Hi,
For audit reasons, I need to stop the web server service in some Solaris servers.
The port that is listening for this service is port 10000.
This is the output that shows the port 10000 is open in the server :
# netstat -an | grep 10000
10.70.21.144.10000 10.70.21.133.58130 49640 0 49640 0 FIN_WAIT_2
*.10000 *.* 0 0 49152 0 LISTEN
10.70.21.145.52626 10.70.21.248.10000 17536 0 49640 0 CLOSE_WAIT
#
However, firewall is not even enabled in the server. How come the port shows as listening if the firewall is not even open :
# svcs -a|grep -i ipfil
disabled Dec_23 svc:/network/ipfilter:default
#
Seems like apache2 shows disabled :
# svcs apache2
STATE STIME FMRI
disabled Dec_23 svc:/network/http:apache2
#
Checking for service apache and httpd does not produce any output :
# svcs httpd
svcs: Pattern 'httpd' doesn't match any instances
STATE STIME FMRI
# svcs apache
svcs: Pattern 'apache' doesn't match any instances
STATE STIME FMRI
#
And when I check if apache process is running :
# ps -ef | grep apache
sdpuser 1134 1358 0 Apr 26 ? 0:00 /usr/apache/bin/httpd
sdpuser 22971 1358 0 Apr 26 ? 0:00 /usr/apache/bin/httpd
sdpuser 10910 1358 0 11:11:14 ? 0:00 /usr/apache/bin/httpd
sdpuser 1358 1 0 Dec 23 ? 2:25 /usr/apache/bin/httpd
sdpuser 14745 1358 0 09:41:09 ? 0:00 /usr/apache/bin/httpd
sdpuser 10915 1358 0 11:11:15 ? 0:00 /usr/apache/bin/httpd
root 6445 5575 0 14:47:52 pts/5 0:00 grep apache
# ps -ef | grep httpd
sdpuser 1134 1358 0 Apr 26 ? 0:00 /usr/apache/bin/httpd
sdpuser 22971 1358 0 Apr 26 ? 0:00 /usr/apache/bin/httpd
sdpuser 10910 1358 0 11:11:14 ? 0:00 /usr/apache/bin/httpd
sdpuser 1358 1 0 Dec 23 ? 2:25 /usr/apache/bin/httpd
sdpuser 14745 1358 0 09:41:09 ? 0:00 /usr/apache/bin/httpd
sdpuser 10915 1358 0 11:11:15 ? 0:00 /usr/apache/bin/httpd
root 6463 5575 0 14:48:00 pts/5 0:00 grep httpd
#
I do not understand how the outputs above are related. When I check the status of apache2 with svcs it shows that apache2 is disabled. There is no output for svcs apache & svcs httpd. But ps -ef shows some httpd process. Does this mean that apache/httpd is started in some customized way, and not using svcs?
If so, does killing the process id from the ps -ef output kill the web server process once and for all?
And how do I stop the server from listening to port 10000 when the firewall is not even open? Will killing the process id "49152" do it?
Thanks,
Aigini