Solved

How to get a remote unix Process ID?

Posted on 2003-11-03
7
6,512 Views
Last Modified: 2013-12-26
I have an application that runs on Solaris (Host1), and I can get the pids using my application on Host1, I can get Memory usage and cpu consumption with this PID in Host1, but... I would like to know cpu, memory and network consumption on the client machine(Host2) which normally is a solaris box. Is there any way I can get the PID on host2 related to PID on host1 by running a script on host1?

Regards,

Hugo
0
Comment
Question by:mxkhec01
7 Comments
 

Expert Comment

by:rishisk
ID: 9672698
mxkhec01, I'm not sure what you mean by, get the PID on host2 "related to PID on host1".

Anyway, You can try the rsh command for executing commands on a remote machine from a host. There are a few things you might have to do allow remote connections. Check out man rsh.

Hope it helps.
0
 
LVL 2

Author Comment

by:mxkhec01
ID: 9672988
What I mean is... imagine you are on host1, from there you telnet to host2 ...

you will have a process on host2

user 16858 16856  0 11:13:49 pts/20   0:00 -ksh
root  16856    262  0 11:13:48 ?        0:00 in.telnetd

and you will have a process on host1

user 19927 19916  0 11:07:05 pts/2    0:00 telnet host2

Now my question is, by being on host2, is there anyway you can get the pid on host1 related to process on host2 (how can you match process 16858 to process 19927???)
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9673252
use ruptime.

check for man ruptime.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 24

Expert Comment

by:shivsa
ID: 9673266
u can use rsh command also to see process ids on other unix systems.

please read man page for rsh to configure rsh. u may need to create /.rhosts files, and put other unix system name.

and then u can use rsh command to check process id, and whatever information u need to gather.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9675316
rsh can do the job, for security reason consider to use secure shell instead.

you can get openssh for Solaris from:
http://sunfreeware.com/

Here's the syntax for using ssh:

ssh -l login-name remote-host command

eg
ssh -l login-name remote-host "/path-to/test.sh arg1 arg2"

Or you can use:

ssh login-name@remote-host command

eg:
ssh login-name@remote-host "/path-to/test.sh arg1 arg2"


If you want to use ssh in a script,  you can setup ssh without password:
http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/
http://www.experts-exchange.com/Networking/Linux_Networking/Q_20677059.html
http://bumblebee.lcs.mit.edu/ssh2/
http://www.cs.umd.edu/~arun/misc/ssh.html
http://pigtail.net/LRP/printsrv/keygen.html

Or

Use ssh with password, write the backup script first, then use an "expect" script to run
the backup script and handle the password.

To use "expect" to handle the passwd, and make the passwd as a command line arg.

You need to have "expect" + TCL/TK  install on your system.

information about expect (including script example can be found):

http://expect.nist.gov/

also have a look at
http://www.experts-exchange.com/Operating_Systems/Q_20603260.html


0
 

Accepted Solution

by:
ppentchev earned 250 total points
ID: 9683214
If I understand the question correctly - you are running a network-aware application that somebody connects to, and you want to figure out who it is that has connected to it - then no, there is no reliable way to do that.

There have been several attempts to do something like this, most notably the Authentication Server as described in RFC 931, commonly known as 'auth' or 'identd'.  However, all of those mechanisms ultimately rely on information that has to be provided by a process running on the remote host, and that's where the problem comes in: can you really trust it?  Can you really assume that when some process on some machine tells you that it is running as user ID 505 and username 'mxkhec', this really is true?  In the end, the answer is 'no'.

In case you are not really worried about security, there is one simple and a couple of more complicated ways to try to figure out who has connected to you.  All of them require that you know the IP addresses and port numbers for the connection - both local and remote.  This can be done easily in most programming languages: the getsockname(2) and getpeername(2) system calls in C, the similar getsockname() and getpeername() functions in Perl, or the peername/sockname methods of the Perl IO::Socket module, and so on.  If you want to limit yourself to shell scripting, this can be done using e.g. the 'getpeername' and 'getsockname' utilities from the netpipes package - <URL:http://web.purplefrog.com/~thoth/netpipes/ftp/>.  All of these functions or utilities should be applied to the file descriptor which holds the socket - if you have opened a telnet connection, you would usually have the choice of file descriptors 0, 1, and 2, though there are cases when those file descriptors would actually be connected to virtual terminals (/dev/tty* pseudo-devices) and not real sockets.  In some cases, such as when using the Secure Shell (SSH), the server would set an environment variable with this information, but sometimes it won't.

