FedoraCore5 Hardened Evaluation
From Rivalug Wiki
Back to HowToList
This document is used in conjuction with FedoraCore5_Hardened
Also see FedoraCore5_Appendix
Contents |
[edit] Unhardened System
[edit] CIS Benchmark Score 1
Summary Computer Name: localhost.localdomain Benchmark: Redhat Linux Benchmark v1.0.5 August, 2006 Scan Time: 01/18/2007 20:07:23 Description Items Score Passed Failed Actual Max 1 Patches, Packages and Initial Lockdown 0 3 0.000 11.111 2 Minimize xinetd network services 6 2 8.333 11.111 3 Minimize boot services 14 7 7.407 11.111 4 Kernel Tuning/Network Parameter Modifications 0 2 0.000 11.111 5 Logging 2 2 5.556 11.111 6 File/Directory Permissions/Access 4 5 4.938 11.111 7 System Access, Authentication, and Authorization 2 9 2.020 11.111 8 User Accounts and Environment 6 6 5.556 11.111 9 Warning Banners 2 1 7.407 11.111 9.1 Reboot 0 0 0.000 0.000 10 Anti-Virus Consideration 0 0 0.000 0.000 11 Remove Backup Files 0 0 0.000 0.000 Overall Score: 36 37 41.220 Note: Actual scores are subject to rounding errors. The sum of these values may not result in the exact overall score. Security Items Description Status 1 Patches, Packages and Initial Lockdown 1.1 Apply Latest OS Patches Not Tested 1.2 Validate Your System Before Making Changes Not Tested 1.3 Configure SSH Failed 1.4 Enable System Accounting Failed 1.5 Install and Run Bastille Failed 2 Minimize xinetd network services 2.1 Disable Standard Services Failed 2.2 Configure TCP Wrappers and Firewall to Limit Access Failed 2.3 Only Enable telnet If Absolutely Necessary Passed 2.4 Only Enable FTP If Absolutely Necessary Passed 2.5 Only Enable rlogin/rsh/rcp If Absolutely Necessary Passed 2.6 Only Enable TFTP Server if Absolutely Necessary Passed 2.7 Only Enable IMAP If Absolutely Necessary Passed 2.8 Only Enable POP If Absolutely Necessary Passed 3 Minimize boot services 3.1 Set Daemon Umask Failed 3.2 Disable xinetd, If Possible Passed 3.3 disable sendmail Failed 3.4 disable gui login Passed 3.5 disable xfont server Passed 3.6 Disable Standard Boot Services Failed 3.7 disable samba server Passed 3.8 disable nfs server Passed 3.9 disable nfs client Failed 3.10 disable nis client Passed 3.11 disable nis server Passed 3.12 disable rpc portmap Failed 3.13 disable netfs script Failed 3.14 disable printer daemon Passed 3.15 disable apache server Passed 3.16 disable snmpd Passed 3.17 disable dns server Passed 3.18 disable mysql server Passed 3.19 disable webmin Passed 3.20 disable squid server Passed 3.21 disable kudzu hardware monitor Failed 4 Kernel Tuning/Network Parameter Modifications 4.1 Network Parameter Modifications Failed 4.2 Additional Network Parameter Modifications Failed 5 Logging 5.1 Capture Messages Sent To Syslog AUTHPRIV Facility Passed 5.2 Turn On Additional Logging For FTP Daemon Passed 5.3 Confirm Permissions On System Log Files Failed 5.4 Configure syslogd to Send Logs to a Remote LogHost Failed 6 File/Directory Permissions/Access 6.1 Add 'nodev' Option To Appropriate Partitions In /etc/fstab Failed 6.2 Add 'nosuid' and 'nodev' Option For Removable Media In /etc/fstab Failed 6.3 Disable User-Mounted Removable File Systems Failed 6.4 Verify passwd, shadow, and group File Permissions Failed 6.5 World-Writable Directories Should Have Their Sticky Bit Set Passed 6.6 Find Unauthorized World-Writable Files Passed 6.7 Find Unauthorized SUID/SGID System Executables Failed 6.8 Find All Unowned Files Passed 6.9 Disable USB Devices (AKA Hotplugger) Passed 7 System Access, Authentication, and Authorization 7.1 Remove .rhosts Support In PAM Configuration Files Passed 7.2 Create ftpusers Files Failed 7.3 Prevent X Server From Listening On Port 6000/tcp Failed 7.4 Restrict at/cron To Authorized Users Failed 7.5 Restrict Permissions On crontab Files Failed 7.6 Configure xinetd Access Control Failed 7.7 Restrict Root Logins To System Console Failed 7.8 Set LILO/GRUB Password Failed 7.9 Require Authentication For Single-User Mode Failed 7.10 Restrict NFS Client Requests To Privileged Ports Passed 7.11 Only Enable syslog To Accept Messages If Absolutely Necessary Failed 8 User Accounts and Environment 8.1 Block System Accounts Failed 8.2 Verify That There Are No Accounts With Empty Password Fields Passed 8.3 Set Account Expiration Parameters On Active Accounts Failed 8.4 Verify No Legacy '+' Entries Exist In passwd, shadow, And group Files Passed 8.5 Verify That No UID 0 Accounts Exist Other Than Root Passed 8.6 No '.' or Group/World-Writable Directory In Root's $PATH Passed 8.7 User Home Directories Should Be Mode 750 or More Restrictive Failed 8.8 No User Dot-Files Should Be World-Writable Passed 8.9 Remove User .netrc Files Passed 8.10 Set Default umask For Users Failed 8.11 Disable Core Dumps Failed 8.12 Limit Access To The Root Account From su Failed 9 Warning Banners 9.1 Create Warnings For Network And Physical Access Services Failed 9.2 Create Warnings For GUI-Based Logins Passed 9.3 Create "authorized only" Banners For vsftpd, If Applicable Passed 9.1 Reboot 10 Anti-Virus Consideration 11 Remove Backup Files
[edit] Services 1
# chkconfig --list | sort acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off bluetooth 0:off 1:off 2:on 3:on 4:on 5:on 6:off cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off dhcdbd 0:off 1:off 2:off 3:off 4:off 5:off 6:off diskdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off firstboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off hidd 0:off 1:off 2:on 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off named 0:off 1:off 2:off 3:off 4:off 5:off 6:off netdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off NetworkManagerDispatcher 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off readahead 0:off 1:off 2:off 3:off 4:off 5:on 6:off readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off yum 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[edit] Processes 1
# /bin/ps faux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 1988 668 ? S 18:05 0:00 init [3] root 2 0.0 0.0 0 0 ? SN 18:05 0:00 [ksoftirqd/0] root 3 0.0 0.0 0 0 ? S 18:05 0:00 [watchdog/0] root 4 0.0 0.0 0 0 ? S< 18:05 0:00 [events/0] root 5 0.0 0.0 0 0 ? S< 18:05 0:00 [khelper] root 6 0.0 0.0 0 0 ? S< 18:05 0:00 [kthread] root 8 0.0 0.0 0 0 ? S< 18:05 0:00 \_ [kblockd/0] root 9 0.0 0.0 0 0 ? S< 18:05 0:00 \_ [kacpid] root 75 0.0 0.0 0 0 ? S< 18:05 0:00 \_ [khubd] root 128 0.0 0.0 0 0 ? S 18:05 0:00 \_ [pdflush] root 129 0.0 0.0 0 0 ? S 18:05 0:00 \_ [pdflush] root 131 0.0 0.0 0 0 ? S< 18:05 0:00 \_ [aio/0] root 218 0.0 0.0 0 0 ? S< 18:05 0:00 \_ [kseriod] root 293 0.0 0.0 0 0 ? S< 18:05 0:00 \_ [kpsmoused] root 311 0.0 0.0 0 0 ? S< 18:05 0:00 \_ [kmirrord] root 1870 0.0 0.0 0 0 ? S< 18:07 0:00 \_ [kauditd] root 130 0.0 0.0 0 0 ? S 18:05 0:00 [kswapd0] root 301 0.0 0.0 2080 744 ? Ss 18:05 0:00 /bin/nash /init root 316 0.0 0.0 0 0 ? S 18:05 0:00 [kjournald] root 382 0.0 0.0 2068 584 ? S<s 18:05 0:00 /sbin/udevd -d root 1009 0.0 0.0 0 0 ? S 18:05 0:00 [kjournald] root 1011 0.0 0.0 0 0 ? S 18:05 0:00 [kjournald] root 1013 0.0 0.0 0 0 ? S 18:05 0:00 [kjournald] root 1015 0.0 0.0 0 0 ? S 18:05 0:00 [kjournald] root 1017 0.0 0.0 0 0 ? S 18:05 0:00 [kjournald] root 1358 0.0 0.0 2232 480 ? Ss 18:05 0:00 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclien root 1419 0.0 0.0 1656 560 ? Ss 18:05 0:00 syslogd -m 0 root 1422 0.0 0.0 1604 400 ? Ss 18:05 0:00 klogd -x rpc 1444 0.0 0.0 1728 560 ? Ss 18:05 0:00 portmap rpcuser 1462 0.0 0.0 1740 720 ? Ss 18:05 0:00 rpc.statd root 1488 0.0 0.0 4728 592 ? Ss 18:05 0:00 rpc.idmapd dbus 1500 0.0 0.1 13300 1300 ? Ssl 18:05 0:00 dbus-daemon --system root 1512 0.0 0.0 1660 480 ? Ss 18:05 0:00 sdpd root 1526 0.0 0.0 0 0 ? S< 18:05 0:00 [krfcommd] root 1556 0.0 0.0 1820 476 ? Ss 18:05 0:00 /usr/bin/hidd --server root 1638 0.0 0.0 1872 728 ? Ss 18:05 0:00 /usr/sbin/automount --timeout=60 /net program /etc root 1652 0.0 0.0 1904 504 ? S 18:05 0:00 /usr/sbin/smartd root 1660 0.0 0.0 1596 544 ? Ss 18:05 0:00 /usr/sbin/acpid root 1700 0.0 0.1 4968 1112 ? Ss 18:05 0:00 /usr/sbin/sshd root 1904 0.0 0.3 7804 2444 ? Ss 18:08 0:00 \_ sshd: root@pts/0 root 1906 0.0 0.1 4444 1464 pts/0 Ss 18:08 0:00 \_ -bash root 2079 0.0 0.1 4148 908 pts/0 R+ 18:41 0:00 \_ /bin/ps faux root 1717 0.0 0.2 8288 1884 ? Ss 18:05 0:00 sendmail: accepting connections smmsp 1726 0.0 0.2 7332 1668 ? Ss 18:05 0:00 sendmail: Queue runner@01:00:00 for /var/spool/cli root 1735 0.0 0.0 1816 464 ? Ss 18:05 0:00 gpm -m /dev/input/mice -t exps2 root 1743 0.0 0.1 5176 1196 ? Ss 18:05 0:00 crond root 1751 0.0 0.0 1592 564 ? SNs 18:05 0:00 anacron -s root 1759 0.0 0.0 2160 456 ? Ss 18:05 0:00 /usr/sbin/atd 68 1783 0.0 0.4 4832 3196 ? Ss 18:06 0:00 hald root 1784 0.0 0.1 3128 1128 ? S 18:06 0:00 \_ hald-runner 68 1790 0.0 0.1 2228 892 ? S 18:06 0:00 \_ /usr/libexec/hald-addon-acpi 68 1796 0.0 0.1 2228 892 ? S 18:06 0:00 \_ /usr/libexec/hald-addon-keyboard root 1801 0.0 0.0 2192 760 ? S 18:06 0:00 \_ /usr/libexec/hald-addon-storage root 1811 0.0 0.1 2728 1248 ? Ss 18:06 0:00 login -- root root 1871 0.0 0.1 4440 1424 tty1 Ss+ 18:07 0:00 \_ -bash root 1812 0.0 0.0 1588 452 tty2 Ss+ 18:06 0:00 /sbin/mingetty tty2 root 1815 0.0 0.0 1584 448 tty3 Ss+ 18:06 0:00 /sbin/mingetty tty3 root 1818 0.0 0.0 1584 448 tty4 Ss+ 18:06 0:00 /sbin/mingetty tty4 root 1819 0.0 0.0 1588 452 tty5 Ss+ 18:06 0:00 /sbin/mingetty tty5 root 1824 0.0 0.0 1588 452 tty6 Ss+ 18:06 0:00 /sbin/mingetty tty6
[edit] Disk Usage 1
