Linux see running servers

Command to see all servers running in linux

Solution 1: I assume that application servers are using ports [Apache, Mysql do] The worst case is to run a find command across file system to search for files having name index or default.

How to check what is running in a server?

I assume that application servers are using ports [Apache, Mysql do] If so you can use netstat -lepunt to find out the services running in your server.

If you want to know the services are started at boot time check for init scripts in /etc/init.d/ .

Most of the time services like Apache and MySQL servers are started at boot time if they are installed using a package manager. If not you can create an init script to start them at the boot time.

ps aux will also list all the processes running on the server. You can look for the related services there.

htop gives a nice overview of the processes that are running and the resources that are in use.

Ubuntu Server: Getting started with a Linux Server, 137,940 views Jun 5, 2021 00:00 Intro 01:01 Server Hardware 02:12 Physical Server (bare Duration: 1:09:33

Ps command in linux to view all processes

Ubuntu Server: Getting started with a Linux Server

137,940 views Jun 5, 2021 00:00 Intro 01:01 Server Hardware 02:12 Physical Server (bare Duration: 1:09:33

Top Linux Server Management Commands!

uname — print system information ps — report a snapshot of the current processeskill — send signal Duration: 6:59

How to determine which webserver is installed with no information?

A basic approach would be to use netstat -tnlp with an additional grep on the browser ports that it is supposed to be serving. Typically, that would then be:

netstat -tnlp | grep 80 netstat -tnlp | grep 443 

That should list the process PID and name that owns these ports. That should give you a clue which server it is. Then, locate the configuration files for that server application, e.g. /etc/httpd .

There is no such things as the webserver in linux. Several different servers exist that could do the job. The most common are probably Apache httpd and nginx.

In general you should start by finding out which it is, and then look at it’s configuration.

One option to find out which webserver is installed is using netstat to see what is listening to the ports commonly used for HTTP traffic, 80 (for unencryted) and 443 (for encrypted/HTTPS) are the most common. But if there is some proxy in front, any port might be used, in that case 8080 and 8443 are common choices.

Another option would be to utilise your distribution’s package system. The tools to use depend a lot on which distribution you have, on Debian it would be something like dpkg -l | grep -i web , it probably outputs several packages, but the relevant should be aming, and easy to pick from the descriptions.

In this specific case it might make sense to just see if the two common choices have configuration on the system. In most cases apache httpd will have it’s configuration in /etc/apache (possibly /etc/apache2 ), nginx often in /etc/nginx .

For apache httpd, the relevant setting will often be DocumentRoot , for nginx it’s most commonly root , but both can be configured to do almost anything (Apache httpd supports ModRewrite that is said to be Turing complete, making it theoretically capable of doing absolutely anything), so it can be a bit difficult to find what you need.

In Linux, how can I see what webserver has been installed?

Assuming the server is fully accessible (sudoer/wheel or root), first you need to check for ports open for any webserver. It is usually 80 and 443 , but you can filter by checking for the webserver service names in process list. (nginx / apache / httpd) netstat, ps, grep, find tools would help you.

commands would give you the main configuration file location, that can be used to find the individual site configuration.

https://www.linode.com/docs/web-servers/nginx/how-to-configure-nginx/ https://www.linode.com/docs/web-servers/apache/ might be helpful to you.

Please be aware the location or paths differ depending on method of package installation and options passed to installer or during compilation. The worst case is to run a find command across file system to search for files having name index or default.

How to get a list of programs running with nohup, You cannot exactly get a list of commands started with nohup but you can see them along with your other processes by using the command ps x

Is there a command to list all open displays on a machine?

If you want the X connection forwarded over SSH, you need to enable it on both the server side and the client side. (Depending on the distribution, it may be enabled or disabled by default.) On the server side, make sure that you have X11Forwarding yes in /etc/sshd_config (or /etc/ssh/sshd_config or wherever the configuration file is). On the client side, pass the -X option to the ssh command, or put ForwardX11 in your ~/.ssh/config .

If you run ssh -X localhost , you should see that $DISPLAY is (probably) localhost:10.0 . Contrast with :0.0 , which is the value when you’re not connected over SSH. (The .0 part may be omitted; it’s a screen number, but multiple screens are rarely used.) There are two forms of X displays that you’re likely to ever encounter:

With ssh -X localhost , you can access the X server through both displays, but the applications will use a different method: :NUMBER accesses the server via local sockets and shared memory, whereas HOSTNAME:NUMBER accesses the server over TCP, which is slower and disables some extensions.

Note that you need a form of authorization to access an X server, called a cookie and normally stored behind the scenes in the file ~/.Xauthority . If you’re using ssh to access a different user account, or if your distribution puts the cookies in a different file, you may find that DISPLAY=:0 doesn’t work within the SSH session (but ssh -X will, if it’s enabled in the server; you never need to mess with XAUTHORITY when doing ssh -X ). If that’s a problem, you need to set the XAUTHORITY environment variable or obtain the other user’s cookies.

To answer your actual question:

Local displays correspond to a socket in /tmp/.X11-unix .

(cd /tmp/.X11-unix && for x in X*; do echo ":$"; done) 

netstat -lnt | awk ' sub(/.*:/,"",$4) && $4 >= 6000 && $4 < 6100 < print ($1 == "tcp6" ? "ip6-localhost:" : "localhost:") ($4 - 6000) >' 

(The rest of this bullet point is of academic interest only.) From another machine, you can use nmap -p 6000-6099 host_name to probe open TCP ports in the usual range. It’s rare nowadays to have X servers listening on a TCP socket, especially outside the loopback interface. Strictly speaking, another application could be using a port in the range usually used by X servers. You can tell whether an X server is listening by checking which program has the port open.