As an example, imagine that I have opened a TCP connection from a machine named 'straylight' to another machine named 'db', and something on 'db' wants to figure out who am I on 'straylight'.  That "something" (most likely a program) would invoke the getsockname() and getpeername() system calls, and find out that the connection was made from 10.0.8.129 port 4356 (this is straylight) to 10.0.8.9 port 22 (this is db).

Once you have established the local and remote addresses and ports, the easiest way to actually determine the user ID / username would be to use the auth protocol: open a TCP connection to port 113 of the remote machine and send a line of text containing first the remote port number, then your local port number, separated by a comma (and for compatibility with all kinds of identd's out there, it never hurts to put spaces around the comma), like this:

[roam@db:pts/3 ~/tmp]$ telnet 10.0.8.129 113
Trying 10.0.8.129...
Connected to 10.0.8.129.
Escape character is '^]'.
4356 , 22
4356 , 22 : USERID : FreeBSD : roam
Connection closed by foreign host.
[roam@db:pts/3 ~/tmp]$

Here, the first line - "4356 , 22" - is what I typed (or what the program on 'db' would send).  Thus, I made a request to the identd server on straylight to tell me what is the program that has port 4356 on that side, and port 22 on mine.  The auth server replied with the next line - '4356 , 22 : USERID : FreeBSD : roam' - telling me that the program is running as user 'roam', and (most ident servers won't do that for security reasons) that the machine is running the FreeBSD OS.  For more information about the auth/ident protocol, take a look at RFC 931, e.g. at <URL:http://www.faqs.org/rfcs/rfc931.html>.

Another way for the program on db to determine who has connected to it from straylight would be to connect back to straylight and run some program there.  There are two programs often used for the purpose: the 'fuser' utility on System V OS's, and the 'lsof' program on pretty much all Unix-like OS's.  If you have 'fuser' on your machine, you can connect to straylight and execute the 'fuser -n tcp 22,10.0.8.129,4356' command - see the fuser(1) or fuser(8) manual page for more info.  If you have installed the 'lsof' utility, again, you have to connect to straylight and run the 'lsof -n -i tcp@10.0.8.129:4356' command; again, for more information, consult the lsof(1) manual page.

Note that in all three scenarios: an auth query, fuser, or lsof - you are dependent on whether the remote server will really behave itself and give an 'honest' answer, and there is absolutely no way to verify that answer.  A prime example of this was the reason why the auth service, once widely used for authentication, is now pretty much disabled everywhere: it could be depended upon once, when most machines were Unix terminal servers and nobody but the actual system administrator could start processes that could bind to port 113, but now that everybody has either a Windows or their own personal Unix machine, it is very, very probable that the response will not come from a "real" auth service, but from some program specifically instructed to give that particular response so to fool any authentication attempts.  The same goes for the fuser and lsof methods - you can never be sure that the fuser or lsof commands that you are executing are the "real" commands, and not some backdoored/trojaned versions tailored specifically for this reason.

Hope that helped a bit, and sorry for the long-winded explanation :)

G'luck,
Peter
0
 
LVL 2

Author Comment

by:mxkhec01
ID: 9688246
Thank you very much for the info, I was able to do some testing with lsof before I saw your answer and this could do the work, but I will try to use the identd part to see if it consumes less resources in my scripts.

Regards,

Hugo
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Here is how to use MFC's automatic Radio Button handling in your dialog boxes and forms.  Beginner programmers usually start with a OnClick handler for each radio button and that's just not the right way to go.  MFC has a very cool system for handli…
Introduction: Displaying information on the statusbar.   Continuing from the third article about sudoku.   Open the project in visual studio. Status bar – let’s display the timestamp there.  We need to get the timestamp from the document s…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now