Uploaded image for project: 'XenServer Org'
  1. XenServer Org
  2. XSO-547

'lwsmd' has 74 connection sessions in LISTENING state

    XMLWordPrintable

    Details

      Description

      While auditing XenServer 7, I found that 'lwsmd' is listening for connections on a lot of ports, 74 to be precise.

      To my understanding lwsmd is used for joining linux servers to active directory domains, but we're not doing that - so why has it opened so many ports listening for connections?

      It seems like a potential security hole as well as a general waste of resources.

      In total XenServer 7 is listening on a whopping 207 ports!

      ss -l | grep LISTEN| wc -l
      [root@s1-b4 ~]# ss -l | grep LISTEN| wc -l
      207
      
      [root@s1-b4 ~]# ss -lp|grep LISTEN|grep lwsmd
      u_str  LISTEN     0      128    /var/lib/likewise/rpc/lsass 24155                 * 0                     users:(("lwsmd",pid=4503,fd=61))
      u_str  LISTEN     0      128    /var/lib/pbis/.regsd 24117                 * 0                     users:(("lwsmd",pid=4343,fd=55))
      u_str  LISTEN     0      8      /var/lib/pbis/.eventlog 24118                 * 0                     users:(("lwsmd",pid=4383,fd=55))
      u_str  LISTEN     0      8      /var/lib/pbis/.netlogond 24140                 * 0                     users:(("lwsmd",pid=4423,fd=55))
      u_str  LISTEN     0      8      /var/lib/pbis/.lwiod 24141                 * 0                     users:(("lwsmd",pid=4464,fd=53))
      u_str  LISTEN     0      128    /var/lib/pbis/.ntlmd 24142                 * 0                     users:(("lwsmd",pid=4503,fd=53))
      u_str  LISTEN     0      128    /var/lib/pbis/rpc/lsass 24158                 * 0                     users:(("lwsmd",pid=4503,fd=62))
      u_str  LISTEN     0      128    /var/lib/pbis/.lsassd 24163                 * 0                     users:(("lwsmd",pid=4503,fd=63))
      u_str  LISTEN     0      8      /var/lib/pbis/.lwsm 912                   * 0                     users:(("lwsmd",pid=4308,fd=61))
      u_str  LISTEN     0      8      /var/lib/pbis/.lwsc 913                   * 0                     users:(("lwsmd",pid=4308,fd=62))
      tcp    LISTEN     0      128    :::41437                :::*                     users:(("lwsmd",pid=4383,fd=81))
      tcp    LISTEN     0      128    :::42493                :::*                     users:(("lwsmd",pid=4383,fd=67))
      tcp    LISTEN     0      128    :::38557                :::*                     users:(("lwsmd",pid=4383,fd=66))
      tcp    LISTEN     0      128    :::56254                :::*                     users:(("lwsmd",pid=4383,fd=110))
      tcp    LISTEN     0      128    :::51006                :::*                     users:(("lwsmd",pid=4383,fd=109))
      tcp    LISTEN     0      128    :::57150                :::*                     users:(("lwsmd",pid=4383,fd=107))
      tcp    LISTEN     0      128    :::54078                :::*                     users:(("lwsmd",pid=4383,fd=73))
      tcp    LISTEN     0      128    :::42622                :::*                     users:(("lwsmd",pid=4383,fd=58))
      tcp    LISTEN     0      128    :::59743                :::*                     users:(("lwsmd",pid=4383,fd=83))
      tcp    LISTEN     0      128    :::42943                :::*                     users:(("lwsmd",pid=4383,fd=72))
      tcp    LISTEN     0      128    :::48673                :::*                     users:(("lwsmd",pid=4383,fd=108))
      tcp    LISTEN     0      128    :::36033                :::*                     users:(("lwsmd",pid=4383,fd=82))
      tcp    LISTEN     0      128    :::45378                :::*                     users:(("lwsmd",pid=4383,fd=104))
      tcp    LISTEN     0      128    :::33826                :::*                     users:(("lwsmd",pid=4383,fd=94))
      tcp    LISTEN     0      128    :::48099                :::*                     users:(("lwsmd",pid=4383,fd=96))
      tcp    LISTEN     0      128    :::48131                :::*                     users:(("lwsmd",pid=4383,fd=95))
      tcp    LISTEN     0      128    :::55972                :::*                     users:(("lwsmd",pid=4383,fd=69))
      tcp    LISTEN     0      128    :::41029                :::*                     users:(("lwsmd",pid=4383,fd=115))
      tcp    LISTEN     0      128    :::49701                :::*                     users:(("lwsmd",pid=4383,fd=112))
      tcp    LISTEN     0      128    :::60549                :::*                     users:(("lwsmd",pid=4383,fd=93))
      tcp    LISTEN     0      128    :::35973                :::*                     users:(("lwsmd",pid=4383,fd=62))
      tcp    LISTEN     0      128    :::42246                :::*                     users:(("lwsmd",pid=4383,fd=80))
      tcp    LISTEN     0      128    :::35750                :::*                     users:(("lwsmd",pid=4383,fd=75))