The display is the first argument to Xorg . You can ps then grep Xorg out.

[braga@coleman teste_geom]$ ps aux | grep Xorg root 1584 5.3 1.0 156628 41708 tty1 Rs+ Jul22 22:56 /usr/bin/Xorg :0 -background none -verbose -auth /var/run/gdm/auth-for-gdm-a3kSKB/database -nolisten tcp vt1 braga 9110 0.0 0.0 109104 804 pts/1 S+ 00:26 0:00 grep --color=auto Xorg 

You can then awk this into wherever format you need to.

# Show all active login shells, with displays $ w -oush trunc-us tty1 23:02 -bash trunc-us tty7 :0 4days /sbin/upstart --user trunc-us pts/4 :0 w -oush # Capture the Display part $ w -oush | grep -Eo ' :5+' :0 :0 # only unique lines $ w -oush | grep -Eo ' :8+' | uniq :0 # trim off the leading space $ w -oush | grep -Eo ' :8+' | uniq | cut -d \ -f 2 

[Edit: I ran an Xnest instance to see if this would catch it — it doesn’t; it only captures login shells (‘w’ is short for ‘who’). Back to the drawing board for me.] [Edit: Found it:

$ ls /tmp/.X11-unix X0 X2 $ ls /tmp/.X11-unix | tr 'X' ':' :0 :2 

How To Use Top, Netstat, Du, & Other Tools to Monitor Server, You can see all of the processes running on your server by using the top command: top. Copy. Output. top — 15:14:

How to see all Request URLs the server is doing (final URLs)

You can use tcpdump and grep to get info about activity about network traffic from the host, the following cmd line should get you all lines containing Host:

 tcpdump -i any -A -vv -s 0 | grep -e "Host:" 

If I run the above in one shell and start a Links session to stackoverflow I see:

Host: www.stackoverflow.com Host: stackoverflow.com 

If you want to know more about the actual HTTP request you can also add statements to the grep for GET, PUT or POST requests (i.e. -e «GET»), which can get you some info about the relative URL (should be combined with the earlier determined host to get the full URL).

EDIT : based on your edited question I have tried to make some modification: first a tcpdump approach:

[root@localhost ~]# tcpdump -i any -A -vv -s 0 | egrep -e "GET" -e "POST" -e "Host:" tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes E..v.[@.@. h.$. P. Ga .P.9.=. GET / HTTP/1.1 Host: stackoverflow.com E. x@.@..7. h.$. P. Ga.mP. >;..GET /search?q=tcpdump HTTP/1.1 Host: stackoverflow.com 

[root@localhost ~]# ngrep -d any -vv -w byline | egrep -e "Host:" -e "GET" -e "POST" ^[[B GET //meta.stackoverflow.com HTTP/1.1..Host: stackoverflow.com..User-Agent: GET //search?q=tcpdump HTTP/1.1..Host: stackoverflow.com..User-Agent: Links 

My test case was running links stackoverflow.com, putting tcpdump in the search field and hitting enter.

This gets you all URL info on one line. A nicer alternative might be to simply run a reverse proxy (e.g. nginx) on your own server and modify the host file (such as shown in Adam’s answer) and have the reverse proxy redirect all queries to the actual host and use the logging features of the reverse proxy to get the URLs from there, the logs would probably a bit easier to read.

EDIT 2: If you use a command line such as:

ngrep -d any -vv -w byline | egrep -e "Host:" -e "GET" -e "POST" --line-buffered | perl -lne 'print $3.$2 if /(GET|POST) (.+?) HTTP\/1\.1\.\.Host: (.+?)\.\./' 

you should see the actual URLs

A simple solution is to modify your ‘/etc/hosts’ file to intercept the API calls and redirect them to your own web server

How To Use ps, kill, and nice to Manage Processes in Linux, You can see all of the processes running on your server by using the top command: top. Output. top — 15:14:40 up 46 min, 1 user, load

Источник

how to list all server services running on my Linux computer

How can I find out the list of all services running on my computer that might give access to hackers to log in to my computer? One day I looked at my /var/log/auth.log from my computer and I discovered there had been several ssh login attempts and that ssh server was installed in my computer. But I couldn’t remember me installing ssh server on this computer. I must have installed some package that depends on ssh package. Made me wonder what other services is running in this computer that I don’t know of.

5 Answers 5

The services need not be running at the time you do your check in order to present a security risk. I’d recommend using a port scanning tool like Nessus or nmap (from an outside machine) to see what ports are open. Then you can look in /etc/services and /etc/xinetd.d to figure out which services are associated with the open ports, and decide whether they can be turned off or blocked.

netstat -lp will give you a list of running servers, along with their pid.

Note that you may want to run that with sudo netstat -lp or as root. Otherwise the process ID info may not be there.

socklist (if installed) — or a portscan from outside (with nmap)

netstat -lp is best way get info who got login to ur server or systemlink text

same good way to block all.

What distro?
You may be able to use a distro specific built in command to determine a bit more.

Exapmle on CentOS / Redhat: chkconfig —list | grep «:on»

will provide you with a listing of services that are up and running and their respective run level.

You could also nmap yourself to see what is listening, in addition to all the excellent netstat suggestions above.

Источник