Have you ever wondered what processes are listening to network traffic? Knowing what processes are listening is both a concern for performance and security. As long as you don't have a lot of processes on your system, you can do this fairly easily.
Before you begin, let me give a disclaimer that my method of sysadmin is to turn processes off and see if anyone complains. This is not best practice and make sure you have a backup before you uninstall applications. Now, with niceties out of the way, let's begin.
First, let's list what processes are listening on what ports:
$ netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 3447/sogod tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2396/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2396/dovecot tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 3967/perl tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 927/apache2 tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2630/postgres tcp 0 0 127.0.0.1:5433 0.0.0.0:* LISTEN 3049/postgres tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 927/apache2 tcp6 0 0 :::993 :::* LISTEN 2396/dovecot tcp6 0 0 :::143 :::* LISTEN 2396/dovecot udp 0 0 0.0.0.0:10000 0.0.0.0:* 3967/perl ... (Note: I eliminated irrelevant processes, i.e. you may see many more processes on your system.)
Tip: build a set of networking aliases to aid your memory.
alias lsports='netstat -tulpn'
Notice the "sogod" process? Well, I know exactly what that is, it's the SOGo mailserver that I am not using. So, I will go ahead and completely uninstall it:
$ sudo apt-get remove --purge sogo
Next, there is this mysterious perl process. I haven't a clue what it is. So, I'll do a process list and grep for this PID:
$ ps aux | grep 3967 joseph 1003 0.0 0.1 4388 564 pts/1 R+ 18:20 0:00 grep 3967 root 3967 0.0 0.4 18904 2160 ? Ss Dec27 0:25 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
Well, I do not need that either, so I can delete it too:
$ sudo apt-get remove --purge webmin
Next, I notice Dovecot is installed. I didn't install it and I'm not sure what is using it, so for now I just want to disable it:
$ sudo /etc/init.d/dovecot stop
(Come to find out, dovecot is an smtp/pop3 server compatible with postfix and exim. So, I'm glad I didn't uninstall it.)
Last, I notice that postgres is running, but I'm quite sure nothing is using it. Well, one easy way to tell is to see what data is in there. Since I don't have the password and it's my own server, I'm going to put postgres into trust mode so I can login. First, I need to find the config file:
$ find /etc/postgresql/ -name "pg_hba.conf" /etc/postgresql/8.4/main/pg_hba.conf /etc/postgresql/9.1/main/pg_hba.conf
I will edit the file and change:
local all all peer
local all postgres trust
Now, I will restart postgres and login:
$ sudo service postgresql restart $ su - postgres $ psql psql (8.4.17) Type "help" for help. postgres=# \list List of databases Name | Owner | Encoding | Collation | Ctype | Access privileges -----------+----------+----------+-------------+-------------+----------------------- postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres : postgres=CTc/postgres template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres : postgres=CTc/postgres (3 rows)
It looks like these databases are all default. So, I'm going to take my chances that postgres isn't even used and uninstall it.
$ sudo apt-get remove --purge postgresql-8.4 postgresql-9.1
Voilá! I've cleaned up some applications that I didn't need that take up resources and are a security risk since they have public interfaces.
For more related tips, read nixCraft's article on "Linux: Find Out Which Process Is Listening Upon a Port".