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda1 969M 148M 771M 17% /
tmpfs 379M 0 379M 0% /dev/shm
/dev/mapper/VolGroup00-LogVol04
9.9G 151M 9.2G 2% /home
/dev/mapper/VolGroup00-LogVol03
496M 19M 452M 4% /tmp
/dev/mapper/VolGroup00-LogVol00
3.0G 550M 2.3G 20% /usr
/dev/mapper/VolGroup00-LogVol02
2.0G 68M 1.8G 4% /usr/local
/dev/mapper/VolGroup00-LogVol01
992M 47M 895M 5% /var
[edit] Network Connections 1
# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 localhost.localdomain:smtp *:* LISTEN tcp 0 0 *:58652 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 ::ffff:192.168.1.1:ssh ::ffff:192.168.1.2:51992 ESTABLISHED udp 0 0 *:filenet-tms *:* udp 0 0 *:790 *:* udp 0 0 *:bootpc *:* udp 0 0 *:sunrpc *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 5021 @/tmp/hald-local/dbus-JEYEVF2BLH unix 2 [ ACC ] STREAM LISTENING 4481 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 4530 /var/run/sdp unix 2 [ ACC ] STREAM LISTENING 4716 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 4920 /dev/gpmctl unix 2 [ ] DGRAM 1084 @/org/kernel/udev/udevd unix 2 [ ] DGRAM 5030 @/org/freedesktop/hal/udev_event unix 11 [ ] DGRAM 4258 /dev/log unix 2 [ ACC ] STREAM LISTENING 5022 @/tmp/hald-runner/dbus-q45JQWiZNJ unix 3 [ ] STREAM CONNECTED 5554 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 5553 unix 3 [ ] STREAM CONNECTED 5533 @/tmp/hald-local/dbus-JEYEVF2BLH unix 3 [ ] STREAM CONNECTED 5532 unix 3 [ ] STREAM CONNECTED 5516 @/tmp/hald-local/dbus-JEYEVF2BLH unix 3 [ ] STREAM CONNECTED 5515 unix 3 [ ] STREAM CONNECTED 5490 /var/run/acpid.socket unix 3 [ ] STREAM CONNECTED 5489 unix 3 [ ] STREAM CONNECTED 5493 @/tmp/hald-local/dbus-JEYEVF2BLH unix 3 [ ] STREAM CONNECTED 5484 unix 3 [ ] STREAM CONNECTED 5025 @/tmp/hald-runner/dbus-q45JQWiZNJ unix 3 [ ] STREAM CONNECTED 5024 unix 2 [ ] DGRAM 4949 unix 2 [ ] DGRAM 4930 unix 2 [ ] DGRAM 4909 unix 2 [ ] DGRAM 4892 unix 2 [ ] DGRAM 4859 unix 2 [ ] DGRAM 4593 unix 2 [ ] DGRAM 4512 unix 3 [ ] STREAM CONNECTED 4505 unix 3 [ ] STREAM CONNECTED 4504 unix 3 [ ] STREAM CONNECTED 4451 unix 3 [ ] STREAM CONNECTED 4450 unix 2 [ ] DGRAM 4339 unix 2 [ ] DGRAM 4266
[edit] Open Files 1
# lsof | wc -l 738
# /usr/sbin/lsof COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME init 1 root cwd DIR 33,1 4096 2 / init 1 root rtd DIR 33,1 4096 2 / init 1 root txt REG 33,1 35336 128093 /sbin/init init 1 root mem REG 33,1 120132 160019 /lib/ld-2.4.so init 1 root mem REG 33,1 11132 160230 /lib/libsetrans.so.0 init 1 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so init 1 root mem REG 0,0 0 [vdso] (stat: No such file or directory) init 1 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so init 1 root mem REG 33,1 227492 160076 /lib/libsepol.so.1 init 1 root mem REG 33,1 83564 160137 /lib/libselinux.so.1 init 1 root 10u FIFO 0,15 892 /dev/initctl ksoftirqd 2 root cwd DIR 33,1 4096 2 / ksoftirqd 2 root rtd DIR 33,1 4096 2 / ksoftirqd 2 root txt unknown /proc/2/exe watchdog/ 3 root cwd DIR 33,1 4096 2 / watchdog/ 3 root rtd DIR 33,1 4096 2 / watchdog/ 3 root txt unknown /proc/3/exe events/0 4 root cwd DIR 33,1 4096 2 / events/0 4 root rtd DIR 33,1 4096 2 / events/0 4 root txt unknown /proc/4/exe khelper 5 root cwd DIR 33,1 4096 2 / khelper 5 root rtd DIR 33,1 4096 2 / khelper 5 root txt unknown /proc/5/exe kthread 6 root cwd DIR 33,1 4096 2 / kthread 6 root rtd DIR 33,1 4096 2 / kthread 6 root txt unknown /proc/6/exe kblockd/0 8 root cwd DIR 33,1 4096 2 / kblockd/0 8 root rtd DIR 33,1 4096 2 / kblockd/0 8 root txt unknown /proc/8/exe kacpid 9 root cwd DIR 33,1 4096 2 / kacpid 9 root rtd DIR 33,1 4096 2 / kacpid 9 root txt unknown /proc/9/exe khubd 75 root cwd DIR 33,1 4096 2 / khubd 75 root rtd DIR 33,1 4096 2 / khubd 75 root txt unknown /proc/75/exe pdflush 128 root cwd DIR 33,1 4096 2 / pdflush 128 root rtd DIR 33,1 4096 2 / pdflush 128 root txt unknown /proc/128/exe pdflush 129 root cwd DIR 33,1 4096 2 / pdflush 129 root rtd DIR 33,1 4096 2 / pdflush 129 root txt unknown /proc/129/exe kswapd0 130 root cwd DIR 33,1 4096 2 / kswapd0 130 root rtd DIR 33,1 4096 2 / kswapd0 130 root txt unknown /proc/130/exe aio/0 131 root cwd DIR 33,1 4096 2 / aio/0 131 root rtd DIR 33,1 4096 2 / aio/0 131 root txt unknown /proc/131/exe kseriod 218 root cwd DIR 33,1 4096 2 / kseriod 218 root rtd DIR 33,1 4096 2 / kseriod 218 root txt unknown /proc/218/exe kpsmoused 293 root cwd DIR 33,1 4096 2 / kpsmoused 293 root rtd DIR 33,1 4096 2 / kpsmoused 293 root txt unknown /proc/293/exe nash-hotp 301 root cwd DIR 33,1 4096 2 / nash-hotp 301 root rtd DIR 33,1 4096 2 / nash-hotp 301 root txt REG 0,1 1353084 12 /bin/nash (deleted) nash-hotp 301 root mem REG 0,0 0 [vdso] (stat: No such file or directory) nash-hotp 301 root 0r FIFO 0,5 720 pipe nash-hotp 301 root 1u CHR 1,5 697 /zero nash-hotp 301 root 2u CHR 1,5 697 /zero nash-hotp 301 root 6u sock 0,4 721 can't identify protocol kmirrord 311 root cwd DIR 33,1 4096 2 / kmirrord 311 root rtd DIR 33,1 4096 2 / kmirrord 311 root txt unknown /proc/311/exe kjournald 316 root cwd DIR 33,1 4096 2 / kjournald 316 root rtd DIR 33,1 4096 2 / kjournald 316 root txt unknown /proc/316/exe udevd 382 root cwd DIR 33,1 4096 2 / udevd 382 root rtd DIR 33,1 4096 2 / udevd 382 root txt REG 33,1 67856 128120 /sbin/udevd udevd 382 root mem REG 33,1 11132 160230 /lib/libsetrans.so.0 udevd 382 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so udevd 382 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so udevd 382 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so udevd 382 root mem REG 33,1 227492 160076 /lib/libsepol.so.1 udevd 382 root mem REG 33,1 83564 160137 /lib/libselinux.so.1 udevd 382 root mem REG 0,0 0 [vdso] (stat: No such file or directory) udevd 382 root mem REG 33,1 120132 160019 /lib/ld-2.4.so udevd 382 root 0u CHR 1,3 992 /dev/null udevd 382 root 1u CHR 1,3 992 /dev/null udevd 382 root 2u CHR 1,3 992 /dev/null udevd 382 root 3u unix 0xef243c40 1084 socket udevd 382 root 4u sock 0,4 1085 can't identify protocol udevd 382 root 5r FIFO 0,5 1092 pipe udevd 382 root 6w FIFO 0,5 1092 pipe udevd 382 root 7r DIR 0,8 0 264 inotify kjournald 1009 root cwd DIR 33,1 4096 2 / kjournald 1009 root rtd DIR 33,1 4096 2 / kjournald 1009 root txt unknown /proc/1009/exe kjournald 1011 root cwd DIR 33,1 4096 2 / kjournald 1011 root rtd DIR 33,1 4096 2 / kjournald 1011 root txt unknown /proc/1011/exe kjournald 1013 root cwd DIR 33,1 4096 2 / kjournald 1013 root rtd DIR 33,1 4096 2 / kjournald 1013 root txt unknown /proc/1013/exe kjournald 1015 root cwd DIR 33,1 4096 2 / kjournald 1015 root rtd DIR 33,1 4096 2 / kjournald 1015 root txt unknown /proc/1015/exe kjournald 1017 root cwd DIR 33,1 4096 2 / kjournald 1017 root rtd DIR 33,1 4096 2 / kjournald 1017 root txt unknown /proc/1017/exe dhclient 1358 root cwd DIR 33,1 4096 64004 /etc/sysconfig/network-scripts dhclient 1358 root rtd DIR 33,1 4096 2 / dhclient 1358 root txt REG 33,1 1555043 128143 /sbin/dhclient dhclient 1358 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so dhclient 1358 root mem REG 0,0 0 [vdso] (stat: No such file or directory) dhclient 1358 root mem REG 33,1 120132 160019 /lib/ld-2.4.so dhclient 1358 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so dhclient 1358 root 0u CHR 1,3 992 /dev/null dhclient 1358 root 1u CHR 1,3 992 /dev/null dhclient 1358 root 2u CHR 1,3 992 /dev/null dhclient 1358 root 3w REG 253,4 439 98307 /var/lib/dhclient/dhclient-eth0.leases dhclient 1358 root 4u IPv4 4117 UDP *:bootpc dhclient 1358 root 5u sock 0,4 4116 can't identify protocol syslogd 1419 root cwd DIR 33,1 4096 2 / syslogd 1419 root rtd DIR 33,1 4096 2 / syslogd 1419 root txt REG 33,1 35776 128103 /sbin/syslogd syslogd 1419 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so syslogd 1419 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so syslogd 1419 root mem REG 0,0 0 [vdso] (stat: No such file or directory) syslogd 1419 root mem REG 33,1 120132 160019 /lib/ld-2.4.so syslogd 1419 root 0u unix 0xef243a40 4258 /dev/log syslogd 1419 root 1w REG 253,4 81598 131091 /var/log/messages syslogd 1419 root 2w REG 253,4 988 131092 /var/log/secure syslogd 1419 root 3w REG 253,4 369 131093 /var/log/maillog syslogd 1419 root 4w REG 253,4 449 131094 /var/log/cron syslogd 1419 root 5w REG 253,4 0 131095 /var/log/spooler syslogd 1419 root 6w REG 253,4 0 131096 /var/log/boot.log klogd 1422 root cwd DIR 33,1 4096 2 / klogd 1422 root rtd DIR 33,1 4096 2 / klogd 1422 root txt REG 33,1 26540 128102 /sbin/klogd klogd 1422 root mem REG 0,0 0 [vdso] (stat: No such file or directory) klogd 1422 root mem REG 33,1 120132 160019 /lib/ld-2.4.so klogd 1422 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so klogd 1422 root 0r REG 0,3 0 4026531849 /proc/kmsg klogd 1422 root 1u unix 0xef243840 4266 socket portmap 1444 rpc cwd DIR 33,1 4096 2 / portmap 1444 rpc rtd DIR 33,1 4096 2 / portmap 1444 rpc txt REG 33,1 35508 128191 /sbin/portmap portmap 1444 rpc mem REG 33,1 120132 160019 /lib/ld-2.4.so portmap 1444 rpc mem REG 33,1 1525156 160026 /lib/libc-2.4.so portmap 1444 rpc mem REG 0,0 0 [vdso] (stat: No such file or directory) portmap 1444 rpc mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so portmap 1444 rpc mem REG 33,1 89760 160036 /lib/libnsl-2.4.so portmap 1444 rpc 0u CHR 1,3 992 /dev/null portmap 1444 rpc 1u CHR 1,3 992 /dev/null portmap 1444 rpc 2u CHR 1,3 992 /dev/null portmap 1444 rpc 3u IPv4 4310 UDP *:sunrpc portmap 1444 rpc 4u IPv4 4311 TCP *:sunrpc (LISTEN) rpc.statd 1462 rpcuser cwd DIR 253,4 4096 98340 /var/lib/nfs/statd rpc.statd 1462 rpcuser rtd DIR 33,1 4096 2 / rpc.statd 1462 rpcuser txt REG 33,1 44972 128194 /sbin/rpc.statd rpc.statd 1462 rpcuser mem REG 33,1 120132 160019 /lib/ld-2.4.so rpc.statd 1462 rpcuser mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so rpc.statd 1462 rpcuser mem REG 33,1 1525156 160026 /lib/libc-2.4.so rpc.statd 1462 rpcuser mem REG 33,1 89760 160036 /lib/libnsl-2.4.so rpc.statd 1462 rpcuser mem REG 0,0 0 [vdso] (stat: No such file or directory) rpc.statd 1462 rpcuser 0u CHR 1,3 992 /dev/null rpc.statd 1462 rpcuser 1u CHR 1,3 992 /dev/null rpc.statd 1462 rpcuser 2u CHR 1,3 992 /dev/null rpc.statd 1462 rpcuser 3u IPv4 4352 UDP *:filenet-tms rpc.statd 1462 rpcuser 4w FIFO 0,5 4336 pipe rpc.statd 1462 rpcuser 5u unix 0xef243640 4339 socket rpc.statd 1462 rpcuser 6u IPv4 4340 UDP *:790 rpc.statd 1462 rpcuser 7u IPv4 4355 TCP *:58652 (LISTEN) rpc.statd 1462 rpcuser 8w REG 253,4 5 229407 /var/run/rpc.statd.pid rpc.idmap 1488 root cwd DIR 33,1 4096 2 / rpc.idmap 1488 root rtd DIR 33,1 4096 2 / rpc.idmap 1488 root txt REG 253,2 39108 164128 /usr/sbin/rpc.idmapd rpc.idmap 1488 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so rpc.idmap 1488 root mem REG 33,1 279384 160162 /lib/libssl.so.0.9.8a rpc.idmap 1488 root mem REG 253,2 479808 625097 /usr/lib/libkrb5.so.3.2 rpc.idmap 1488 root mem REG 253,2 151308 625087 /usr/lib/libk5crypto.so.3.0 rpc.idmap 1488 root mem REG 253,2 10200 625099 /usr/lib/libkrb5support.so.0.0 rpc.idmap 1488 root mem REG 253,2 238572 625105 /usr/lib/libldap-2.3.so.0.2.7 rpc.idmap 1488 root mem REG 253,2 32132 624987 /usr/lib/libevent-1.1a.so.1.0.2 rpc.idmap 1488 root mem REG 33,1 6568 160151 /lib/libcom_err.so.2.1 rpc.idmap 1488 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so rpc.idmap 1488 root mem REG 253,2 30664 625148 /usr/lib/libnfsidmap.so.0.1.0 rpc.idmap 1488 root mem REG 253,2 52572 625103 /usr/lib/liblber-2.3.so.0.2.7 rpc.idmap 1488 root mem REG 253,2 74184 624908 /usr/lib/libz.so.1.2.3 rpc.idmap 1488 root mem REG 33,1 74576 160052 /lib/libresolv-2.4.so rpc.idmap 1488 root mem REG 253,2 98000 625083 /usr/lib/libgssapi_krb5.so.2.2 rpc.idmap 1488 root mem REG 253,2 93956 624941 /usr/lib/libsasl2.so.2.0.21 rpc.idmap 1488 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so rpc.idmap 1488 root mem REG 33,1 120132 160019 /lib/ld-2.4.so rpc.idmap 1488 root mem REG 33,1 1247272 160160 /lib/libcrypto.so.0.9.8a rpc.idmap 1488 root mem REG 33,1 25928 160030 /lib/libcrypt-2.4.so rpc.idmap 1488 root mem REG 0,0 0 [vdso] (stat: No such file or directory) rpc.idmap 1488 root 0u CHR 1,3 992 /dev/null rpc.idmap 1488 root 1u CHR 1,3 992 /dev/null rpc.idmap 1488 root 2u CHR 1,3 992 /dev/null rpc.idmap 1488 root 3u CHR 1,3 992 /dev/null rpc.idmap 1488 root 5r 0000 0,9 0 4449 eventpoll rpc.idmap 1488 root 6u unix 0xef243040 4450 socket rpc.idmap 1488 root 7u unix 0xef243240 4451 socket rpc.idmap 1488 root 8r DIR 0,19 0 4 /var/lib/nfs/rpc_pipefs/nfs dbus-daem 1500 dbus cwd DIR 33,1 4096 2 / dbus-daem 1500 dbus rtd DIR 33,1 4096 2 / dbus-daem 1500 dbus txt REG 33,1 687432 192031 /bin/dbus-daemon dbus-daem 1500 dbus mem REG 33,1 1525156 160026 /lib/libc-2.4.so dbus-daem 1500 dbus mem REG 33,1 14612 160032 /lib/libdl-2.4.so dbus-daem 1500 dbus mem REG 33,1 227492 160076 /lib/libsepol.so.1 dbus-daem 1500 dbus mem REG 33,1 11132 160230 /lib/libsetrans.so.0 dbus-daem 1500 dbus mem REG 33,1 131860 160063 /lib/libexpat.so.0.5.0 dbus-daem 1500 dbus mem REG 33,1 89760 160036 /lib/libnsl-2.4.so dbus-daem 1500 dbus mem REG 33,1 62908 160061 /lib/libaudit.so.0.0.0 dbus-daem 1500 dbus mem REG 33,1 110260 160050 /lib/libpthread-2.4.so dbus-daem 1500 dbus mem REG 33,1 83564 160137 /lib/libselinux.so.1 dbus-daem 1500 dbus mem REG 0,0 0 [vdso] (stat: No such file or directory) dbus-daem 1500 dbus mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so dbus-daem 1500 dbus mem REG 33,1 10448 160070 /lib/libcap.so.1.10 dbus-daem 1500 dbus mem REG 33,1 120132 160019 /lib/ld-2.4.so dbus-daem 1500 dbus 0u CHR 1,3 992 /dev/null dbus-daem 1500 dbus 1u CHR 1,3 992 /dev/null dbus-daem 1500 dbus 2u CHR 1,3 992 /dev/null dbus-daem 1500 dbus 3u unix 0xef243440 4481 /var/run/dbus/system_bus_socket dbus-daem 1500 dbus 4u CHR 1,3 992 /dev/null dbus-daem 1500 dbus 5u sock 0,4 4483 can't identify protocol dbus-daem 1500 dbus 6u sock 0,4 4487 can't identify protocol dbus-daem 1500 dbus 7r DIR 33,1 4096 64185 /etc/dbus-1/system.d dbus-daem 1500 dbus 8u unix 0xee060c60 4504 socket dbus-daem 1500 dbus 9u unix 0xee060a60 4505 socket dbus-daem 1500 dbus 10u unix 0xe82792c0 5554 /var/run/dbus/system_bus_socket sdpd 1512 root cwd DIR 33,1 4096 2 / sdpd 1512 root rtd DIR 33,1 4096 2 / sdpd 1512 root txt REG 253,2 22420 164075 /usr/sbin/sdpd sdpd 1512 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so sdpd 1512 root mem REG 0,0 0 [vdso] (stat: No such file or directory) sdpd 1512 root mem REG 253,2 74572 624956 /usr/lib/libbluetooth.so.1.0.25 sdpd 1512 root mem REG 33,1 120132 160019 /lib/ld-2.4.so sdpd 1512 root 0u CHR 1,3 992 /dev/null sdpd 1512 root 1u CHR 1,3 992 /dev/null sdpd 1512 root 2u CHR 1,3 992 /dev/null sdpd 1512 root 3u unix 0xee060660 4512 socket sdpd 1512 root 4u sock 0,4 4519 can't identify protocol sdpd 1512 root 5u unix 0xee060460 4530 /var/run/sdp krfcommd 1526 root cwd DIR 33,1 4096 2 / krfcommd 1526 root rtd DIR 33,1 4096 2 / krfcommd 1526 root txt unknown /proc/1526/exe hidd 1556 root cwd DIR 33,1 4096 2 / hidd 1556 root rtd DIR 33,1 4096 2 / hidd 1556 root txt REG 253,2 29320 656282 /usr/bin/hidd hidd 1556 root mem REG 0,0 0 [vdso] (stat: No such file or directory) hidd 1556 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so hidd 1556 root mem REG 33,1 120132 160019 /lib/ld-2.4.so hidd 1556 root mem REG 33,1 197804 160034 /lib/libm-2.4.so hidd 1556 root mem REG 253,2 74572 624956 /usr/lib/libbluetooth.so.1.0.25 hidd 1556 root 0u CHR 1,3 992 /dev/null hidd 1556 root 1u CHR 1,3 992 /dev/null hidd 1556 root 2u CHR 1,3 992 /dev/null hidd 1556 root 3u sock 0,4 4586 can't identify protocol hidd 1556 root 4u sock 0,4 4591 can't identify protocol hidd 1556 root 5u sock 0,4 4592 can't identify protocol hidd 1556 root 6u unix 0xee060060 4593 socket automount 1638 root cwd DIR 33,1 4096 2 / automount 1638 root rtd DIR 33,1 4096 2 / automount 1638 root txt REG 253,2 51464 163999 /usr/sbin/automount automount 1638 root mem REG 0,0 0 [vdso] (stat: No such file or directory) automount 1638 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so automount 1638 root mem REG 33,1 89760 160036 /lib/libnsl-2.4.so automount 1638 root mem REG 253,2 16276 753825 /usr/lib/autofs/lookup_program.so automount 1638 root mem REG 253,2 26460 753837 /usr/lib/autofs/parse_sun.so automount 1638 root mem REG 253,2 18232 753830 /usr/lib/autofs/mount_bind.so automount 1638 root mem REG 253,2 25568 753835 /usr/lib/autofs/mount_nfs.so automount 1638 root mem REG 33,1 120132 160019 /lib/ld-2.4.so automount 1638 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so automount 1638 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so automount 1638 root 0u CHR 1,3 992 /dev/null automount 1638 root 1u CHR 1,3 992 /dev/null automount 1638 root 2u CHR 1,3 992 /dev/null automount 1638 root 3r FIFO 0,5 4679 pipe automount 1638 root 4r DIR 0,20 0 4685 /net automount 1638 root 5r FIFO 0,5 4680 pipe automount 1638 root 6w FIFO 0,5 4680 pipe smartd 1652 root cwd DIR 33,1 4096 2 / smartd 1652 root rtd DIR 33,1 4096 2 / smartd 1652 root txt REG 253,2 220148 164117 /usr/sbin/smartd smartd 1652 root mem REG 0,0 0 [vdso] (stat: No such file or directory) smartd 1652 root mem REG 33,1 120132 160019 /lib/ld-2.4.so smartd 1652 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so smartd 1652 root 0u CHR 1,3 992 /dev/null smartd 1652 root 1u CHR 1,3 992 /dev/null smartd 1652 root 2u CHR 1,3 992 /dev/null acpid 1660 root cwd DIR 33,1 4096 2 / acpid 1660 root rtd DIR 33,1 4096 2 / acpid 1660 root txt REG 253,2 18244 164053 /usr/sbin/acpid acpid 1660 root mem REG 0,0 0 [vdso] (stat: No such file or directory) acpid 1660 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so acpid 1660 root mem REG 33,1 120132 160019 /lib/ld-2.4.so acpid 1660 root 0r CHR 1,3 992 /dev/null acpid 1660 root 1w REG 253,4 189 131107 /var/log/acpid acpid 1660 root 2w REG 253,4 189 131107 /var/log/acpid acpid 1660 root 3r REG 0,3 0 4026532103 /proc/acpi/event acpid 1660 root 4u unix 0xed758a80 4716 /var/run/acpid.socket acpid 1660 root 5u unix 0xe8e0e0a0 5490 /var/run/acpid.socket acpid 1660 root 6r REG 33,1 236 64717 /etc/acpi/events/video.conf sshd 1700 root cwd DIR 33,1 4096 2 / sshd 1700 root rtd DIR 33,1 4096 2 / sshd 1700 root txt REG 253,2 379720 164111 /usr/sbin/sshd sshd 1700 root mem REG 253,2 31288 624939 /usr/lib/libwrap.so.0.7.6 sshd 1700 root mem REG 33,1 48056 160167 /lib/libpam.so.0.81.2 sshd 1700 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so sshd 1700 root mem REG 33,1 83564 160137 /lib/libselinux.so.1 sshd 1700 root mem REG 33,1 62908 160061 /lib/libaudit.so.0.0.0 sshd 1700 root mem REG 33,1 74576 160052 /lib/libresolv-2.4.so sshd 1700 root mem REG 33,1 13388 160058 /lib/libutil-2.4.so sshd 1700 root mem REG 253,2 74184 624908 /usr/lib/libz.so.1.2.3 sshd 1700 root mem REG 33,1 89760 160036 /lib/libnsl-2.4.so sshd 1700 root mem REG 253,2 98000 625083 /usr/lib/libgssapi_krb5.so.2.2 sshd 1700 root mem REG 253,2 10200 625099 /usr/lib/libkrb5support.so.0.0 sshd 1700 root mem REG 33,1 6568 160151 /lib/libcom_err.so.2.1 sshd 1700 root mem REG 253,2 151308 625087 /usr/lib/libk5crypto.so.3.0 sshd 1700 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so sshd 1700 root mem REG 33,1 227492 160076 /lib/libsepol.so.1 sshd 1700 root mem REG 0,0 0 [vdso] (stat: No such file or directory) sshd 1700 root mem REG 33,1 11132 160230 /lib/libsetrans.so.0 sshd 1700 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so sshd 1700 root mem REG 33,1 120132 160019 /lib/ld-2.4.so sshd 1700 root mem REG 33,1 25928 160030 /lib/libcrypt-2.4.so sshd 1700 root mem REG 253,2 479808 625097 /usr/lib/libkrb5.so.3.2 sshd 1700 root mem REG 33,1 1247272 160160 /lib/libcrypto.so.0.9.8a sshd 1700 root 0u CHR 1,3 992 /dev/null sshd 1700 root 1u CHR 1,3 992 /dev/null sshd 1700 root 2u CHR 1,3 992 /dev/null sshd 1700 root 3u IPv6 4793 TCP *:ssh (LISTEN) sendmail 1717 root cwd DIR 253,4 4096 229399 /var/spool/mqueue sendmail 1717 root rtd DIR 33,1 4096 2 / sendmail 1717 root txt REG 253,2 802264 164043 /usr/sbin/sendmail.sendmail sendmail 1717 root mem REG 33,1 1247272 160160 /lib/libcrypto.so.0.9.8a sendmail 1717 root mem REG 253,2 52572 625103 /usr/lib/liblber-2.3.so.0.2.7 sendmail 1717 root mem REG 253,2 98000 625083 /usr/lib/libgssapi_krb5.so.2.2 sendmail 1717 root mem REG 253,2 151308 625087 /usr/lib/libk5crypto.so.3.0 sendmail 1717 root mem REG 253,2 74184 624908 /usr/lib/libz.so.1.2.3 sendmail 1717 root mem REG 33,1 120132 160019 /lib/ld-2.4.so sendmail 1717 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so sendmail 1717 root mem REG 253,2 10200 625099 /usr/lib/libkrb5support.so.0.0 sendmail 1717 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so sendmail 1717 root mem REG 253,2 15144 689051 /usr/lib/sasl2/libplain.so.2.0.21 sendmail 1717 root mem REG 253,2 15080 689047 /usr/lib/sasl2/liblogin.so.2.0.21 sendmail 1717 root mem REG 253,2 14668 688375 /usr/lib/sasl2/libanonymous.so.2.0.21 sendmail 1717 root mem REG 33,1 25928 160030 /lib/libcrypt-2.4.so sendmail 1717 root mem REG 253,2 909324 689055 /usr/lib/sasl2/libsasldb.so.2.0.21 sendmail 1717 root mem REG 253,2 479808 625097 /usr/lib/libkrb5.so.3.2 sendmail 1717 root mem REG 0,0 0 [vdso] (stat: No such file or directory) sendmail 1717 root mem REG 33,1 279384 160162 /lib/libssl.so.0.9.8a sendmail 1717 root mem REG 33,1 74576 160052 /lib/libresolv-2.4.so sendmail 1717 root mem REG 33,1 110260 160050 /lib/libpthread-2.4.so sendmail 1717 root mem REG 33,1 6568 160151 /lib/libcom_err.so.2.1 sendmail 1717 root mem REG 33,1 89760 160036 /lib/libnsl-2.4.so sendmail 1717 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so sendmail 1717 root mem REG 253,2 14376 624959 /usr/lib/libhesiod.so.0 sendmail 1717 root mem REG 33,1 1009464 160064 /lib/libdb-4.3.so sendmail 1717 root mem REG 253,2 93956 624941 /usr/lib/libsasl2.so.2.0.21 sendmail 1717 root mem REG 253,2 238572 625105 /usr/lib/libldap-2.3.so.0.2.7 sendmail 1717 root mem REG 253,2 31288 624939 /usr/lib/libwrap.so.0.7.6 sendmail 1717 root 0r CHR 1,3 992 /dev/null sendmail 1717 root 1w CHR 1,3 992 /dev/null sendmail 1717 root 2w CHR 1,3 992 /dev/null sendmail 1717 root 3u unix 0xed758480 4859 socket sendmail 1717 root 4u IPv4 4872 TCP localhost.localdomain:smtp (LISTEN) sendmail 1717 root 5wW REG 253,4 33 229414 /var/run/sendmail.pid sendmail 1726 smmsp cwd DIR 253,4 4096 229398 /var/spool/clientmqueue sendmail 1726 smmsp rtd DIR 33,1 4096 2 / sendmail 1726 smmsp txt REG 253,2 802264 164043 /usr/sbin/sendmail.sendmail sendmail 1726 smmsp mem REG 33,1 74576 160052 /lib/libresolv-2.4.so sendmail 1726 smmsp mem REG 253,2 31288 624939 /usr/lib/libwrap.so.0.7.6 sendmail 1726 smmsp mem REG 33,1 25928 160030 /lib/libcrypt-2.4.so sendmail 1726 smmsp mem REG 253,2 93956 624941 /usr/lib/libsasl2.so.2.0.21 sendmail 1726 smmsp mem REG 253,2 98000 625083 /usr/lib/libgssapi_krb5.so.2.2 sendmail 1726 smmsp mem REG 253,2 10200 625099 /usr/lib/libkrb5support.so.0.0 sendmail 1726 smmsp mem REG 33,1 89760 160036 /lib/libnsl-2.4.so sendmail 1726 smmsp mem REG 253,2 238572 625105 /usr/lib/libldap-2.3.so.0.2.7 sendmail 1726 smmsp mem REG 33,1 1525156 160026 /lib/libc-2.4.so sendmail 1726 smmsp mem REG 253,2 151308 625087 /usr/lib/libk5crypto.so.3.0 sendmail 1726 smmsp mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so sendmail 1726 smmsp mem REG 0,0 0 [vdso] (stat: No such file or directory) sendmail 1726 smmsp mem REG 33,1 120132 160019 /lib/ld-2.4.so sendmail 1726 smmsp mem REG 33,1 1247272 160160 /lib/libcrypto.so.0.9.8a sendmail 1726 smmsp mem REG 253,2 14376 624959 /usr/lib/libhesiod.so.0 sendmail 1726 smmsp mem REG 33,1 6568 160151 /lib/libcom_err.so.2.1 sendmail 1726 smmsp mem REG 33,1 14612 160032 /lib/libdl-2.4.so sendmail 1726 smmsp mem REG 33,1 1009464 160064 /lib/libdb-4.3.so sendmail 1726 smmsp mem REG 253,2 74184 624908 /usr/lib/libz.so.1.2.3 sendmail 1726 smmsp mem REG 33,1 110260 160050 /lib/libpthread-2.4.so sendmail 1726 smmsp mem REG 253,2 52572 625103 /usr/lib/liblber-2.3.so.0.2.7 sendmail 1726 smmsp mem REG 253,2 479808 625097 /usr/lib/libkrb5.so.3.2 sendmail 1726 smmsp mem REG 33,1 279384 160162 /lib/libssl.so.0.9.8a sendmail 1726 smmsp 0r CHR 1,3 992 /dev/null sendmail 1726 smmsp 1w CHR 1,3 992 /dev/null sendmail 1726 smmsp 2w CHR 1,3 992 /dev/null sendmail 1726 smmsp 3u unix 0xee060860 4892 socket sendmail 1726 smmsp 4wW REG 253,4 50 229413 /var/run/sm-client.pid gpm 1735 root cwd DIR 33,1 4096 2 / gpm 1735 root rtd DIR 33,1 4096 2 / gpm 1735 root txt REG 253,2 92216 163880 /usr/sbin/gpm gpm 1735 root mem REG 33,1 197804 160034 /lib/libm-2.4.so gpm 1735 root mem REG 0,0 0 [vdso] (stat: No such file or directory) gpm 1735 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so gpm 1735 root mem REG 33,1 120132 160019 /lib/ld-2.4.so gpm 1735 root 0u CHR 5,1 700 /dev/console gpm 1735 root 1u CHR 5,1 700 /dev/console gpm 1735 root 2u CHR 5,1 700 /dev/console gpm 1735 root 3u unix 0xed758c80 4909 socket gpm 1735 root 4u CHR 13,63 2669 /dev/input/mice gpm 1735 root 5u unix 0xed758680 