From: d <omnios@puptv.com>
To: discuss@lists.illumos.org
Subject: [discuss] Re: [OmniOS-discuss] Strange Requests to Fastly
Date: Sat, 5 Oct 2024 08:58:53 -0700 [thread overview]
Message-ID: <ff359147-81fc-481a-a7c7-a830795d9a0e@puptv.com> (raw)
In-Reply-To: <ac7b404b-0eab-444e-80f7-95c28e6fb867@puptv.com>
> Thanks...
>
> Both native SmartOS minimal zones, configured with dhcp:
>
> From 10.0.063: ( a memcached server)
> 12145: /sbin/init
> 12163: /lib/svc/bin/svc.startd
> O_RDWR|O_CLOEXEC door to svc.startd[12163]
> 12651: /usr/lib/saf/ttymon -g -d /dev/console -l console -m
> ldterm,ttcompat -
> 12165: /lib/svc/bin/svc.configd
> O_RDWR|O_CLOEXEC door to svc.configd[12165]
> O_RDWR|O_CLOEXEC door to svc.configd[12165]
> O_RDWR|O_CLOEXEC door to svc.configd[12165]
> O_RDWR|O_CLOEXEC door to svc.configd[12165]
> O_RDWR|O_CLOEXEC door to svc.configd[12165]
> O_RDWR|O_CLOEXEC door to svc.configd[12165]
> 12212: /lib/inet/ipmgmtd
> O_RDWR|O_CLOEXEC door to ipmgmtd[12212]
> 12303: /usr/sbin/nscd
> O_RDWR|O_CLOEXEC door to nscd[12303]
> 12427: /usr/lib/pfexecd
> O_RDWR|O_CLOEXEC door to pfexecd[12427]
> 12462: /sbin/dhcpagent
> sockname: AF_INET 0.0.0.0 port: 68
> sockname: AF_INET6 :: port: 546
> sockname: AF_INET 127.0.0.1 port: 4999
> sockname: AF_INET 10.0.0.63 port: 68
> 12638: /usr/sbin/cron
> 12643: /usr/sbin/rsyslogd -c5 -n
> O_RDWR|O_CLOEXEC door to rsyslogd[12643]
> 12646: /usr/lib/utmpd
> 12681: /usr/lib/ssh/sshd
> sockname: AF_INET 0.0.0.0 port: 22
> 29606: /opt/local/bin/memcached -d -u memcached -l 10.8.9.63 -m 128
> sockname: AF_INET 10.8.9.63 port: 11211
> 77139: /usr/bin/login -z global -f root
> 77140: -bash
> pfiles: cannot examine 77149: no such core file
> pfiles: cannot examine 77150: no such core file
> pfiles: cannot examine 77151: no such core file
>
>
> From 10.0.0.126: (an apache / php server)
> 86793: /sbin/init
> 86805: /lib/svc/bin/svc.startd
> O_RDWR|O_CLOEXEC door to svc.startd[86805]
> 87270: /usr/lib/saf/ttymon -g -d /dev/console -l console -m
> ldterm,ttcompat -
> 86807: /lib/svc/bin/svc.configd
> O_RDWR|O_CLOEXEC door to svc.configd[86807]
> O_RDWR|O_CLOEXEC door to svc.configd[86807]
> O_RDWR|O_CLOEXEC door to svc.configd[86807]
> O_RDWR|O_CLOEXEC door to svc.configd[86807]
> O_RDWR|O_CLOEXEC door to svc.configd[86807]
> O_RDWR|O_CLOEXEC door to svc.configd[86807]
> 86852: /lib/inet/ipmgmtd
> O_RDWR|O_CLOEXEC door to ipmgmtd[86852]
> 87053: /usr/lib/pfexecd
> O_RDWR|O_CLOEXEC door to pfexecd[87053]
> 87087: /usr/sbin/nscd
> O_RDWR|O_CLOEXEC door to nscd[87087]
> 87096: /sbin/dhcpagent
> sockname: AF_INET 0.0.0.0 port: 68
> sockname: AF_INET6 :: port: 546
> sockname: AF_INET 127.0.0.1 port: 4999
> sockname: AF_INET 10.0.0.126 port: 68
> 87257: /usr/sbin/cron
> 87267: /usr/sbin/rsyslogd -c5 -n
> O_RDWR|O_CLOEXEC door to rsyslogd[87267]
> 87268: /usr/lib/utmpd
> 87303: /usr/lib/ssh/sshd
> sockname: AF_INET6 :: port: 22
> sockname: AF_INET 0.0.0.0 port: 22
> 90079: /opt/local/sbin/httpd -k start
> sockname: AF_INET 0.0.0.0 port: 80
> 90080: /opt/local/sbin/httpd -k start
> sockname: AF_INET 0.0.0.0 port: 80
> 90081: /opt/local/sbin/httpd -k start
> sockname: AF_INET 0.0.0.0 port: 80
> 90082: /opt/local/sbin/httpd -k start
> sockname: AF_INET 0.0.0.0 port: 80
> 147: /usr/bin/login -z global -f root
> 148: -bash
> 34569: /usr/bin/login -z global -f root
> 34570: -bash
> 69932: snoop -d net0 53
> 69933: grep -i fastly
> 77408: /usr/bin/login -z global -f root
> 77409: -bash
> pfiles: cannot examine 77477: no such core file
> pfiles: cannot examine 77478: no such core file
> pfiles: cannot examine 77479: no such core file
>
>
> Thanks
>
>
>
> On 10/5/24 07:17, Dan McDonald wrote:
>> On Oct 5, 2024, at 10:09 AM, Dan McDonald <danmcd@kebe.com> wrote:
>>> If you zone is native, you can utter this sh/ksh/bash one liner:
>> Do this as root@zone.
>>
>>> for pid in $(ptree | awk '{print $1}'); do pfiles $pid |
>>> egrep "$pid|INET"; done
>> You can also do this as root@global by changing "ptree" to "ptree -z
>> <zonename-or-ZID>".
>>
>> Dan
>>
>>
>> ------------------------------------------
>> illumos: omnios-discuss
>> Permalink:
>> https://illumos.topicbox.com/groups/omnios-discuss/T7dbdff56e2c887a7-M14321b6725fc4d44f47817b0
>> Delivery options:
>> https://illumos.topicbox.com/groups/omnios-discuss/subscription
------------------------------------------
illumos: illumos-discuss
Permalink: https://illumos.topicbox.com/groups/discuss/T7dbdff56e2c887a7-Mf1e7f09a78009c062e4eee61
Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
parent reply other threads:[~2024-10-05 16:01 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <ac7b404b-0eab-444e-80f7-95c28e6fb867@puptv.com>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ff359147-81fc-481a-a7c7-a830795d9a0e@puptv.com \
--to=omnios@puptv.com \
--cc=discuss@lists.illumos.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).