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 1587 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 2077 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2077 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2077 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
ruby 2094 nobody 9u IPv4 9833 0t0 TCP
127.0.0.1:50640 (LISTEN)
apache2 2118 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2118 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2118 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 2119 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2119 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2119 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 2120 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2120 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2120 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
apache2 2121 www-data 3u IPv4 6340 0t0 TCP *:443
(LISTEN)
apache2 2121 www-data 4u IPv4 6342 0t0 TCP *:9876
(LISTEN)
apache2 2121 www-data 5u IPv4 6347 0t0 TCP *:3000
(LISTEN)
sshd 10294 root 3r IPv4 173001 0t0 TCP
10.50.1.245:22->10.50.1.247:34598 (ESTABLISHED)
sshd 10365 sysnet 3u IPv4 173001 0t0 TCP
10.50.1.245:22->10.50.1.247:34598 (ESTABLISHED)
sshd 10365 sysnet 9u IPv4 173601 0t0 TCP
127.0.0.1:47932->127.0.0.1:3306 (ESTABLISHED)
sshd 10365 sysnet 10u IPv4 174008 0t0 TCP
127.0.0.1:48032->127.0.0.1:3306 (ESTABLISHED)
tclsh 10412 root 13u IPv4 173585 0t0 TCP *:7734
(LISTEN)
tclsh 10412 root 14u IPv4 173586 0t0 TCP *:7736
(LISTEN)
tclsh 10412 root 15u IPv4 173587 0t0 TCP
10.50.1.245:7736->10.50.1.247:34822 (ESTABLISHED)
tclsh 10412 root 16u IPv4 173588 0t0 TCP
10.50.1.245:7736->10.50.1.247:34823 (ESTABLISHED)
tclsh 10412 root 17u IPv4 173589 0t0 TCP
10.50.1.245:7736->10.50.1.247:34824 (ESTABLISHED)
tclsh 10412 root 18u IPv4 173590 0t0 TCP
10.50.1.245:7736->10.50.1.247:34825 (ESTABLISHED)
tclsh 10412 root 19u IPv4 173597 0t0 TCP
10.50.1.245:7736->10.50.1.247:34826 (ESTABLISHED)
tclsh 10412 root 20u IPv4 173598 0t0 TCP
10.50.1.245:7736->10.50.1.247:34827 (ESTABLISHED)
tclsh 10412 root 21u IPv4 173599 0t0 TCP
10.50.1.245:7736->10.50.1.247:34828 (ESTABLISHED)
tclsh 10412 root 22u IPv4 173603 0t0 TCP
10.50.1.245:7736->10.50.1.247:34830 (ESTABLISHED)
tclsh 10412 root 23u IPv4 173608 0t0 TCP
127.0.0.1:7736->127.0.0.1:53990 (ESTABLISHED)
tclsh 10412 root 24u IPv4 173614 0t0 TCP
127.0.0.1:7736->127.0.0.1:53992 (ESTABLISHED)
tclsh 10412 root 25u IPv4 173618 0t0 TCP
127.0.0.1:7736->127.0.0.1:53993 (ESTABLISHED)
tclsh 10412 root 26u IPv4 173622 0t0 TCP
127.0.0.1:7736->127.0.0.1:53994 (ESTABLISHED)
tclsh 10412 root 27u IPv4 173626 0t0 TCP
127.0.0.1:7736->127.0.0.1:53995 (ESTABLISHED)
tclsh 10412 root 28u IPv4 173630 0t0 TCP
127.0.0.1:7736->127.0.0.1:53996 (ESTABLISHED)
tclsh 10412 root 29u IPv4 173634 0t0 TCP
127.0.0.1:7736->127.0.0.1:53997 (ESTABLISHED)
tclsh 10412 root 30u IPv4 173639 0t0 TCP
127.0.0.1:7736->127.0.0.1:53998 (ESTABLISHED)
tclsh 10412 root 31u IPv4 173643 0t0 TCP
127.0.0.1:7736->127.0.0.1:53999 (ESTABLISHED)
tclsh 10412 root 32u IPv4 173647 0t0 TCP
127.0.0.1:7736->127.0.0.1:54000 (ESTABLISHED)
tclsh 10412 root 33u IPv4 173654 0t0 TCP
127.0.0.1:7736->127.0.0.1:54001 (ESTABLISHED)
tclsh 10412 root 34u IPv4 173658 0t0 TCP
127.0.0.1:7736->127.0.0.1:54002 (ESTABLISHED)
tclsh 10412 root 35u IPv4 173662 0t0 TCP
127.0.0.1:7736->127.0.0.1:54003 (ESTABLISHED)
tclsh 10412 root 36u IPv4 173666 0t0 TCP
127.0.0.1:7736->127.0.0.1:54004 (ESTABLISHED)
tclsh 10412 root 37u IPv4 173670 0t0 TCP
127.0.0.1:7736->127.0.0.1:54005 (ESTABLISHED)
tclsh 10412 root 38u IPv4 173676 0t0 TCP
127.0.0.1:7736->127.0.0.1:54006 (ESTABLISHED)
tclsh 10412 root 39u IPv4 173680 0t0 TCP
127.0.0.1:7736->127.0.0.1:54007 (ESTABLISHED)
tclsh 10412 root 40u IPv4 173684 0t0 TCP
127.0.0.1:7736->127.0.0.1:54008 (ESTABLISHED)
tclsh 10412 root 41u IPv4 173688 0t0 TCP
127.0.0.1:7736->127.0.0.1:54009 (ESTABLISHED)
tclsh 10412 root 42u IPv4 173692 0t0 TCP
127.0.0.1:7736->127.0.0.1:54010 (ESTABLISHED)
tclsh 10412 root 43u IPv4 173696 0t0 TCP
127.0.0.1:7736->127.0.0.1:54011 (ESTABLISHED)
tclsh 10412 root 44u IPv4 173700 0t0 TCP
127.0.0.1:7736->127.0.0.1:54012 (ESTABLISHED)
tclsh 10412 root 45u IPv4 173704 0t0 TCP
127.0.0.1:7736->127.0.0.1:54013 (ESTABLISHED)
tclsh 10412 root 46u IPv4 173708 0t0 TCP
127.0.0.1:7736->127.0.0.1:54014 (ESTABLISHED)
tclsh 10412 root 47u IPv4 173712 0t0 TCP
127.0.0.1:7736->127.0.0.1:54015 (ESTABLISHED)
tclsh 10412 root 48u IPv4 173716 0t0 TCP
127.0.0.1:7736->127.0.0.1:54016 (ESTABLISHED)
tclsh 10412 root 49u IPv4 173720 0t0 TCP
127.0.0.1:7736->127.0.0.1:54017 (ESTABLISHED)
tclsh 10412 root 50u IPv4 173724 0t0 TCP
127.0.0.1:7736->127.0.0.1:54018 (ESTABLISHED)
tclsh 10412 root 51u IPv4 173728 0t0 TCP
127.0.0.1:7736->127.0.0.1:54019 (ESTABLISHED)
tclsh 10412 root 52u IPv4 173732 0t0 TCP
127.0.0.1:7736->127.0.0.1:54020 (ESTABLISHED)
tclsh 10412 root 53u IPv4 173736 0t0 TCP
127.0.0.1:7736->127.0.0.1:54021 (ESTABLISHED)
tclsh 10412 root 54u IPv4 173740 0t0 TCP
127.0.0.1:7736->127.0.0.1:54022 (ESTABLISHED)
tclsh 10412 root 55u IPv4 173744 0t0 TCP
127.0.0.1:7736->127.0.0.1:54023 (ESTABLISHED)
tclsh 10412 root 56u IPv4 173748 0t0 TCP
127.0.0.1:7736->127.0.0.1:54024 (ESTABLISHED)
tclsh 10412 root 57u IPv4 173752 0t0 TCP
127.0.0.1:7736->127.0.0.1:54025 (ESTABLISHED)
tclsh 10412 root 58u IPv4 173756 0t0 TCP
127.0.0.1:7736->127.0.0.1:54026 (ESTABLISHED)
tclsh 10412 root 59u IPv4 173760 0t0 TCP
127.0.0.1:7736->127.0.0.1:54027 (ESTABLISHED)
tclsh 10412 root 60u IPv4 173764 0t0 TCP
127.0.0.1:7736->127.0.0.1:54028 (ESTABLISHED)
tclsh 10412 root 61u IPv4 173768 0t0 TCP
127.0.0.1:7736->127.0.0.1:54029 (ESTABLISHED)
tclsh 10412 root 62u IPv4 173772 0t0 TCP
127.0.0.1:7736->127.0.0.1:54030 (ESTABLISHED)
tclsh 10412 root 63u IPv4 173776 0t0 TCP
127.0.0.1:7736->127.0.0.1:54031 (ESTABLISHED)
tclsh 10412 root 64u IPv4 173780 0t0 TCP
127.0.0.1:7736->127.0.0.1:54032 (ESTABLISHED)
tclsh 10412 root 65u IPv4 173784 0t0 TCP
127.0.0.1:7736->127.0.0.1:54033 (ESTABLISHED)
tclsh 10412 root 66u IPv4 173788 0t0 TCP
127.0.0.1:7736->127.0.0.1:54034 (ESTABLISHED)
tclsh 10412 root 67u IPv4 173792 0t0 TCP
127.0.0.1:7736->127.0.0.1:54035 (ESTABLISHED)
tclsh 10412 root 68u IPv4 173796 0t0 TCP
127.0.0.1:7736->127.0.0.1:54036 (ESTABLISHED)
tclsh 10412 root 69u IPv4 173800 0t0 TCP
127.0.0.1:7736->127.0.0.1:54037 (ESTABLISHED)
tclsh 10412 root 70u IPv4 173804 0t0 TCP
127.0.0.1:7736->127.0.0.1:54038 (ESTABLISHED)
tclsh 10412 root 71u IPv4 173808 0t0 TCP
127.0.0.1:7736->127.0.0.1:54039 (ESTABLISHED)
tclsh 10412 root 72u IPv4 173812 0t0 TCP
127.0.0.1:7736->127.0.0.1:54040 (ESTABLISHED)
tclsh 10412 root 73u IPv4 173816 0t0 TCP
127.0.0.1:7736->127.0.0.1:54041 (ESTABLISHED)
tclsh 10412 root 74u IPv4 173820 0t0 TCP
127.0.0.1:7736->127.0.0.1:54042 (ESTABLISHED)
tclsh 10412 root 75u IPv4 173824 0t0 TCP
127.0.0.1:7736->127.0.0.1:54043 (ESTABLISHED)
tclsh 10412 root 76u IPv4 173828 0t0 TCP
127.0.0.1:7736->127.0.0.1:54044 (ESTABLISHED)
tclsh 10412 root 77u IPv4 173832 0t0 TCP
127.0.0.1:7736->127.0.0.1:54045 (ESTABLISHED)
tclsh 10412 root 78u IPv4 173836 0t0 TCP
127.0.0.1:7736->127.0.0.1:54046 (ESTABLISHED)
tclsh 10412 root 79u IPv4 173840 0t0 TCP
127.0.0.1:7736->127.0.0.1:54047 (ESTABLISHED)
tclsh 10412 root 80u IPv4 173844 0t0 TCP
127.0.0.1:7736->127.0.0.1:54048 (ESTABLISHED)
tclsh 10412 root 81u IPv4 173848 0t0 TCP
127.0.0.1:7736->127.0.0.1:54049 (ESTABLISHED)
tclsh 10412 root 82u IPv4 173852 0t0 TCP
127.0.0.1:7736->127.0.0.1:54050 (ESTABLISHED)
tclsh 10412 root 83u IPv4 173856 0t0 TCP
127.0.0.1:7736->127.0.0.1:54051 (ESTABLISHED)
tclsh 10412 root 84u IPv4 173860 0t0 TCP
127.0.0.1:7736->127.0.0.1:54052 (ESTABLISHED)
tclsh 10412 root 85u IPv4 173864 0t0 TCP
127.0.0.1:7736->127.0.0.1:54053 (ESTABLISHED)
tclsh 10412 root 86u IPv4 173868 0t0 TCP
127.0.0.1:7736->127.0.0.1:54054 (ESTABLISHED)
tclsh 10412 root 87u IPv4 173872 0t0 TCP
127.0.0.1:7736->127.0.0.1:54055 (ESTABLISHED)
tclsh 10412 root 88u IPv4 173876 0t0 TCP
127.0.0.1:7736->127.0.0.1:54056 (ESTABLISHED)
tclsh 10412 root 89u IPv4 173880 0t0 TCP
127.0.0.1:7736->127.0.0.1:54057 (ESTABLISHED)
tclsh 10412 root 90u IPv4 173884 0t0 TCP
127.0.0.1:7736->127.0.0.1:54058 (ESTABLISHED)
tclsh 10412 root 91u IPv4 173888 0t0 TCP
127.0.0.1:7736->127.0.0.1:54059 (ESTABLISHED)
tclsh 10412 root 92u IPv4 173892 0t0 TCP
127.0.0.1:7736->127.0.0.1:54060 (ESTABLISHED)
tclsh 10412 root 93u IPv4 173896 0t0 TCP
127.0.0.1:7736->127.0.0.1:54061 (ESTABLISHED)
tclsh 10412 root 94u IPv4 173900 0t0 TCP
127.0.0.1:7736->127.0.0.1:54062 (ESTABLISHED)
tclsh 10412 root 95u IPv4 173904 0t0 TCP
127.0.0.1:7736->127.0.0.1:54063 (ESTABLISHED)
tclsh 10412 root 96u IPv4 173908 0t0 TCP
127.0.0.1:7736->127.0.0.1:54064 (ESTABLISHED)
tclsh 10412 root 97u IPv4 173912 0t0 TCP
127.0.0.1:7736->127.0.0.1:54065 (ESTABLISHED)
tclsh 10412 root 98u IPv4 173916 0t0 TCP
127.0.0.1:7736->127.0.0.1:54066 (ESTABLISHED)
tclsh 10412 root 99u IPv4 173920 0t0 TCP
127.0.0.1:7736->127.0.0.1:54067 (ESTABLISHED)
tclsh 10412 root 100u IPv4 173924 0t0 TCP
127.0.0.1:7736->127.0.0.1:54068 (ESTABLISHED)
tclsh 10412 root 101u IPv4 173928 0t0 TCP
127.0.0.1:7736->127.0.0.1:54069 (ESTABLISHED)
tclsh 10412 root 102u IPv4 173932 0t0 TCP