4920 /dev/gpmctl crond 1743 root cwd DIR 253,4 4096 229379 /var/spool crond 1743 root rtd DIR 33,1 4096 2 / crond 1743 root txt REG 253,2 309700 164034 /usr/sbin/crond crond 1743 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so crond 1743 root mem REG 33,1 83564 160137 /lib/libselinux.so.1 crond 1743 root mem REG 33,1 11132 160230 /lib/libsetrans.so.0 crond 1743 root mem REG 33,1 120132 160019 /lib/ld-2.4.so crond 1743 root mem REG 0,0 0 [vdso] (stat: No such file or directory) crond 1743 root mem REG 33,1 8952 160169 /lib/libpam_misc.so.0.81.2 crond 1743 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so crond 1743 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so crond 1743 root mem REG 33,1 227492 160076 /lib/libsepol.so.1 crond 1743 root mem REG 33,1 48056 160167 /lib/libpam.so.0.81.2 crond 1743 root mem REG 33,1 62908 160061 /lib/libaudit.so.0.0.0 crond 1743 root mem REG 253,2 54098368 624910 /usr/lib/locale/locale-archive crond 1743 root 0u CHR 1,3 992 /dev/null crond 1743 root 1u CHR 1,3 992 /dev/null crond 1743 root 2u CHR 1,3 992 /dev/null crond 1743 root 3u REG 253,4 5 229416 /var/run/crond.pid crond 1743 root 4u unix 0xed758880 4930 socket anacron 1751 root cwd DIR 253,4 4096 229382 /var/spool/anacron anacron 1751 root rtd DIR 33,1 4096 2 / anacron 1751 root txt REG 253,2 22368 163876 /usr/sbin/anacron anacron 1751 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so anacron 1751 root mem REG 0,0 0 [vdso] (stat: No such file or directory) anacron 1751 root mem REG 33,1 120132 160019 /lib/ld-2.4.so anacron 1751 root 0r CHR 1,3 992 /dev/null anacron 1751 root 1w CHR 1,3 992 /dev/null anacron 1751 root 2w CHR 1,3 992 /dev/null anacron 1751 root 3u unix 0xee060260 4949 socket anacron 1751 root 4uW REG 253,4 0 229418 /var/spool/anacron/cron.daily anacron 1751 root 5uW REG 253,4 0 229419 /var/spool/anacron/cron.weekly anacron 1751 root 6uW REG 253,4 0 229420 /var/spool/anacron/cron.monthly atd 1759 root cwd DIR 253,4 4096 229386 /var/spool/at atd 1759 root rtd DIR 33,1 4096 2 / atd 1759 root txt REG 253,2 21204 163934 /usr/sbin/atd atd 1759 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so atd 1759 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so atd 1759 root mem REG 33,1 48056 160167 /lib/libpam.so.0.81.2 atd 1759 root mem REG 33,1 62908 160061 /lib/libaudit.so.0.0.0 atd 1759 root mem REG 33,1 83564 160137 /lib/libselinux.so.1 atd 1759 root mem REG 33,1 227492 160076 /lib/libsepol.so.1 atd 1759 root mem REG 33,1 120132 160019 /lib/ld-2.4.so atd 1759 root mem REG 33,1 11132 160230 /lib/libsetrans.so.0 atd 1759 root mem REG 0,0 0 [vdso] (stat: No such file or directory) atd 1759 root mem REG 33,1 8952 160169 /lib/libpam_misc.so.0.81.2 atd 1759 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so atd 1759 root 0u CHR 1,3 992 /dev/null atd 1759 root 1u CHR 1,3 992 /dev/null atd 1759 root 2u CHR 1,3 992 /dev/null atd 1759 root 3uW REG 253,4 5 229417 /var/run/atd.pid hald 1783 haldaemon cwd DIR 33,1 4096 2 / hald 1783 haldaemon rtd DIR 33,1 4096 2 / hald 1783 haldaemon txt REG 253,2 241188 164095 /usr/sbin/hald hald 1783 haldaemon mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so hald 1783 haldaemon mem REG 253,2 257668 624915 /usr/lib/libgobject-2.0.so.0.1000.1 hald 1783 haldaemon mem REG 33,1 471080 160139 /lib/libdbus-1.so.2.0.0 hald 1783 haldaemon mem REG 253,2 596776 624911 /usr/lib/libglib-2.0.so.0.1000.1 hald 1783 haldaemon mem REG 33,1 1525156 160026 /lib/libc-2.4.so hald 1783 haldaemon mem REG 0,0 0 [vdso] (stat: No such file or directory) hald 1783 haldaemon mem REG 33,1 131860 160063 /lib/libexpat.so.0.5.0 hald 1783 haldaemon mem REG 33,1 10448 160070 /lib/libcap.so.1.10 hald 1783 haldaemon mem REG 33,1 89760 160036 /lib/libnsl-2.4.so hald 1783 haldaemon mem REG 33,1 120132 160019 /lib/ld-2.4.so hald 1783 haldaemon mem REG 33,1 197804 160034 /lib/libm-2.4.so hald 1783 haldaemon mem REG 253,2 147596 625115 /usr/lib/libdbus-glib-1.so.2.0.0 hald 1783 haldaemon mem REG 253,2 25404 688371 /usr/lib/gconv/gconv-modules.cache hald 1783 haldaemon 0u CHR 1,3 992 /dev/null hald 1783 haldaemon 1u CHR 1,3 992 /dev/null hald 1783 haldaemon 2u CHR 1,3 992 /dev/null hald 1783 haldaemon 5r FIFO 0,5 5020 pipe hald 1783 haldaemon 6w FIFO 0,5 5020 pipe hald 1783 haldaemon 7u unix 0xed758280 5021 socket hald 1783 haldaemon 8u unix 0xed758080 5022 socket hald 1783 haldaemon 9u unix 0xe8e0eaa0 5025 socket hald 1783 haldaemon 10u unix 0xe8e0e8a0 5030 socket hald 1783 haldaemon 11r REG 0,3 0 116850705 /proc/1783/mounts hald 1783 haldaemon 12u unix 0xe8e0e6a0 5493 socket hald 1783 haldaemon 13u unix 0xe8279ac0 5516 socket hald 1783 haldaemon 14u unix 0xe82796c0 5533 socket hald 1783 haldaemon 15u unix 0xe82794c0 5553 socket hald-runn 1784 root cwd DIR 33,1 4096 2 / hald-runn 1784 root rtd DIR 33,1 4096 2 / hald-runn 1784 root txt REG 253,2 12892 491548 /usr/libexec/hald-runner hald-runn 1784 root mem REG 33,1 10448 160070 /lib/libcap.so.1.10 hald-runn 1784 root mem REG 0,0 0 [vdso] (stat: No such file or directory) hald-runn 1784 root mem REG 33,1 89760 160036 /lib/libnsl-2.4.so hald-runn 1784 root mem REG 33,1 471080 160139 /lib/libdbus-1.so.2.0.0 hald-runn 1784 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so hald-runn 1784 root mem REG 253,2 257668 624915 /usr/lib/libgobject-2.0.so.0.1000.1 hald-runn 1784 root mem REG 33,1 120132 160019 /lib/ld-2.4.so hald-runn 1784 root mem REG 253,2 596776 624911 /usr/lib/libglib-2.0.so.0.1000.1 hald-runn 1784 root mem REG 253,2 147596 625115 /usr/lib/libdbus-glib-1.so.2.0.0 hald-runn 1784 root 0r CHR 1,3 992 /dev/null hald-runn 1784 root 1u CHR 1,3 992 /dev/null hald-runn 1784 root 2u CHR 1,3 992 /dev/null hald-runn 1784 root 3u unix 0xe8e0eca0 5024 socket hald-addo 1790 haldaemon cwd DIR 253,2 4096 491521 /usr/libexec hald-addo 1790 haldaemon rtd DIR 33,1 4096 2 / hald-addo 1790 haldaemon txt REG 253,2 8388 491534 /usr/libexec/hald-addon-acpi hald-addo 1790 haldaemon mem REG 33,1 1525156 160026 /lib/libc-2.4.so hald-addo 1790 haldaemon mem REG 253,2 35280 625213 /usr/lib/libhal.so.1.0.0 hald-addo 1790 haldaemon mem REG 33,1 120132 160019 /lib/ld-2.4.so hald-addo 1790 haldaemon mem REG 0,0 0 [vdso] (stat: No such file or directory) hald-addo 1790 haldaemon mem REG 33,1 10448 160070 /lib/libcap.so.1.10 hald-addo 1790 haldaemon mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so hald-addo 1790 haldaemon mem REG 33,1 89760 160036 /lib/libnsl-2.4.so hald-addo 1790 haldaemon mem REG 33,1 471080 160139 /lib/libdbus-1.so.2.0.0 hald-addo 1790 haldaemon 0r CHR 1,3 992 /dev/null hald-addo 1790 haldaemon 1u CHR 1,3 992 /dev/null hald-addo 1790 haldaemon 2u CHR 1,3 992 /dev/null hald-addo 1790 haldaemon 3u unix 0xe8e0e4a0 5484 socket hald-addo 1790 haldaemon 4u unix 0xe8e0e2a0 5489 socket hald-addo 1796 haldaemon cwd DIR 253,2 4096 491521 /usr/libexec hald-addo 1796 haldaemon rtd DIR 33,1 4096 2 / hald-addo 1796 haldaemon txt REG 253,2 8448 491536 /usr/libexec/hald-addon-keyboard hald-addo 1796 haldaemon mem REG 33,1 1525156 160026 /lib/libc-2.4.so hald-addo 1796 haldaemon mem REG 33,1 89760 160036 /lib/libnsl-2.4.so hald-addo 1796 haldaemon mem REG 33,1 120132 160019 /lib/ld-2.4.so hald-addo 1796 haldaemon mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so hald-addo 1796 haldaemon mem REG 33,1 471080 160139 /lib/libdbus-1.so.2.0.0 hald-addo 1796 haldaemon mem REG 0,0 0 [vdso] (stat: No such file or directory) hald-addo 1796 haldaemon mem REG 33,1 10448 160070 /lib/libcap.so.1.10 hald-addo 1796 haldaemon mem REG 253,2 35280 625213 /usr/lib/libhal.so.1.0.0 hald-addo 1796 haldaemon 0r CHR 1,3 992 /dev/null hald-addo 1796 haldaemon 1u CHR 1,3 992 /dev/null hald-addo 1796 haldaemon 2u CHR 1,3 992 /dev/null hald-addo 1796 haldaemon 3u unix 0xe8279cc0 5515 socket hald-addo 1796 haldaemon 4r CHR 13,64 2656 /dev/input/event0 hald-addo 1801 root cwd DIR 253,2 4096 491521 /usr/libexec hald-addo 1801 root rtd DIR 33,1 4096 2 / hald-addo 1801 root txt REG 253,2 10384 491538 /usr/libexec/hald-addon-storage hald-addo 1801 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so hald-addo 1801 root mem REG 33,1 89760 160036 /lib/libnsl-2.4.so hald-addo 1801 root mem REG 33,1 120132 160019 /lib/ld-2.4.so hald-addo 1801 root mem REG 0,0 0 [vdso] (stat: No such file or directory) hald-addo 1801 root mem REG 33,1 10448 160070 /lib/libcap.so.1.10 hald-addo 1801 root mem REG 33,1 471080 160139 /lib/libdbus-1.so.2.0.0 hald-addo 1801 root mem REG 253,2 35280 625213 /usr/lib/libhal.so.1.0.0 hald-addo 1801 root 0r CHR 1,3 992 /dev/null hald-addo 1801 root 1u CHR 1,3 992 /dev/null hald-addo 