Jan 27 17:13:58 bear inetd[295]: [ID 161378 daemon.error] time/tcp: bind:
Address already in use
Jan 27 17:13:58 bear inetd[295]: [ID 161378 daemon.error] telnet/tcp: bind:
Address already in use
I keep getting the above every ten minutes on the console - What should I be
looking for?
(No - there is nothing in root's crontab firing every 10 mins)
TIA
--
Regards
Dave Saville
NB Remove no-spam- for good email address
|
|
0
|
|
|
|
Reply
|
 Dave
|
1/27/2005 5:25:16 PM |
|
inetd is trying to bind to a port, but some application is already
bound to those ports. Check your inetd.conf and comment out these
things (time and telnet) if you don't need them. If you do need them,
find out what's running on those ports:
lsof -i tcp:23
lsof -i tcp:37
....then track down those things.
Patrick
|
|
|
0
|
|
|
|
Reply
|
pbeckhelm
|
1/27/2005 8:03:11 PM
|
|
On 27 Jan 2005 12:03:11 -0800, pbeckhelm@gmail.com wrote:
>
>
>inetd is trying to bind to a port, but some application is already
>bound to those ports. Check your inetd.conf and comment out these
>things (time and telnet) if you don't need them. If you do need them,
>find out what's running on those ports:
>
>lsof -i tcp:23
>lsof -i tcp:37
>
>....then track down those things.
Easier said than done I am afraid - I don't have lsof and it would appear that
it is 32/64 bit and architecture specific. I can only find 64 and or sun4u on
the web for solaris 8. I need 32 bit sun4m - I can't build it as this box is a
hardened server so has no compilers etc. (Yes I know - telnet :-) but it *is*
behind a firewall that only has web & mail open)
Anyone got lsof 32bit sun4m solaris8? Or is there another way to back track the
ports?
--
Regards
Dave Saville
NB Remove no-spam- for good email address
|
|
|
0
|
|
|
|
Reply
|
Dave
|
1/27/2005 8:40:05 PM
|
|
Dave Saville <dave@no-spam-deezee.org> wrote:
> Anyone got lsof 32bit sun4m solaris8? Or is there another way to back track the
> ports?
With solaris 8 you can run 'pfiles <PID>' and see what ports are in
use. A quick shell script could probably run 'pfiles' on every PID in
/proc looking for the ports in question.
--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
|
|
|
0
|
|
|
|
Reply
|
Darren
|
1/27/2005 9:01:17 PM
|
|
On Thu, 27 Jan 2005 21:01:17 GMT, Darren Dunham wrote:
>Dave Saville <dave@no-spam-deezee.org> wrote:
>> Anyone got lsof 32bit sun4m solaris8? Or is there another way to back track the
>> ports?
>
>With solaris 8 you can run 'pfiles <PID>' and see what ports are in
>use. A quick shell script could probably run 'pfiles' on every PID in
>/proc looking for the ports in question.
Thnaks for that.
292: /usr/sbin/inetd -s
Current rlimit: 1024 file descriptors
0: S_IFDIR mode:0755 dev:32,24 ino:2 uid:0 gid:0 size:512
O_RDONLY
1: S_IFDIR mode:0755 dev:32,24 ino:2 uid:0 gid:0 size:512
O_RDONLY
2: S_IFDIR mode:0755 dev:32,24 ino:2 uid:0 gid:0 size:512
O_RDONLY
11: S_IFSOCK mode:0666 dev:248,0 ino:59812 uid:0 gid:0 size:0
O_RDWR
sockname: AF_INET6 :: port: 23
12: S_IFSOCK mode:0666 dev:248,0 ino:59811 uid:0 gid:0 size:0
O_RDWR
sockname: AF_INET6 :: port: 37
13: S_IFSOCK mode:0666 dev:248,0 ino:59811 uid:0 gid:0 size:0
O_RDWR
sockname: AF_INET6 :: port: 37
295: /usr/sbin/inetd -s -t
Current rlimit: 1024 file descriptors
0: S_IFDIR mode:0755 dev:32,24 ino:2 uid:0 gid:0 size:512
O_RDONLY
1: S_IFDIR mode:0755 dev:32,24 ino:2 uid:0 gid:0 size:512
O_RDONLY
2: S_IFDIR mode:0755 dev:32,24 ino:2 uid:0 gid:0 size:512
O_RDONLY
4: S_IFCHR mode:0666 dev:32,24 ino:80679 uid:0 gid:3 rdev:21,0
O_WRONLY FD_CLOEXEC
11: S_IFSOCK mode:0666 dev:248,0 ino:59813 uid:0 gid:0 size:0
O_RDWR
sockname: AF_INET6 :: port: 37
There appears to be two copies of inetd running
# ps -elf|grep inetd
8 S root 295 1 0 41 20 f606d768 448 f5a29dfa Jan 25 ?
0:00 /usr/sbin/inetd -s -t
8 S root 292 1 0 41 20 f6067038 446 f5a29dba Jan 25 ?
0:00 /usr/sbin/inetd -s
At least I know where to start digging now :-)
--
Regards
Dave Saville
NB Remove no-spam- for good email address
|
|
|
0
|
|
|
|
Reply
|
Dave
|
1/28/2005 9:38:31 AM
|
|
On Fri, 28 Jan 2005 09:38:31 GMT, Dave Saville wrote:
>There appears to be two copies of inetd running
>
># ps -elf|grep inetd
> 8 S root 295 1 0 41 20 f606d768 448 f5a29dfa Jan 25 ?
>0:00 /usr/sbin/inetd -s -t
> 8 S root 292 1 0 41 20 f6067038 446 f5a29dba Jan 25 ?
>0:00 /usr/sbin/inetd -s
Looks like it is a failure in the JASS hardening script(s).
I built the box with a clean install of 8, followed by the latest patches,
followed by the JASS hardening.
All references to /etc/*/*inetsvc had five links and the script started inetd
-s -t except for rc2.d which had S72initsvc, link count of one and a large
script starting inetd -s *and* S72initsvc.old link count 5 -s -t . Of course
both got run. Removed the first and renamed the second.
Thanks for the help.
--
Regards
Dave Saville
NB Remove no-spam- for good email address
|
|
|
0
|
|
|
|
Reply
|
Dave
|
1/28/2005 11:19:19 AM
|
|
Dave Saville wrote:
> On Fri, 28 Jan 2005 09:38:31 GMT, Dave Saville wrote:
>
> >There appears to be two copies of inetd running
> >
> ># ps -elf|grep inetd
> > 8 S root 295 1 0 41 20 f606d768 448 f5a29dfa Jan
25 ?
> >0:00 /usr/sbin/inetd -s -t
> > 8 S root 292 1 0 41 20 f6067038 446 f5a29dba Jan
25 ?
> >0:00 /usr/sbin/inetd -s
>
> Looks like it is a failure in the JASS hardening script(s).
>
> I built the box with a clean install of 8, followed by the latest
patches,
> followed by the JASS hardening.
>
> All references to /etc/*/*inetsvc had five links and the script
started inetd
> -s -t except for rc2.d which had S72initsvc, link count of one and a
large
> script starting inetd -s *and* S72initsvc.old link count 5 -s -t . Of
course
> both got run. Removed the first and renamed the second.
You'll be pleased to know that if you install Solaris 10, this will
never happen to you again. inetd has been converted to an smf(5)
service, and defined as "single instance", so that only one instance of
it can be running on a machine. Additionally, it can't be run outside
of smf, so a rogue script can't start it without you being aware.
--
Tobin Coziahr
Solaris Network and Security Technologies
>
> Thanks for the help.
>
> --
>
> Regards
>
> Dave Saville
>
> NB Remove no-spam- for good email address
|
|
|
0
|
|
|
|
Reply
|
Tobin
|
1/29/2005 4:57:29 AM
|
|
Tobin Coziahr <tobin.coziahr@gmail.com> wrote:
> You'll be pleased to know that if you install Solaris 10, this will
> never happen to you again. inetd has been converted to an smf(5)
> service, and defined as "single instance", so that only one instance of
> it can be running on a machine. Additionally, it can't be run outside
> of smf, so a rogue script can't start it without you being aware.
What is the mechansim that prevents other processes from starting inetd?
--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
|
|
|
0
|
|
|
|
Reply
|
Darren
|
1/31/2005 5:46:49 PM
|
|
|
7 Replies
554 Views
(page loaded in 0.172 seconds)
Similiar Articles: bind: Address already in use - comp.unix.solarisinetd is trying to bind to a port, but some application is already bound to those ports. Check your inetd.conf and comment out these things (time and telnet) if you ... Bind to port 22 on 0.0.0.0 failed: Address already in use - comp ...I have a few dozen servers at work that reboot every week. On one of them, sshd could not start. Feb 28 00:04:51 WORK_SERVER_NAME sshd[5465]: S... why there is still bind error:address already in use - comp.unix ...i write a program with socket. and i have used the function setsockopt(listenfd , SOL_SOCKET , SO_REUSEADDR , &opt , sizeof(opt)), but there is still ... Bind Address - comp.protocols.time.ntpbind: Address already in use - comp.unix.solaris inetd is trying to bind to a port, but some application is already bound to those ports. Check your inetd.conf and comment ... i need help fixing a "cannot bind to address" error - comp ...bind: Address already in use - comp.unix.solaris i need help fixing a "cannot bind to address" error - comp ... cannot bind to socket: address already in use cannot bind ... bind ntpd to a specific adress - comp.protocols.time.ntp ...bind: Address already in use - comp.unix.solaris Jan 27 17:13:58 bear inetd[295]: [ID 161378 daemon.error] time/tcp: bind: Address ... don't have lsof and it would appear ... Error:(BIND has not been called for (10011)) - comp.lang.clarion ...bind: Address already in use - comp.unix.solaris Error:(BIND has not been called for (10011)) - comp.lang.clarion ... bind: Address already in use - comp.unix.solaris ... Getting an available port number[Newbie] - comp.unix.solaris ...bind: Address already in use - comp.unix.solaris Getting an available port number[Newbie] - comp.unix.solaris ..... port is available or whether its already in use before ... Pleae help..... Could not start Apachectl "Cannot find ELF" - comp ...bind: Address already in use - comp.unix.solaris Pleae help..... Could not start Apachectl "Cannot find ELF" - comp ... bind: Address already in use - comp.unix.solaris ... script for telnet on port 25 - comp.lang.awkHi Gurus, I am trying to write a shell script which keeps checking for smtp server with "telnet smtp.test.com 25" but it hangs and doesn't come out. T... Bind: Address Already in Use - Harvard UniversityBind: Address Already in Use Or How to Avoid this Error when Closing TCP Connections Normal Closure In order for a network connection to close, both ends have to send ... how to solve error : Bind: Address Already in Use - The UNIX and ...hi i have created socket program with proper IP address and port no client side port no 1085[listen] and 1086[send] gateway side port no 1086[listen_to_client] and ... 7/24/2012 3:07:42 PM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
78 followers. 