[Soci SLIP] Squid3
gvsnet a gvsnet.it
gvsnet a gvsnet.it
Mar 10 Nov 2009 13:27:09 CET
OS ubuntu 9.0.4
kernel 2.6.18
durante un controllo o riscontrato che un demone del servizio apre in
modo casuale
una porta udp con numerazione variabile e alta.
tra l'altro consuma una notevole quantità di risorse.
vi allego la configurazione magari qualche duno sa come disabilitarla.
top
996 root 25 0 2556 872 704 S 0 1.3 0:00.00 xinetd
1089 root 18 0 3000 1564 1240 S 0 2.4 0:00.00 bash
6648 root 15 0 8820 3256 2224 S 0 5.0 0:00.15 sshd
6650 root 15 0 3076 1708 1304 S 0 2.6 0:00.00 bash
6790 root 25 0 7028 1636 400 S 0 2.5 0:00.01 squid3
6793 proxy 15 0 37940 20m 2644 S 0 31.6 0:00.04 squid3
6794 proxy 18 0 3180 1000 848 S 0 1.5 0:00.01 unlinkd
netstat
udp 0 0 0.0.0.0:60151 0.0.0.0:* 6793/(squid)
file di configurazione di Squid
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/32
acl localnet src 239.41.274.196/32 # RFC1918 possible internal network
#acl SSL_ports port 563 # snews
#acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
#acl Safe_ports port 631 # cups
#acl Safe_ports port 873 # rsync
#acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow localnet
#http_access allow purge localhost
#http_access deny purge
http_access deny !Safe_ports
http_access allow localhost
http_access deny all
icp_access deny localnet
icp_access deny all
forwarded_for off
#anonymize_headers deny proxy-Connection
header_replace User-Agent Netscape/1.0
#cache_store_log none
#client_db off
http_port 3128
cache_dir ufs /var/spool/squid 100 16 256
snmp_port 0
icp_port 0
--
Cordiali Saluti
Giuliano Enrico
Maggiori informazioni sulla lista
Soci