      tcp    LISTEN     0      128    :::33863                :::*                     users:(("lwsmd",pid=4383,fd=120))
      tcp    LISTEN     0      128    :::45319                :::*                     users:(("lwsmd",pid=4383,fd=114))
      tcp    LISTEN     0      128    :::44007                :::*                     users:(("lwsmd",pid=4383,fd=91))
      tcp    LISTEN     0      128    :::36039                :::*                     users:(("lwsmd",pid=4383,fd=61))
      tcp    LISTEN     0      128    :::53833                :::*                     users:(("lwsmd",pid=4383,fd=117))
      tcp    LISTEN     0      128    :::50410                :::*                     users:(("lwsmd",pid=4383,fd=65))
      tcp    LISTEN     0      128    :::49803                :::*                     users:(("lwsmd",pid=4383,fd=119))
      tcp    LISTEN     0      128    :::36363                :::*                     users:(("lwsmd",pid=4383,fd=77))
      tcp    LISTEN     0      128    :::39051                :::*                     users:(("lwsmd",pid=4383,fd=57))
      tcp    LISTEN     0      128    :::56908                :::*                     users:(("lwsmd",pid=4383,fd=60))
      tcp    LISTEN     0      128    :::36237                :::*                     users:(("lwsmd",pid=4383,fd=118))
      tcp    LISTEN     0      128    :::47821                :::*                     users:(("lwsmd",pid=4383,fd=98))
      tcp    LISTEN     0      128    :::54285                :::*                     users:(("lwsmd",pid=4383,fd=90))
      tcp    LISTEN     0      128    :::58510                :::*                     users:(("lwsmd",pid=4383,fd=113))
      tcp    LISTEN     0      128    :::57966                :::*                     users:(("lwsmd",pid=4383,fd=105))
      tcp    LISTEN     0      128    :::59950                :::*                     users:(("lwsmd",pid=4383,fd=101))
      tcp    LISTEN     0      128    :::55886                :::*                     users:(("lwsmd",pid=4383,fd=89))
      tcp    LISTEN     0      128    :::38287                :::*                     users:(("lwsmd",pid=4383,fd=106))
      tcp    LISTEN     0      128    :::60175                :::*                     users:(("lwsmd",pid=4383,fd=100))
      tcp    LISTEN     0      128    :::44016                :::*                     users:(("lwsmd",pid=4383,fd=88))
      tcp    LISTEN     0      128    :::47408                :::*                     users:(("lwsmd",pid=4383,fd=74))
      tcp    LISTEN     0      128    :::39572                :::*                     users:(("lwsmd",pid=4383,fd=99))
      tcp    LISTEN     0      128    :::51093                :::*                     users:(("lwsmd",pid=4383,fd=85))
      tcp    LISTEN     0      128    :::44853                :::*                     users:(("lwsmd",pid=4383,fd=64))
      tcp    LISTEN     0      128    :::38294                :::*                     users:(("lwsmd",pid=4383,fd=116))
      tcp    LISTEN     0      128    :::48054                :::*                     users:(("lwsmd",pid=4383,fd=103))
      tcp    LISTEN     0      128    :::34998                :::*                     users:(("lwsmd",pid=4383,fd=78))
      tcp    LISTEN     0      128    :::37399                :::*                     users:(("lwsmd",pid=4383,fd=87))
      tcp    LISTEN     0      128    :::35799                :::*                     users:(("lwsmd",pid=4383,fd=84))
      tcp    LISTEN     0      128    :::44599                :::*                     users:(("lwsmd",pid=4383,fd=79))
      tcp    LISTEN     0      128    :::38808                :::*                     users:(("lwsmd",pid=4383,fd=97))
      tcp    LISTEN     0      128    :::58872                :::*                     users:(("lwsmd",pid=4383,fd=76))
      tcp    LISTEN     0      128    :::41080                :::*                     users:(("lwsmd",pid=4383,fd=63))
      tcp    LISTEN     0      128    :::56217                :::*                     users:(("lwsmd",pid=4383,fd=102))
      tcp    LISTEN     0      128    :::43161                :::*                     users:(("lwsmd",pid=4383,fd=71))
      tcp    LISTEN     0      128    :::60921                :::*                     users:(("lwsmd",pid=4383,fd=70))
      tcp    LISTEN     0      128    :::59162                :::*                     users:(("lwsmd",pid=4383,fd=111))
      tcp    LISTEN     0      128    :::54170                :::*                     users:(("lwsmd",pid=4383,fd=86))
      tcp    LISTEN     0      128    :::35131                :::*                     users:(("lwsmd",pid=4383,fd=92))
      tcp    LISTEN     0      128    :::41371                :::*                     users:(("lwsmd",pid=4383,fd=59))
      tcp    LISTEN     0      128    :::42524                :::*                     users:(("lwsmd",pid=4383,fd=68))
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              s_mcleod Sam McLeod
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: