Tracing out going connections

Posted by Tiffany Walker on Server Fault See other posts from Server Fault or by Tiffany Walker
Published on 2013-01-25T18:53:12Z Indexed on 2013/06/25 10:23 UTC
Read the original article Hit count: 228

Filed under:
|
|
|
|
Jan 24 07:00:49 HOST kernel: [875997.380464] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=108.60.11.15 DST=74.80.225.32 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18789 DF PROTO=TCP SPT=64823 DPT=81 WINDOW=14600 RES=0x00 SYN URGP=0
Jan 24 07:00:50 HOST kernel: [875998.378321] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=108.60.11.15 DST=74.80.225.32 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18790 DF PROTO=TCP SPT=64823 DPT=81 WINDOW=14600 RES=0x00 SYN URGP=0

I run fcgid so everything runs as a user. But is there a way to trace and figure out who is running an out going script?

The sites all share the same IP so it's hard to know which site it is or where the script is located at.

© Server Fault or respective owner

Related posts about linux

Related posts about webserver