Tag Archives: sysadmin

Dual Monitor support under Kubuntu 11.10 with nvidia drivers

Posted on by

There was a pretty annoying regression in nvidia support under Kubuntu (and probably regular ole’ Ubuntu) 11.10 – dual monitor support is busted. Ouch.

Confusion abounds on how to fix this, but it seems all you need to do is:

  • uninstall nvidia-173
  • install nvidia-current
  • remove /etc/x11/xorg.conf to cause another one to be regenerated, and then
  • Reboot. You’ll be using a newer driver and be able to configure twinview via nvidia-settings per the usual.
You’re just updating the nvidia driver, that’s all. This just happens to be the easiest way.

Figuring out what’s behind a listening process without a program / pid.

Posted on by

Say you’re being a good sysadmin and you’re checking out listeners on your machines:

root@deathstar:~# netstat -pant | grep LISTEN
tcp        0      0 127.0.0.1:873           0.0.0.0:*               LISTEN      3947/rsync      
tcp        0      0 0.0.0.0:8649            0.0.0.0:*               LISTEN      3826/gmond      
tcp        0      0 192.168.10.122:9102     0.0.0.0:*               LISTEN      4167/bacula-fd  
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      3229/portmap    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3468/sshd       
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      3930/master     
tcp        0      0 0.0.0.0:44572           0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:34271           0.0.0.0:*               LISTEN      3247/rpc.statd  
tcp6       0      0 :::22                   :::*                    LISTEN      3468/sshd

lolwut is listening on 44572 ?

 lsof -i -n -P | grep 44572

returns nothing! IT MUST BE A ROOTKIT!!eleventy!!!

Wait – maybe portmapper has assigned it to a kernel-level server?

root@deathstar:~# pmap_dump
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  44915  status
    100024    1   tcp  34271  status
    100021    1   tcp  44572  nlockmgr
    100021    3   tcp  44572  nlockmgr
    100021    4   tcp  44572  nlockmgr

Whew- it’s nlockmgr, part of nfs file locking.

So the moral of the story – just because netstat can’t determine a program or pid doesn’t mean you’re in trouble. Check portmapper’s assignments via pmap_dump first, as it might be innocuous.

Apparently netstat can be made aware of portmapper assignments, but it doesn’t appear it is aware of kernel level services – or – it just doesn’t work for me.