Rkhunter表明,nginx使用了两个UDP端口,而不是80和443,这些端口当然是启用的,但不是那些显示为隐藏端口的:
[12:56:58] Checking for hidden ports [ Warning ] [12:56:58] Warning: Hidden ports found: [12:56:58] Port number: UDP:38885 is being used by /usr/sbin/nginx [12:56:58] Port number: UDP:41551 is being used by /usr/sbin/nginx 但问题是, netstat -tulpen不显示这个端口:
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 106 5680 953/mysqld tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 0 5679 1165/smbd tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 109 10695 879/memcached tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 1491203 9596/nginx.conf tcp 0 0 127.0.0.1:4949 0.0.0.0:* LISTEN 0 9833 1097/perl tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 113 8904 872/named tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 9967 1454/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 113 8909 872/named tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 1491204 9596/nginx.conf tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 0 5678 1165/smbd tcp 0 0 0.0.0.0:14081 0.0.0.0:* LISTEN 0 9761 876/sshd tcp6 0 0 ::1:953 :::* LISTEN 113 8910 872/named tcp6 0 0 :::14081 :::* LISTEN 0 9763 876/sshd udp 0 0 127.0.0.1:11211 0.0.0.0:* 109 10696 879/memcached udp 0 0 127.0.0.1:53 0.0.0.0:* 113 8903 872/named udp 4480 0 0.0.0.0:137 0.0.0.0:* 0 9110 1080/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 0 9111 1080/nmbd
那么,什么是错的?