1801 root 2u CHR 1,3 992 /dev/null hald-addo 1801 root 3u unix 0xe82798c0 5532 socket login 1811 root cwd DIR 33,1 4096 2 / login 1811 root rtd DIR 33,1 4096 2 / login 1811 root txt REG 33,1 22496 192791 /bin/login login 1811 root mem REG 33,1 89760 160036 /lib/libnsl-2.4.so login 1811 root mem REG 33,1 4824 160194 /lib/security/pam_nologin.so login 1811 root mem REG 33,1 3544 160195 /lib/security/pam_permit.so login 1811 root mem REG 33,1 10332 160201 /lib/security/pam_selinux.so login 1811 root mem REG 33,1 12020 160187 /lib/security/pam_limits.so login 1811 root mem REG 33,1 5656 160190 /lib/security/pam_loginuid.so login 1811 root mem REG 33,1 11168 160205 /lib/security/pam_succeed_if.so login 1811 root mem REG 33,1 11648 160175 /lib/security/pam_cracklib.so login 1811 root mem REG 33,1 47316 160211 /lib/security/pam_unix.so login 1811 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so login 1811 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so login 1811 root mem REG 33,1 25928 160030 /lib/libcrypt-2.4.so login 1811 root mem REG 33,1 48056 160167 /lib/libpam.so.0.81.2 login 1811 root mem REG 33,1 11132 160230 /lib/libsetrans.so.0 login 1811 root mem REG 253,2 28692 625180 /usr/lib/libcrack.so.2.8.0 login 1811 root mem REG 33,1 83564 160137 /lib/libselinux.so.1 login 1811 root mem REG 33,1 120132 160019 /lib/ld-2.4.so login 1811 root mem REG 33,1 62908 160061 /lib/libaudit.so.0.0.0 login 1811 root mem REG 33,1 227492 160076 /lib/libsepol.so.1 login 1811 root mem REG 0,0 0 [vdso] (stat: No such file or directory) login 1811 root mem REG 33,1 6044 160200 /lib/security/pam_securetty.so login 1811 root mem REG 33,1 8952 160169 /lib/libpam_misc.so.0.81.2 login 1811 root mem REG 33,1 21400 160174 /lib/security/pam_console.so login 1811 root mem REG 33,1 10804 160179 /lib/security/pam_env.so login 1811 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so login 1811 root mem REG 33,1 3188 160177 /lib/security/pam_deny.so mingetty 1812 root cwd DIR 33,1 4096 2 / mingetty 1812 root rtd DIR 33,1 4096 2 / mingetty 1812 root txt REG 33,1 10660 128017 /sbin/mingetty mingetty 1812 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so mingetty 1812 root mem REG 0,0 0 [vdso] (stat: No such file or directory) mingetty 1812 root mem REG 33,1 120132 160019 /lib/ld-2.4.so mingetty 1812 root 0u CHR 4,2 971 /dev/tty2 mingetty 1812 root 1u CHR 4,2 971 /dev/tty2 mingetty 1812 root 2u CHR 4,2 971 /dev/tty2 mingetty 1815 root cwd DIR 33,1 4096 2 / mingetty 1815 root rtd DIR 33,1 4096 2 / mingetty 1815 root txt REG 33,1 10660 128017 /sbin/mingetty mingetty 1815 root mem REG 0,0 0 [vdso] (stat: No such file or directory) mingetty 1815 root mem REG 33,1 120132 160019 /lib/ld-2.4.so mingetty 1815 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so mingetty 1815 root 0u CHR 4,3 972 /dev/tty3 mingetty 1815 root 1u CHR 4,3 972 /dev/tty3 mingetty 1815 root 2u CHR 4,3 972 /dev/tty3 mingetty 1818 root cwd DIR 33,1 4096 2 / mingetty 1818 root rtd DIR 33,1 4096 2 / mingetty 1818 root txt REG 33,1 10660 128017 /sbin/mingetty mingetty 1818 root mem REG 0,0 0 [vdso] (stat: No such file or directory) mingetty 1818 root mem REG 33,1 120132 160019 /lib/ld-2.4.so mingetty 1818 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so mingetty 1818 root 0u CHR 4,4 973 /dev/tty4 mingetty 1818 root 1u CHR 4,4 973 /dev/tty4 mingetty 1818 root 2u CHR 4,4 973 /dev/tty4 mingetty 1819 root cwd DIR 33,1 4096 2 / mingetty 1819 root rtd DIR 33,1 4096 2 / mingetty 1819 root txt REG 33,1 10660 128017 /sbin/mingetty mingetty 1819 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so mingetty 1819 root mem REG 0,0 0 [vdso] (stat: No such file or directory) mingetty 1819 root mem REG 33,1 120132 160019 /lib/ld-2.4.so mingetty 1819 root 0u CHR 4,5 974 /dev/tty5 mingetty 1819 root 1u CHR 4,5 974 /dev/tty5 mingetty 1819 root 2u CHR 4,5 974 /dev/tty5 mingetty 1824 root cwd DIR 33,1 4096 2 / mingetty 1824 root rtd DIR 33,1 4096 2 / mingetty 1824 root txt REG 33,1 10660 128017 /sbin/mingetty mingetty 1824 root mem REG 33,1 120132 160019 /lib/ld-2.4.so mingetty 1824 root mem REG 0,0 0 [vdso] (stat: No such file or directory) mingetty 1824 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so mingetty 1824 root 0u CHR 4,6 975 /dev/tty6 mingetty 1824 root 1u CHR 4,6 975 /dev/tty6 mingetty 1824 root 2u CHR 4,6 975 /dev/tty6 kauditd 1870 root cwd DIR 33,1 4096 2 / kauditd 1870 root rtd DIR 33,1 4096 2 / kauditd 1870 root txt unknown /proc/1870/exe bash 1871 root cwd DIR 33,1 4096 96002 /root bash 1871 root rtd DIR 33,1 4096 2 / bash 1871 root txt REG 33,1 715176 192007 /bin/bash bash 1871 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so bash 1871 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so bash 1871 root mem REG 33,1 120132 160019 /lib/ld-2.4.so bash 1871 root mem REG 0,0 0 [vdso] (stat: No such file or directory) bash 1871 root mem REG 33,1 12048 160075 /lib/libtermcap.so.2.0.8 bash 1871 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so bash 1871 root mem REG 253,2 25404 688371 /usr/lib/gconv/gconv-modules.cache bash 1871 root mem REG 253,2 54098368 624910 /usr/lib/locale/locale-archive bash 1871 root 0u CHR 4,1 970 /dev/tty1 bash 1871 root 1u CHR 4,1 970 /dev/tty1 bash 1871 root 2u CHR 4,1 970 /dev/tty1 bash 1871 root 255u CHR 4,1 970 /dev/tty1 sshd 1904 root cwd DIR 33,1 4096 2 / sshd 1904 root rtd DIR 33,1 4096 2 / sshd 1904 root txt REG 253,2 379720 164111 /usr/sbin/sshd sshd 1904 root mem REG 33,1 83564 160137 /lib/libselinux.so.1 sshd 1904 root mem REG 33,1 74576 160052 /lib/libresolv-2.4.so sshd 1904 root mem REG 33,1 13388 160058 /lib/libutil-2.4.so sshd 1904 root mem REG 253,2 74184 624908 /usr/lib/libz.so.1.2.3 sshd 1904 root mem REG 33,1 89760 160036 /lib/libnsl-2.4.so sshd 1904 root mem REG 253,2 98000 625083 /usr/lib/libgssapi_krb5.so.2.2 sshd 1904 root mem REG 253,2 151308 625087 /usr/lib/libk5crypto.so.3.0 sshd 1904 root mem REG 253,2 10200 625099 /usr/lib/libkrb5support.so.0.0 sshd 1904 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so sshd 1904 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so sshd 1904 root mem REG 33,1 11168 160205 /lib/security/pam_succeed_if.so sshd 1904 root mem REG 33,1 4824 160194 /lib/security/pam_nologin.so sshd 1904 root mem REG 33,1 3544 160195 /lib/security/pam_permit.so sshd 1904 root mem REG 33,1 12020 160187 /lib/security/pam_limits.so sshd 1904 root mem REG 33,1 5656 160190 /lib/security/pam_loginuid.so sshd 1904 root mem REG 33,1 21704 160040 /lib/libnss_dns-2.4.so sshd 1904 root mem REG 33,1 11132 160230 /lib/libsetrans.so.0 sshd 1904 root mem REG 33,1 47316 160211 /lib/security/pam_unix.so sshd 1904 root mem REG 33,1 10804 160179 /lib/security/pam_env.so sshd 1904 root mem REG 33,1 11648 160175 /lib/security/pam_cracklib.so sshd 1904 root mem REG 0,0 0 [vdso] (stat: No such file or directory) sshd 1904 root mem REG 33,1 6568 160151 /lib/libcom_err.so.2.1 sshd 1904 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so sshd 1904 root mem REG 253,2 31288 624939 /usr/lib/libwrap.so.0.7.6 sshd 1904 root mem REG 33,1 48056 160167 /lib/libpam.so.0.81.2 sshd 1904 root mem REG 33,1 62908 160061 /lib/libaudit.so.0.0.0 sshd 1904 root mem REG 33,1 120132 160019 /lib/ld-2.4.so sshd 1904 root mem REG 33,1 25928 160030 /lib/libcrypt-2.4.so sshd 1904 root mem REG 33,1 227492 160076 /lib/libsepol.so.1 sshd 1904 root mem REG 253,2 479808 625097 /usr/lib/libkrb5.so.3.2 sshd 1904 root mem REG 253,2 28692 625180 /usr/lib/libcrack.so.2.8.0 sshd 1904 root mem REG 33,1 1247272 160160 /lib/libcrypto.so.0.9.8a sshd 1904 root mem REG 33,1 3188 160177 /lib/security/pam_deny.so sshd 1904 root DEL REG 0,7 5856 /dev/zero sshd 1904 root DEL REG 0,7 5846 /dev/zero sshd 1904 root 0u CHR 1,3 992 /dev/null sshd 1904 root 1u CHR 1,3 992 /dev/null sshd 1904 root 2u CHR 1,3 992 /dev/null sshd 1904 root 3u IPv6 5832 TCP 192.168.1.1:ssh->192.168.1.2:51992 (ESTABLISHED) sshd 1904 root 4r FIFO 0,5 5857 pipe sshd 1904 root 5w FIFO 0,5 5857 pipe sshd 1904 root 6u CHR 5,2 701 /dev/ptmx sshd 1904 root 7u CHR 5,2 701 /dev/ptmx sshd 1904 root 8u CHR 5,2 701 /dev/ptmx bash 1906 root cwd DIR 33,1 4096 96002 /root bash 1906 root rtd DIR 33,1 4096 2 / bash 1906 root txt REG 33,1 715176 192007 /bin/bash bash 1906 root mem REG 33,1 14612 160032 /lib/libdl-2.4.so bash 1906 root mem REG 33,1 46608 160042 /lib/libnss_files-2.4.so bash 1906 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so bash 1906 root mem REG 0,0 0 [vdso] (stat: No such file or directory) bash 1906 root mem REG 33,1 12048 160075 /lib/libtermcap.so.2.0.8 bash 1906 root mem REG 