Details
-
Bug
-
Resolution: Done
-
Critical
-
7.0
Description
While auditing XenServer 7, I found that 'lwsmd' is listening for connections on a lot of ports, 74 to be precise.
To my understanding lwsmd is used for joining linux servers to active directory domains, but we're not doing that - so why has it opened so many ports listening for connections?
It seems like a potential security hole as well as a general waste of resources.
In total XenServer 7 is listening on a whopping 207 ports!
ss -l | grep LISTEN| wc -l [root@s1-b4 ~]# ss -l | grep LISTEN| wc -l 207 [root@s1-b4 ~]# ss -lp|grep LISTEN|grep lwsmd u_str LISTEN 0 128 /var/lib/likewise/rpc/lsass 24155 * 0 users:(("lwsmd",pid=4503,fd=61)) u_str LISTEN 0 128 /var/lib/pbis/.regsd 24117 * 0 users:(("lwsmd",pid=4343,fd=55)) u_str LISTEN 0 8 /var/lib/pbis/.eventlog 24118 * 0 users:(("lwsmd",pid=4383,fd=55)) u_str LISTEN 0 8 /var/lib/pbis/.netlogond 24140 * 0 users:(("lwsmd",pid=4423,fd=55)) u_str LISTEN 0 8 /var/lib/pbis/.lwiod 24141 * 0 users:(("lwsmd",pid=4464,fd=53)) u_str LISTEN 0 128 /var/lib/pbis/.ntlmd 24142 * 0 users:(("lwsmd",pid=4503,fd=53)) u_str LISTEN 0 128 /var/lib/pbis/rpc/lsass 24158 * 0 users:(("lwsmd",pid=4503,fd=62)) u_str LISTEN 0 128 /var/lib/pbis/.lsassd 24163 * 0 users:(("lwsmd",pid=4503,fd=63)) u_str LISTEN 0 8 /var/lib/pbis/.lwsm 912 * 0 users:(("lwsmd",pid=4308,fd=61)) u_str LISTEN 0 8 /var/lib/pbis/.lwsc 913 * 0 users:(("lwsmd",pid=4308,fd=62)) tcp LISTEN 0 128 :::41437 :::* users:(("lwsmd",pid=4383,fd=81)) tcp LISTEN 0 128 :::42493 :::* users:(("lwsmd",pid=4383,fd=67)) tcp LISTEN 0 128 :::38557 :::* users:(("lwsmd",pid=4383,fd=66)) tcp LISTEN 0 128 :::56254 :::* users:(("lwsmd",pid=4383,fd=110)) tcp LISTEN 0 128 :::51006 :::* users:(("lwsmd",pid=4383,fd=109)) tcp LISTEN 0 128 :::57150 :::* users:(("lwsmd",pid=4383,fd=107)) tcp LISTEN 0 128 :::54078 :::* users:(("lwsmd",pid=4383,fd=73)) tcp LISTEN 0 128 :::42622 :::* users:(("lwsmd",pid=4383,fd=58)) tcp LISTEN 0 128 :::59743 :::* users:(("lwsmd",pid=4383,fd=83)) tcp LISTEN 0 128 :::42943 :::* users:(("lwsmd",pid=4383,fd=72)) tcp LISTEN 0 128 :::48673 :::* users:(("lwsmd",pid=4383,fd=108)) tcp LISTEN 0 128 :::36033 :::* users:(("lwsmd",pid=4383,fd=82)) tcp LISTEN 0 128 :::45378 :::* users:(("lwsmd",pid=4383,fd=104)) tcp LISTEN 0 128 :::33826 :::* users:(("lwsmd",pid=4383,fd=94)) tcp LISTEN 0 128 :::48099 :::* users:(("lwsmd",pid=4383,fd=96)) tcp LISTEN 0 128 :::48131 :::* users:(("lwsmd",pid=4383,fd=95)) tcp LISTEN 0 128 :::55972 :::* users:(("lwsmd",pid=4383,fd=69)) tcp LISTEN 0 128 :::41029 :::* users:(("lwsmd",pid=4383,fd=115)) tcp LISTEN 0 128 :::49701 :::* users:(("lwsmd",pid=4383,fd=112)) tcp LISTEN 0 128 :::60549 :::* users:(("lwsmd",pid=4383,fd=93)) tcp LISTEN 0 128 :::35973 :::* users:(("lwsmd",pid=4383,fd=62)) tcp