127.0.0.1:7736->127.0.0.1:54070 (ESTABLISHED)
tclsh 10412 root 103u IPv4 173936 0t0 TCP
127.0.0.1:7736->127.0.0.1:54071 (ESTABLISHED)
tclsh 10412 root 104u IPv4 173940 0t0 TCP
127.0.0.1:7736->127.0.0.1:54072 (ESTABLISHED)
tclsh 10412 root 105u IPv4 173944 0t0 TCP
127.0.0.1:7736->127.0.0.1:54073 (ESTABLISHED)
tclsh 10412 root 106u IPv4 173948 0t0 TCP
127.0.0.1:7736->127.0.0.1:54074 (ESTABLISHED)
tclsh 10412 root 107u IPv4 173952 0t0 TCP
127.0.0.1:7736->127.0.0.1:54075 (ESTABLISHED)
tclsh 10412 root 108u IPv4 173956 0t0 TCP
127.0.0.1:7736->127.0.0.1:54076 (ESTABLISHED)
tclsh 10412 root 109u IPv4 173960 0t0 TCP
127.0.0.1:7736->127.0.0.1:54077 (ESTABLISHED)
tclsh 10412 root 110u IPv4 173964 0t0 TCP
127.0.0.1:7736->127.0.0.1:54078 (ESTABLISHED)
tclsh 10412 root 111u IPv4 173968 0t0 TCP
127.0.0.1:7736->127.0.0.1:54079 (ESTABLISHED)
tclsh 10412 root 112u IPv4 173972 0t0 TCP
127.0.0.1:7736->127.0.0.1:54080 (ESTABLISHED)
tclsh 10412 root 113u IPv4 173976 0t0 TCP
127.0.0.1:7736->127.0.0.1:54081 (ESTABLISHED)
tclsh 10412 root 114u IPv4 173980 0t0 TCP
10.50.1.245:7736->10.50.1.247:34831 (ESTABLISHED)
tclsh 10412 root 115u IPv4 173981 0t0 TCP
127.0.0.1:7736->127.0.0.1:54082 (ESTABLISHED)
tclsh 10412 root 116u IPv4 173985 0t0 TCP
127.0.0.1:7736->127.0.0.1:54083 (ESTABLISHED)
tclsh 10412 root 117u IPv4 173989 0t0 TCP
127.0.0.1:7736->127.0.0.1:54084 (ESTABLISHED)
tclsh 10412 root 118u IPv4 173993 0t0 TCP
127.0.0.1:7736->127.0.0.1:54085 (ESTABLISHED)
tclsh 10412 root 119u IPv4 173997 0t0 TCP
127.0.0.1:7736->127.0.0.1:54086 (ESTABLISHED)
tclsh 10412 root 120u IPv4 174001 0t0 TCP
127.0.0.1:7736->127.0.0.1:54087 (ESTABLISHED)
tclsh 10412 root 121u IPv4 174005 0t0 TCP
127.0.0.1:7736->127.0.0.1:54088 (ESTABLISHED)
tclsh 10412 root 122u IPv4 174013 0t0 TCP
127.0.0.1:7736->127.0.0.1:54090 (ESTABLISHED)
tclsh 10412 root 123u IPv4 174019 0t0 TCP
10.50.1.245:7736->10.50.1.247:34834 (ESTABLISHED)
tclsh 10412 root 124u IPv4 174020 0t0 TCP
10.50.1.245:7736->10.50.1.247:34835 (ESTABLISHED)
tclsh 10412 root 125u IPv4 174488 0t0 TCP
127.0.0.1:7734->127.0.0.1:37209 (ESTABLISHED)
tclsh 10412 root 126u IPv4 176294 0t0 TCP
127.0.0.1:7736->127.0.0.1:54181 (ESTABLISHED)
tclsh 10412 root 127u IPv4 174038 0t0 TCP
10.50.1.245:7736->10.50.1.247:34839 (ESTABLISHED)
tclsh 10412 root 128u IPv4 174623 0t0 TCP
10.50.1.245:7734->10.50.4.45:3360 (ESTABLISHED)
tclsh 10452 root 3u IPv4 174012 0t0 TCP
127.0.0.1:54090->127.0.0.1:7736 (ESTABLISHED)
tclsh 10452 root 5u IPv4 176293 0t0 TCP
127.0.0.1:54181->127.0.0.1:7736 (ESTABLISHED)
wish 10540 sysnet 4r IPv4 174487 0t0 TCP
127.0.0.1:37209->127.0.0.1:7734 (ESTABLISHED)
sshd 11009 root 3r IPv4 176037 0t0 TCP
10.50.1.245:22->10.50.4.45:3882 (ESTABLISHED)
sshd 11085 sysnet 3u IPv4 176037 0t0 TCP
10.50.1.245:22->10.50.4.45:3882 (ESTABLISHED)
=========================================================================
IDS Rules Update
=========================================================================
Mon Jun 11 07:01:01 UTC 2012
Backing up current downloaded.rules file before it gets overwritten.
Cleaning up downloaded.rules backup files older than 30 days.
Running PulledPork.
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.5.0 The Drowning Rat
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings
@_/ / 66\_ cumm...@gmail.com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5 for emerging.rules.tar.gz....
They Match
Done!
Prepping rules from emerging.rules.tar.gz for work....
Done!
Reading rules...
Generating Stub Rules....
Done
Reading rules...
Reading rules...
Reading rules...
Processing /etc/pulledpork/enablesid.conf....
Modified 0 rules
Done
Processing /etc/pulledpork/dropsid.conf....
Modified 0 rules
Done
Processing /etc/pulledpork/disablesid.conf....
Modified 799 rules
Done
Modifying Sids....
Done!
Setting Flowbit State....
Enabled 13 flowbits
Done
Writing /etc/nsm/rules/downloaded.rules....
Done
Writing /etc/nsm/rules/so_rules.rules....
Done
Generating sid-msg.map....
Done
Writing /etc/snort/sid-msg.map....
Done
Writing /var/log/sid_changes.log....
Done
Rule Stats....
New:-------0
Deleted:---0
Enabled Rules:----11917
Dropped Rules:----0
Disabled Rules:---3357
Total Rules:------15274
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!
=========================================================================
CPU Usage
=========================================================================
top - 14:43:17 up 3:17, 2 users, load average: 0.48, 0.43, 0.49
Tasks: 147 total, 1 running, 146 sleeping, 0 stopped, 0 zombie
Cpu(s): 3.8%us, 6.2%sy, 0.1%ni, 88.9%id, 0.3%wa, 0.6%hi,
0.2%si, 0.0%st
Mem: 3873468k total, 1631752k used, 2241716k free, 128272k
buffers
Swap: 3701072k total, 0k used, 3701072k free, 1103968k
cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
COMMAND
1556 root 20 0 11036 7628 2292 S 1.9 0.2 0:10.72
ruby
1771 www-data 20 0 74272 61m 3432 S 1.9 1.6 0:32.93
ruby
1925 sysnet 20 0 32192 10m 8800 S 1.9 0.3 0:00.55 update-
notifier
11204 root 20 0 2540 1084 808 R 1.9 0.0 0:00.03
top
1 root 20 0 2808 1780 1236 S 0.0 0.0 0:01.30
init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01
kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/
0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.95 ksoftirqd/
0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/
0
6 root 20 0 0 0 0 S 0.0 0.0 0:00.12 events/
0
7 root 20 0 0 0 0 S 0.0 0.0 0:00.00
cpuset
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00
khelper
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00
netns
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/
mgr
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00
pm
12 root 20 0 0 0 0 S 0.0 0.0 0:00.01
sync_supers
13 root 20 0 0 0 0 S 0.0 0.0 0:00.02 bdi-
default
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kintegrityd/0
15 root 20 0 0 0 0 S 0.0 0.0 0:00.86 kblockd/
0
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kacpid
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kacpi_notify
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kacpi_hotplug
19 root 20 0 0 0 0 S 0.0 0.0 1:00.54 ata/
0
20 root 20 0 0 0 0 S 0.0 0.0 0:00.00
ata_aux
21 root 20 0 0 0 0 S 0.0 0.0 0:00.00
ksuspend_usbd
22 root 20 0 0 0 0 S 0.0 0.0 0:00.00
khubd
23 root 20 0 0 0 0 S 0.0 0.0 0:00.02
kseriod
24 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kmmcd
27 root 20 0 0 0 0 S 0.0 0.0 0:00.00
khungtaskd
28 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kswapd0
29 root 25 5 0 0 0 S 0.0 0.0 0:00.00
ksmd
30 root 20 0 0 0 0 S 0.0 0.0 0:00.00 aio/
0
31 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ecryptfs-
kthrea
32 root 20 0 0 0 0 S 0.0 0.0 0:00.00 crypto/
0
36 root 20 0 0 0 0 S 0.0 0.0 0:00.00
scsi_eh_0
37 root 20 0 0 0 0 S 0.0 0.0 0:32.97
scsi_eh_1
39 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kstriped
41 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kmpathd/
0
42 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kmpath_handlerd
43 root 20 0 0 0 0 S 0.0 0.0 0:00.00
ksnapd
44 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kondemand/
0
45 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kconservative/0
137 root 20 0 0 0 0 S 0.0 0.0 0:00.00
usbhid_resumer
225 root 20 0 0 0 0 S 0.0 0.0 0:13.76
flush-8:0
253 root 20 0 0 0 0 S 0.0 0.0 0:07.62 jbd2/
sda1-8
254 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ext4-dio-
unwrit
296 root 20 0 2444 972 680 S 0.0 0.0 0:00.08 upstart-
udev-br
300 root 16 -4 2556 896 336 S 0.0 0.0 0:00.14
udevd
395 root 20 0 0 0 0 S 0.0 0.0 0:00.00
kpsmoused
465 root 18 -2 2552 876 316 S 0.0 0.0 0:00.00
udevd
469 root 18 -2 2552 860 300 S 0.0 0.0 0:00.00
udevd
672 root 20 0 5548 2148 1736 S 0.0 0.1 0:00.30
sshd
685 syslog 20 0 33508 1500 1040 S 0.0 0.0 0:00.20
rsyslogd
688 messageb 20 0 3052 1464 788 S 0.0 0.0 0:00.50 dbus-
daemon
717 root 20 0 18784 3276 2700 S 0.0 0.1 0:00.16 gdm-
binary
719 root 20 0 8756 3876 3216 S 0.0 0.1 0:00.20
NetworkManager
728 root 20 0 4164 2304 1868 S 0.0 0.1 0:00.85 modem-
manager
729 avahi 20 0 3036 1592 1304 S 0.0 0.0 0:00.19 avahi-
daemon
732 avahi 20 0 2924 548 320 S 0.0 0.0 0:00.00 avahi-
daemon
744 root 20 0 20596 3136 2252 S 0.0 0.1 0:00.54 console-
kit-dae
819 root 20 0 20500 3792 2988 S 0.0 0.1 0:00.17 gdm-
simple-slav
825 root 20 0 4836 1740 1476 S 0.0 0.0 0:00.03
wpa_supplicant
843 root 20 0 29616 17m 5416 S 0.0 0.5 0:12.57
Xorg
927 root 20 0 1788 564 480 S 0.0 0.0 0:00.01
getty
937 root 20 0 1788 568 484 S 0.0 0.0 0:00.01
getty
955 root 20 0 1788 564 484 S 0.0 0.0 0:00.01
getty
960 root 20 0 1788 564 484 S 0.0 0.0 0:00.01
getty
973 root 20 0 1788 564 484 S 0.0 0.0 0:00.01
getty
983 root 20 0 2044 860 504 S 0.0 0.0 0:00.01
acpid
989 daemon 20 0 2244 428 292 S 0.0 0.0 0:00.00
atd
990 root 20 0 2372 908 716 S 0.0 0.0 0:00.63
cron
1041 mysql 20 0 154m 44m 6584 S 0.0 1.2 0:57.86
mysqld
1126 ossec 20 0 3008 1632 692 S 0.0 0.0 0:12.31 ossec-
analysisd
1138 root 20 0 1956 504 388 S 0.0 0.0 0:00.60 ossec-
logcollec
1163 root 20 0 2988 1856 616 S 0.0 0.0 1:47.91 ossec-
syscheckd
1176 ossec 20 0 2232 548 404 S 0.0 0.0 0:00.02 ossec-
monitord
1191 ntp 20 0 4420 1376 1036 S 0.0 0.0 0:00.80
ntpd
1321 gdm 20 0 3380 776 516 S 0.0 0.0 0:00.00 dbus-
launch
1339 root 20 0 6696 2528 1896 S 0.0 0.1 0:00.04
cupsd
1414 root 20 0 14112 7508 2520 S 0.0 0.2 0:01.21
tclsh
1474 root 20 0 20856 3600 2848 S 0.0 0.1 0:00.17 gdm-
session-wor
1483 haldaemo 20 0 16328 3940 3336 S 0.0 0.1 0:02.66
hald
1484 root 20 0 3532 1292 1080 S 0.0 0.0 0:00.10 hald-
runner
1535 root 20 0 39716 9056 5308 S 0.0 0.2 0:00.61
apache2
1537 root 20 0 4372 1752 1536 S 0.0 0.0 0:00.05
PassengerWatchd
1548 root 20 0 15376 2232 1876 S 0.0 0.1 0:25.98
PassengerHelper
1561 nobody 20 0 9576 3136 2580 S 0.0 0.1 0:00.08
PassengerLoggin
1580 www-data 20 0 40416 6500 2296 S 0.0 0.2 0:00.07
apache2
1583 www-data 20 0 39856 5668 1812 S 0.0 0.1 0:00.06
apache2
1584 www-data 20 0 39856 5724 1840 S 0.0 0.1 0:00.02
apache2
1586 www-data 20 0 40276 6120 1872 S 0.0 0.2 0:00.04
apache2
1587 www-data 20 0 39856 5660 1808 S 0.0 0.1 0:00.02
apache2
1618 root 20 0 1788 568 484 S 0.0 0.0 0:00.01
getty
1676 root 20 0 3608 1244 1068 S 0.0 0.0 0:00.03 hald-
addon-inpu
1717 root 20 0 3612 1240 1060 S 0.0 0.0 0:16.32 hald-
addon-stor
1719 haldaemo 20 0 3416 1184 1008 S 0.0 0.0 0:00.02 hald-
addon-acpi
1736 root 20 0 1792 496 428 S 0.0 0.0 0:00.71
tail
1789 sysnet 20 0 23980 2508 2060 S 0.0 0.1 0:00.03 gnome-
keyring-d
1808 sysnet 20 0 1828 576 488 S 0.0 0.0 0:00.37
sh
1837 sysnet 20 0 3280 352 144 S 0.0 0.0 0:00.04 ssh-
agent
1840 sysnet 20 0 3380 776 508 S 0.0 0.0 0:00.00 dbus-
launch
1841 sysnet 20 0 2864 1088 676 S 0.0 0.0 0:00.17 dbus-
daemon
1850 sysnet 20 0 4736 2280 1680 S 0.0 0.1 0:01.21
xscreensaver
1854 sysnet 20 0 26252 6900 5548 S 0.0 0.2 0:00.67 xfce4-
session
1856 sysnet 20 0 3852 1984 1692 S 0.0 0.1 0:00.08
xfconfd
1862 sysnet 20 0 6500 3140 2228 S 0.0 0.1 0:00.16
gconfd-2
1863 sysnet 20 0 16480 3280 2252 S 0.0 0.1 0:00.01
xfsettingsd
1865 sysnet 20 0 19324 9072 7508 S 0.0 0.2 0:00.53
xfwm4
1866 sysnet 20 0 17956 6428 5148 S 0.0 0.2 0:00.39
Thunar
1868 sysnet 20 0 3064 1288 1096 S 0.0 0.0 0:00.03
gam_server
1869 sysnet 20 0 41120 11m 9072 S 0.0 0.3 0:00.92 xfce4-
panel
1870 sysnet 20 0 69068 14m 11m S 0.0 0.4 0:01.17
xfdesktop
1873 sysnet 20 0 17312 3400 2232 S 0.0 0.1 0:00.04 xfce4-
power-man
1874 sysnet 20 0 19092 4072 2668 S 0.0 0.1 0:00.10 xfce4-
settings-
1879 sysnet 20 0 30660 10m 7704 S 0.0 0.3 0:00.49 xfce4-
menu-plug
1880 sysnet 20 0 32224 10m 8176 S 0.0 0.3 0:00.32 xfce4-
places-pl
1882 sysnet 20 0 6376 2232 1892 S 0.0 0.1 0:00.03
gvfsd
1885 sysnet 20 0 177m 10m 8024 S 0.0 0.3 0:00.25 xfce4-
mixer-plu
1889 sysnet 9 -11 84728 3400 2568 S 0.0 0.1 0:00.09
pulseaudio
1891 rtkit 21 1 22904 1220 1024 S 0.0 0.0 0:00.11 rtkit-
daemon
1895 root 20 0 6132 3712 2952 S 0.0 0.1 0:00.15
polkitd
1903 sysnet 20 0 43624 10m 8336 S 0.0 0.3 0:00.28 nm-
applet
1910 sysnet 20 0 31368 14m 8680 S 0.0 0.4 0:00.48
python
1921 sysnet 20 0 166m 6004 4300 S 0.0 0.2 0:00.08 xfce4-
volumed
1930 sysnet 20 0 32216 10m 8576 S 0.0 0.3 0:00.54 notify-
osd
1932 sysnet 20 0 18292 5996 4880 S 0.0 0.2 0:00.13 polkit-
gnome-au
1934 root 20 0 5304 2788 2332 S 0.0 0.1 0:00.16 udisks-
daemon
1938 root 20 0 5184 876 608 S 0.0 0.0 0:08.86 udisks-
daemon
2077 www-data 20 0 39856 5656 1808 S 0.0 0.1 0:00.02
apache2
2094 nobody 20 0 71292 59m 3300 S 0.0 1.6 0:13.24
ruby
2118 www-data 20 0 40276 6236 2120 S 0.0 0.2 0:00.03
apache2
2119 www-data 20 0 39856 5672 1824 S 0.0 0.1 0:00.02
apache2
2120 www-data 20 0 39856 5900 2048 S 0.0 0.2 0:00.02
apache2
2121 www-data 20 0 39856 5660 1812 S 0.0 0.1 0:00.02
apache2
10294 root 20 0 10864 3564 2752 S 0.0 0.1 0:00.10
sshd
10365 sysnet 20 0 10864 1768 936 S 0.0 0.0 0:00.54
sshd
10412 root 20 0 32368 23m 3380 S 0.0 0.6 0:57.50
tclsh
10415 root 20 0 9076 2996 1100 S 0.0 0.1 0:00.17
tclsh