33,1 120132 160019 /lib/ld-2.4.so bash 1906 root mem REG 253,2 25404 688371 /usr/lib/gconv/gconv-modules.cache bash 1906 root mem REG 253,2 54098368 624910 /usr/lib/locale/locale-archive bash 1906 root 0u CHR 136,0 2 /dev/pts/0 bash 1906 root 1u CHR 136,0 2 /dev/pts/0 bash 1906 root 2u CHR 136,0 2 /dev/pts/0 bash 1906 root 255u CHR 136,0 2 /dev/pts/0 lsof 2204 root cwd DIR 33,1 4096 96002 /root lsof 2204 root rtd DIR 33,1 4096 2 / lsof 2204 root txt REG 253,2 117220 163884 /usr/sbin/lsof lsof 2204 root mem REG 33,1 120132 160019 /lib/ld-2.4.so lsof 2204 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so lsof 2204 root mem REG 0,0 0 [vdso] (stat: No such file or directory) lsof 2204 root mem REG 253,2 25404 688371 /usr/lib/gconv/gconv-modules.cache lsof 2204 root mem REG 253,2 54098368 624910 /usr/lib/locale/locale-archive lsof 2204 root 0u CHR 136,0 2 /dev/pts/0 lsof 2204 root 1u CHR 136,0 2 /dev/pts/0 lsof 2204 root 2u CHR 136,0 2 /dev/pts/0 lsof 2204 root 3r DIR 0,3 0 1 /proc lsof 2204 root 4r DIR 0,3 0 144441353 /proc/2204/fd lsof 2204 root 5w FIFO 0,5 6820 pipe lsof 2204 root 6r FIFO 0,5 6821 pipe lsof 2205 root cwd DIR 33,1 4096 96002 /root lsof 2205 root rtd DIR 33,1 4096 2 / lsof 2205 root txt REG 253,2 117220 163884 /usr/sbin/lsof lsof 2205 root mem REG 33,1 120132 160019 /lib/ld-2.4.so lsof 2205 root mem REG 33,1 1525156 160026 /lib/libc-2.4.so lsof 2205 root mem REG 0,0 0 [vdso] (stat: No such file or directory) lsof 2205 root mem REG 253,2 54098368 624910 /usr/lib/locale/locale-archive lsof 2205 root 4r FIFO 0,5 6820 pipe lsof 2205 root 7w FIFO 0,5 6821 pipe
[edit] Firewall 1
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[edit] Vulnerability Scan 1
[edit] nmap 4.11 against iptables running 1
$ nmap -A -T4 -P0 192.168.5.182
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-01-18 23:39 EST Interesting ports on 192.168.5.182: Not shown: 1678 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 631/tcp closed ipp
Nmap finished: 1 IP address (1 host up) scanned in 25.418 seconds
[edit] nmap 4.11 against iptables stopped 1
$ nmap -A -T4 192.168.5.182
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-01-18 23:41 EST Interesting ports on 192.168.5.182: Not shown: 1678 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 111/tcp open rpcbind 2 (rpc #100000)
Nmap finished: 1 IP address (1 host up) scanned in 6.306 seconds
[edit] nessus 3.0.2 against iptables running 1
[edit] nessus 3.0.2 against iptables stopped 1
[edit] Bastille Assessment 1
# /usr/sbin/bastille --assessnobrowser # more /var/log/Bastille/Assessment/assessment-report.txt
Bastille Hardening Assessment Report +-------------------------------------+------------------------------------------+-----+------+------+ | Item | Question | Yes |Weight|Score | +-------------------------------------+------------------------------------------+-----+------+------+ | generalperms_1_1 | Are more restrictive permissions on the | No | 0.00 | 0.00 | | suidmount | Is SUID status for mount/umount disabled | No | 1.00 | 0.00 | | suidping | Is SUID status for ping disabled? | No | 1.00 | 0.00 | | suiddump | Is SUID status for dump and restore disa | Yes | 1.00 | 1.00 | | suidcard | Is SUID status for cardctl disabled? | Yes | 1.00 | 1.00 | | suidat | Is SUID status for at disabled? | No | 1.00 | 0.00 | | suiddos | Is SUID status for DOSEMU disabled? | Yes | 1.00 | 1.00 | | suidnews | Is SUID status for news server tools dis | Yes | 1.00 | 1.00 | | suidprint | Is SUID status for printing utilities di | Yes | 1.00 | 1.00 | | suidrtool | Are the r-tools disabled? | No | 1.00 | 0.00 | | suidusernetctl | Is SUID status for usernetctl disabled? | No | 1.00 | 0.00 | | suidtrace | Is SUID status for traceroute disabled? | Yes | 1.00 | 1.00 | | suidXwrapper | Is SUID status for Xwrapper disabled? | Yes | 1.00 | 1.00 | | suidXFree86 | Is SUID status for XFree86 disabled? | Yes | 1.00 | 1.00 | | protectrhost | Are clear-text r-protocols that use IP-b | No | 0.00 | 0.00 | | passwdage | Is password aging enforced? | No | 1.00 | 0.00 | | cronuser | Is the use of cron restricted to adminis | Yes | 1.00 | 1.00 | | umaskyn | Is the default umask set to a minimal va | No | 1.00 | 0.00 | | rootttylogins | Are root logins on tty's 1-6 prohibited? | No | 1.00 | 0.00 | | protectgrub | Is the GRUB prompt password-protected? | No | 1.00 | 0.00 | | protectlilo | Is the LILO prompt password-protected? | Yes | 1.00 | 1.00 | | lilodelay | Is the LILO delay time zero? | Yes | 0.00 | 0.00 | | secureinittab | Is CTRL-ALT-DELETE rebooting disabled? | No | 0.00 | 0.00 | | passsum | Is single-user mode password-protected? | No | 1.00 | 0.00 | | tcpd_default_deny | Is a default-deny on TCP Wrappers and xi | No | 1.00 | 0.00 | | deactivate_telnet | Is the telnet service disabled on this s | Yes | 1.00 | 1.00 | | deactivate_ftp | Is inetd's FTP service disabled on this | Yes | 1.00 | 1.00 | | banners | Are "Authorized Use" messages displayed | No | 1.00 | 0.00 | | compiler | Are the gcc and/or g++ compiler disabled | Yes | 1.00 | 1.00 | | morelogging | Has additional logging been added? | Yes | 1.00 | 1.00 | | pacct | Is process accounting set up? | No | 1.00 | 0.00 | | laus | Is LAuS active? | Yes | 1.00 | 1.00 | | apmd | Are acpid and apmd disabled? | No | 1.00 | 0.00 | | remotefs | Are NFS and Samba deactivated? | No | 1.00 | 0.00 | | pcmcia | Are PCMCIA services disabled? | Yes | 1.00 | 1.00 | | dhcpd | Is the DHCP daemon disabled? | Yes | 1.00 | 1.00 | | gpm | Is GPM disabled? | No | 1.00 | 0.00 | | innd | Is the news server daemon disabled? | Yes | 1.00 | 1.00 | | disable_routed | Is routed deactivated? | Yes | 1.00 | 1.00 | | disable_gated | Is gated deactivated? | Yes | 1.00 | 1.00 | | nis_server | Are NIS server programs deactivated? | Yes | 1.00 | 1.00 | | nis_client | Are NIS client programs deactivated? | Yes | 1.00 | 1.00 | | snmpd | Is SNMPD disabled? | Yes | 1.00 | 1.00 | | disable_kudzu | Is kudzu's run at boot deactivated? | No | 1.00 | 0.00 | | sendmaildaemon | Is sendmail's daemon mode disabled? | No | 1.00 | 0.00 | | sendmailcron | Does sendmail process the queue via cron | Yes | 0.00 | 0.00 | | vrfyexpn | Are the VRFY and EXPN sendmail commands | Yes | 1.00 | 1.00 | | chrootbind | Is named in a chroot jail and is it set | Yes | 0.00 | 0.00 | | namedoff | Is named deactivated? | Yes | 1.00 | 1.00 | | apacheoff | Is the Apache Web server deactivated? | Yes | 1.00 | 1.00 | | bindapachelocal | Is the Web server bound to listen only t | Yes | 0.00 | 0.00 | | bindapachenic | Is the Web server bound to a particular | Yes | 0.00 | 0.00 | | symlink | Is the following of symbolic links deact | Yes | 1.00 | 1.00 | | ssi | Are server-side includes deactivated? | Yes | 1.00 | 1.00 | | cgi | Are CGI scripts disabled? | Yes | 1.00 | 1.00 | | apacheindex | Are indexes disabled? | Yes | 1.00 | 1.00 | | printing | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups_lpd_legacy | Is CUPS' legacy LPD support disabled? | Yes | 1.00 | 1.00 | | userftp | Are user privileges on the FTP daemon di | Yes | 1.00 | 1.00 | | anonftp | Is anonymous download disabled? | Yes | 1.00 | 1.00 | +-------------------------------------+------------------------------------------+-----+------+------+ Score: 6.60 / 10.00
[edit] After package and service adjustments
[edit] CIS Benchmark Score 2
Summary Computer Name: localhost.localdomain Benchmark: Redhat Linux Benchmark v1.0.5 August, 2006 Scan Time: 01/31/2007 11:25:21 Description Items Score Passed Failed Actual Max 1 Patches, Packages and Initial Lockdown 3 0 11.111 11.111 2 Minimize xinetd network services 7 1 9.722 11.111 3 Minimize boot services 19 2 10.053 11.111 4 Kernel Tuning/Network Parameter Modifications 2 0 11.111 11.111 5 Logging 2 2 5.556 11.111 6 File/Directory Permissions/Access 3 6 3.704 11.111 7 System Access, Authentication, and Authorization 4 7 4.040 11.111 8 User Accounts and Environment 6 6 5.556 11.111 9 Warning Banners 3 0 11.111 11.111 9.1 Reboot 0 0 0.000 0.000 10 Anti-Virus Consideration 0 0 0.000 0.000 11 Remove Backup Files 0 0 0.000 0.000 Overall Score: 49 24 71.970
Note: Actual scores are subject to rounding errors. The sum of these values may not result in the exact overall score. Security Items Description Status 1 Patches, Packages and Initial Lockdown 1.1 Apply Latest OS Patches Not Tested 1.2 Validate Your System Before Making Changes Not Tested 1.3 Configure SSH Passed 1.4 Enable System Accounting Passed 1.5 Install and Run Bastille Passed 2 Minimize xinetd network services 2.1 Disable Standard Services Passed 2.2 Configure TCP Wrappers and Firewall to Limit Access Failed 2.3 Only Enable telnet If Absolutely Necessary Passed 2.4 Only Enable FTP If Absolutely Necessary Passed 2.5 Only Enable rlogin/rsh/rcp If Absolutely Necessary Passed 2.6 Only Enable TFTP Server if Absolutely Necessary Passed 2.7 Only Enable IMAP If Absolutely Necessary Passed 2.8 Only Enable POP If Absolutely Necessary Passed 3 Minimize boot services 3.1 Set Daemon Umask Passed 3.2 Disable xinetd, If Possible Passed 3.3 disable sendmail Failed 3.4 disable gui login Passed 3.5 disable xfont server Passed 3.6 Disable Standard Boot Services Failed 3.7 disable samba server Passed 3.8 disable nfs server Passed 3.9 disable nfs client Passed 3.10 disable nis client Passed 3.11 disable nis server Passed 3.12 disable rpc portmap Passed 3.13 disable netfs script Passed 3.14 disable printer daemon Passed 3.15 disable apache server Passed 3.16 disable snmpd Passed 3.17 disable dns server Passed 3.18 disable mysql server Passed 3.19 disable webmin Passed 3.20 disable squid server Passed 3.21 disable kudzu hardware monitor Passed 4 Kernel Tuning/Network Parameter Modifications 4.1 Network Parameter Modifications Passed 4.2 Additional Network Parameter Modifications Passed 5 Logging 5.1 Capture Messages Sent To Syslog AUTHPRIV Facility Passed 5.2 Turn On Additional Logging For FTP Daemon Passed 5.3 Confirm Permissions On System Log Files Failed 5.4 Configure syslogd to Send Logs to a Remote LogHost Failed 6 File/Directory Permissions/Access 6.1 Add 'nodev' Option To Appropriate Partitions In /etc/fstab Failed 6.2 Add 'nosuid' and 'nodev' Option For Removable Media In /etc/fstab Failed 6.3 Disable User-Mounted Removable File Systems Failed 6.4 Verify passwd, shadow, and group File Permissions Failed 6.5 World-Writable Directories Should Have Their Sticky Bit Set Passed 6.6 Find Unauthorized World-Writable Files Passed 6.7 Find Unauthorized SUID/SGID System Executables Failed 6.8 Find All Unowned Files Failed 6.9 Disable USB Devices (AKA Hotplugger) Passed 7 System Access, Authentication, and Authorization 7.1 Remove .rhosts Support In PAM Configuration Files Passed 7.2 Create ftpusers Files Failed 7.3 Prevent X Server From Listening On Port 6000/tcp Failed 7.4 Restrict at/cron To Authorized Users Failed 7.5 Restrict Permissions On crontab Files Failed 7.6 Configure xinetd Access Control Failed 7.7 Restrict Root Logins To System Console Passed 7.8 Set LILO/GRUB Password Passed 7.9 Require Authentication For Single-User Mode Failed 7.10 Restrict NFS Client Requests To Privileged Ports Passed 7.11 Only Enable syslog To Accept Messages If Absolutely Necessary Failed 8 User Accounts and Environment 8.1 Block System Accounts Failed 8.2 Verify That There Are No Accounts With Empty Password Fields Passed 8.3 Set Account Expiration Parameters On Active Accounts Failed 8.4 Verify No Legacy '+' Entries Exist In passwd, shadow, And group Files Passed 8.5 Verify That No UID 0 Accounts Exist Other Than Root Passed 8.6 No '.' or Group/World-Writable Directory In Root's $PATH Passed 8.7 User Home Directories Should Be Mode 750 or More Restrictive Failed 8.8 No User Dot-Files Should Be World-Writable Passed 8.9 Remove User .netrc Files Passed 8.10 Set Default umask For Users Failed 8.11 Disable Core Dumps Failed 8.12 Limit Access To The Root Account From su Failed 9 Warning Banners 9.1 Create Warnings For Network And Physical Access Services Passed 9.2 Create Warnings For GUI-Based Logins Passed 9.3 Create "authorized only" Banners For vsftpd, If Applicable Passed
[edit] Bastille Assessment 2
Bastille Hardening Assessment Report +-------------------------------------+------------------------------------------+-----+------+------+ | Item | Question | Yes |Weight|Score | +-------------------------------------+------------------------------------------+-----+------+------+ | generalperms_1_1 | Are more restrictive permissions on the | No | 0.00 | 0.00 | | suidmount | Is SUID status for mount/umount disabled | No | 1.00 | 0.00 | | suidping | Is SUID status for ping disabled? | No | 1.00 | 0.00 | | suiddump | Is SUID status for dump and restore disa | Yes | 1.00 | 1.00 | | suidcard | Is SUID status for cardctl disabled? | Yes | 1.00 | 1.00 | | suidat | Is SUID status for at disabled? | No | 1.00 | 0.00 | | suiddos | Is SUID status for DOSEMU disabled? | Yes | 1.00 | 1.00 | | suidnews | Is SUID status for news server tools dis | Yes | 1.00 | 1.00 | | suidprint | Is SUID status for printing utilities di | Yes | 1.00 | 1.00 | | suidrtool | Are the r-tools disabled? | Yes | 1.00 | 1.00 | | suidusernetctl | Is SUID status for usernetctl disabled? | No | 1.00 | 0.00 | | suidtrace | Is SUID status for traceroute disabled? | Yes | 1.00 | 1.00 | | suidXwrapper | Is SUID status for Xwrapper disabled? | Yes | 1.00 | 1.00 | | suidXFree86 | Is SUID status for XFree86 disabled? | Yes | 1.00 | 1.00 | | protectrhost | Are clear-text r-protocols that use IP-b | No | 0.00 | 0.00 | | passwdage | Is password aging enforced? | No | 1.00 | 0.00 | | cronuser | Is the use of cron restricted to adminis | Yes | 1.00 | 1.00 | | umaskyn | Is the default umask set to a minimal va | No | 1.00 | 0.00 | | rootttylogins | Are root logins on tty's 1-6 prohibited? | No | 1.00 | 0.00 | | protectgrub | Is the GRUB prompt password-protected? | Yes | 1.00 | 1.00 | | protectlilo | Is the LILO prompt password-protected? | Yes | 1.00 | 1.00 | | lilodelay | Is the LILO delay time zero? | Yes | 0.00 | 0.00 | | secureinittab | Is CTRL-ALT-DELETE rebooting disabled? | No | 0.00 | 0.00 | | passsum | Is single-user mode password-protected? | Yes | 1.00 | 1.00 | | tcpd_default_deny | Is a default-deny on TCP Wrappers and xi | No | 1.00 | 0.00 | | deactivate_telnet | Is the telnet service disabled on this s | Yes | 1.00 | 1.00 | | deactivate_ftp | Is inetd's FTP service disabled on this | Yes | 1.00 | 1.00 | | banners | Are "Authorized Use" messages displayed | Yes | 1.00 | 1.00 | | compiler | Are the gcc and/or g++ compiler disabled | Yes | 1.00 | 1.00 | | morelogging | Has additional logging been added? | Yes | 1.00 | 1.00 | | pacct | Is process accounting set up? | No | 1.00 | 0.00 | | laus | Is LAuS active? | Yes | 1.00 | 1.00 | | apmd | Are acpid and apmd disabled? | Yes | 1.00 | 1.00 | | remotefs | Are NFS and Samba deactivated? | No | 1.00 | 0.00 | | pcmcia | Are PCMCIA services disabled? | Yes | 1.00 | 1.00 | | dhcpd | Is the DHCP daemon disabled? | Yes | 1.00 | 1.00 | | gpm | Is GPM disabled? | Yes | 1.00 | 1.00 | | innd | Is the news server daemon disabled? | Yes | 1.00 | 1.00 | | disable_routed | Is routed deactivated? | Yes | 1.00 | 1.00 | | disable_gated | Is gated deactivated? | Yes | 1.00 | 1.00 | | nis_server | Are NIS server programs deactivated? | Yes | 1.00 | 1.00 | | nis_client | Are NIS client programs deactivated? | Yes | 1.00 | 1.00 | | snmpd | Is SNMPD disabled? | Yes | 1.00 | 1.00 | | disable_kudzu | Is kudzu's run at boot deactivated? | Yes | 1.00 | 1.00 | | sendmaildaemon | Is sendmail's daemon mode disabled? | No | 1.00 | 0.00 | | sendmailcron | Does sendmail process the queue via cron | Yes | 0.00 | 0.00 | | vrfyexpn | Are the VRFY and EXPN sendmail commands | Yes | 1.00 | 1.00 | | chrootbind | Is named in a chroot jail and is it set | Yes | 0.00 | 0.00 | | namedoff | Is named deactivated? | Yes | 1.00 | 1.00 | | apacheoff | Is the Apache Web server deactivated? | Yes | 1.00 | 1.00 | | bindapachelocal | Is the Web server bound to listen only t | Yes | 0.00 | 0.00 | | bindapachenic | Is the Web server bound to a particular | Yes | 0.00 | 0.00 | | symlink | Is the following of symbolic links deact | Yes | 1.00 | 1.00 | | ssi | Are server-side includes deactivated? | Yes | 1.00 | 1.00 | | cgi | Are CGI scripts disabled? | Yes | 1.00 | 1.00 | | apacheindex | Are indexes disabled? | Yes | 1.00 | 1.00 | | printing | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups_lpd_legacy | Is CUPS' legacy LPD support disabled? | Yes | 1.00 | 1.00 | | userftp | Are user privileges on the FTP daemon di | Yes | 1.00 | 1.00 | | anonftp | Is anonymous download disabled? | Yes | 1.00 | 1.00 | +-------------------------------------+------------------------------------------+-----+------+------+ Score: 7.92 / 10.00
[edit] Services 2
[edit] Processes 2
[edit] Disk Usage 3
[edit] After Reducing Remote Access
[edit] CIS Benchmark Score 3
[edit] Bastille Assessment 3
[edit] Processes 3
[edit] Open Files 3
[edit] Network Connections 3
[edit] Vulnerability Scan 3
[edit] nessus against iptables running 3
This page has been accessed 817 times. This page was last modified 17:07, 31 Jan 2007.