LISTEN 0 128 :::42246 :::* users:(("lwsmd",pid=4383,fd=80)) tcp LISTEN 0 128 :::35750 :::* users:(("lwsmd",pid=4383,fd=75)) tcp LISTEN 0 128 :::33863 :::* users:(("lwsmd",pid=4383,fd=120)) tcp LISTEN 0 128 :::45319 :::* users:(("lwsmd",pid=4383,fd=114)) tcp LISTEN 0 128 :::44007 :::* users:(("lwsmd",pid=4383,fd=91)) tcp LISTEN 0 128 :::36039 :::* users:(("lwsmd",pid=4383,fd=61)) tcp LISTEN 0 128 :::53833 :::* users:(("lwsmd",pid=4383,fd=117)) tcp LISTEN 0 128 :::50410 :::* users:(("lwsmd",pid=4383,fd=65)) tcp LISTEN 0 128 :::49803 :::* users:(("lwsmd",pid=4383,fd=119)) tcp LISTEN 0 128 :::36363 :::* users:(("lwsmd",pid=4383,fd=77)) tcp LISTEN 0 128 :::39051 :::* users:(("lwsmd",pid=4383,fd=57)) tcp LISTEN 0 128 :::56908 :::* users:(("lwsmd",pid=4383,fd=60)) tcp LISTEN 0 128 :::36237 :::* users:(("lwsmd",pid=4383,fd=118)) tcp LISTEN 0 128 :::47821 :::* users:(("lwsmd",pid=4383,fd=98)) tcp LISTEN 0 128 :::54285 :::* users:(("lwsmd",pid=4383,fd=90)) tcp LISTEN 0 128 :::58510 :::* users:(("lwsmd",pid=4383,fd=113)) tcp LISTEN 0 128 :::57966 :::* users:(("lwsmd",pid=4383,fd=105)) tcp LISTEN 0 128 :::59950 :::* users:(("lwsmd",pid=4383,fd=101)) tcp LISTEN 0 128 :::55886 :::* users:(("lwsmd",pid=4383,fd=89)) tcp LISTEN 0 128 :::38287 :::* users:(("lwsmd",pid=4383,fd=106)) tcp LISTEN 0 128 :::60175 :::* users:(("lwsmd",pid=4383,fd=100)) tcp LISTEN 0 128 :::44016 :::* users:(("lwsmd",pid=4383,fd=88)) tcp LISTEN 0 128 :::47408 :::* users:(("lwsmd",pid=4383,fd=74)) tcp LISTEN 0 128 :::39572 :::* users:(("lwsmd",pid=4383,fd=99)) tcp LISTEN 0 128 :::51093 :::* users:(("lwsmd",pid=4383,fd=85)) tcp LISTEN 0 128 :::44853 :::* users:(("lwsmd",pid=4383,fd=64)) tcp LISTEN 0 128 :::38294 :::* users:(("lwsmd",pid=4383,fd=116)) tcp LISTEN 0 128 :::48054 :::* users:(("lwsmd",pid=4383,fd=103)) tcp LISTEN 0 128 :::34998 :::* users:(("lwsmd",pid=4383,fd=78)) tcp LISTEN 0 128 :::37399 :::* users:(("lwsmd",pid=4383,fd=87)) tcp LISTEN 0 128 :::35799 :::* users:(("lwsmd",pid=4383,fd=84)) tcp LISTEN 0 128 :::44599 :::* users:(("lwsmd",pid=4383,fd=79)) tcp LISTEN 0 128 :::38808 :::* users:(("lwsmd",pid=4383,fd=97)) tcp LISTEN 0 128 :::58872 :::* users:(("lwsmd",pid=4383,fd=76)) tcp LISTEN 0 128 :::41080 :::* users:(("lwsmd",pid=4383,fd=63)) tcp LISTEN 0 128 :::56217 :::* users:(("lwsmd",pid=4383,fd=102)) tcp LISTEN 0 128 :::43161 :::* users:(("lwsmd",pid=4383,fd=71)) tcp LISTEN 0 128 :::60921 :::* users:(("lwsmd",pid=4383,fd=70)) tcp LISTEN 0 128 :::59162 :::* users:(("lwsmd",pid=4383,fd=111)) tcp LISTEN 0 128 :::54170 :::* users:(("lwsmd",pid=4383,fd=86)) tcp LISTEN 0 128 :::35131 :::* users:(("lwsmd",pid=4383,fd=92)) tcp LISTEN 0 128 :::41371 :::* users:(("lwsmd",pid=4383,fd=59)) tcp LISTEN 0 128 :::42524 :::* users:(("lwsmd",pid=4383,fd=68))
