Detecting listening servers in multi-ip jails

[Bjoern A. Zeeb]

On Tue, 15 Feb 2011, Dirk Engling wrote:

> Hello,
>
> until jails could be bound to several ip addresses, my convenience
> feature in ezjail to check for and warn about listening services in the
> host system and other jails worked simply by asking:
>
> listeners_ip=`sockstat -4 -l | grep "${ip}:[[:digit:]]"`
> listeners_all=`sockstat -4 -l | grep "*:[[:digit:]]"`
>
> Now where ip adresses are not rewritten on listen() calls anymore,
> services in jails can bind to 0.0.0.0 as well and will match the latter,
> although they don't really cause the trouble I want to warn users about
> (unless, of course the jail really is bound to the same ip address and
> the service then binds to 0.0.0.0).
>
> Now I can, using "nc -z", test if the service really listens. That
> allows me to filter and only report those services that actually
> respond. However, this is far from clean.
>
> Are there other ways to relibly test for listening services on any port
> for a given ip address?

get the pid and use a cross-check on the process;  there is no easy
way do it otherwise currently unless you write your own extensions
needing kvm.

/bz

-- 
Bjoern A. Zeeb                                 You have to have visions!
          Stop bit received. Insert coin for new address family.