10416 root 20 0 9076 2652 780 S 0.0 0.1 0:00.00
tclsh
10452 root 20 0 7268 4620 2520 S 0.0 0.1 0:00.17
tclsh
10476 root 20 0 3256 660 572 S 0.0 0.0 0:00.03
tail
10540 sysnet 20 0 23708 19m 5656 S 0.0 0.5 0:04.45
wish
11009 root 20 0 10976 3668 2760 S 0.0 0.1 0:00.20
sshd
11085 sysnet 20 0 10976 1864 956 S 0.0 0.0 0:00.02
sshd
11086 sysnet 20 0 6472 3856 1564 S 0.0 0.1 0:00.36
bash
11116 root 20 0 4628 1960 1512 S 0.0 0.1 0:00.15
bash
11131 root 20 0 4216 1376 1172 S 0.0 0.0 0:00.08
sostat
=========================================================================
Log Archive
=========================================================================
/nsm/sensor_data/*/dailylogs/
37M .
4.0K ./.aptitude
4.0K ./.cache
16K ./.config
31M ./.cpan
12K ./.dbus
4.0K ./.debtags
4.0K ./.gconf
16K ./.gconfd
4.1M ./.gem
8.0K ./.gnome2
4.0K ./.gnome2_private
8.0K ./.local
4.0K ./.pulse
4.0K ./.ssh
48K ./.subversion
24K ./.synaptic
8.0K ./.vim
1.6M ./.wajig
/nsm/bro/logs/
4.0M .
4.0M ./stats
=========================================================================
IDS Engine (snort) packet drops
=========================================================================
ERROR: No stats found in /nsm/sensor_data/*/snort.stats
=========================================================================
Sguil Uncategorized Events
=========================================================================
COUNT(*)
10991
=========================================================================
Snorby Events Summary for yesterday
=========================================================================
Total
0
=========================================================================
Top 50 All Time Snorby Events
=========================================================================
Totals SignatureID SignatureName
6092 2100538 GPL NETBIOS SMB IPC$ unicode share access
356 2003068 ET SCAN Potential SSH Scan OUTBOUND
356 2001219 ET SCAN Potential SSH Scan
156 1201 GPL WEB_SERVER 403 Forbidden
65 1413 GPL SNMP private access udp
56 2011032 ET SCAN HTTP POST invalid method case
39 2013075 ET CURRENT_EVENTS Large DNS Query possible covert channel
30 2002911 ET SCAN Potential VNC Scan 5900-5920
22 2009832 ET SCAN DCERPC rpcmgmt ifids Unauthenticated BIND
13 2006445 ET WEB_SERVER Possible SQL Injection Attempt SELECT FROM
4 2011582 ET POLICY Vulnerable Java Version 1.6.x Detected
4 2001579 ET SCAN Behavioral Unusual Port 139 traffic, Potential Scan
or Infection
4 2002400 ET USER_AGENTS Suspicious User Agent (Microsoft Internet
Explorer)
2 2011033 ET SCAN HTTP HEAD invalid method case
1 2103192 GPL WEB_CLIENT Windows Media Player directory traversal via
Content-Disposition attempt
1 2002383 ET SCAN Potential FTP Brute-Force attempt
1 2001569 ET SCAN Behavioral Unusual Port 445 traffic, Potential Scan
or Infection
1 2010785 ET CHAT Facebook Chat (buddy list)
1 2013479 ET SCAN Behavioral Unusually fast Terminal Server Traffic,
Potential Scan or Infection
1 2001972 ET SCAN Behavioral Unusually fast Terminal Server Traffic,
Potential Scan or Infection
1 2012708 ET WEB_SERVER HTTP 414 Request URI Too Large
1 2012173 ET WEB_CLIENT eval String.fromCharCode String Which May Be
Malicious
Total
7207
Reply all
Reply to author
Forward
0 new messages