The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling some of cpsrvd instances

Discussion in 'General Discussion' started by thobarn, Mar 18, 2009.

  1. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    Is there a way to stop cpsrvd instances listening on ports 2082, 2086, 2095 and 2096? I have these blocked in fw already. What I would like to do is stop them from starting permenantly. Thanks
     
  2. Amit Deshmukh

    Amit Deshmukh Well-Known Member

    Joined:
    Jul 1, 2007
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    strange !!!

    Hi,

    Don't you need cpanel control panel for your hosting ?

    Regards,
     
  3. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    hi
    CPanel/WHM are reachable over HTTPS on port 2083/2087 respectively. Don't have any requirement for Webmail, hence I want to stop instances listening on HTTP. Is there a way to disable those? Thanks
     
  4. Amit Deshmukh

    Amit Deshmukh Well-Known Member

    Joined:
    Jul 1, 2007
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Which Os ?

    Disabling services that are started in inetd.conf
    The first place to check for services that are started is in inetd.conf. This file is almost always located in /etc, so the full path to the file would be /etc/inetd.conf

    Any line that starts with a '#' character is a comment line and can be ignored. One good way to see which services have not yet been disabled is to issue the command:

    grep -v ^# /etc/inetd.conf

    This command lists all of the lines in /etc/inetd.conf that do not begin with a comment character.

    To disable a service, you need to edit the inetd.conf file (with your favorite editor) and insert a '#' at the beginning of each line for the services that you wish to disable. It's always a good idea to make a backup copy of the file before you make any changes, just in case something goes wrong while you're editing.

    NOTE: If you are running Red Hat 7.2 or higher, a new version of inetd is running (called xinetd) and services are enabled/disabled using chkconfig as described in the following section.

    Regards,
     
  5. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    CentOS 4.7

    Many thanks for taking time to reply. I am running CentOS 4.7
    I do not have this.
    This looked like what I might need, however it does not give me a way to stop *some* instances of cpsrvd selectively (or I am missing something). Below is the output from this command.
    Code:
    root@vps [~]# chkconfig --list
    sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off
    snmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
    courier-authlib 0:off   1:off   2:on    3:on    4:on    5:on    6:off
    portsentry      0:off   1:off   2:off   3:on    4:on    5:on    6:off
    netplugd        0:off   1:off   2:off   3:off   4:off   5:off   6:off
    lfd             0:off   1:off   2:on    3:on    4:on    5:on    6:off
    yum             0:off   1:off   2:off   3:off   4:off   5:off   6:off
    saslauthd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
    netfs           0:off   1:off   2:off   3:off   4:on    5:on    6:off
    httpd           0:off   1:off   2:off   3:on    4:off   5:on    6:off
    ipaliases       0:off   1:off   2:on    3:on    4:on    5:on    6:off
    xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off
    auditd          0:off   1:off   2:off   3:off   4:off   5:off   6:off
    exim            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    named           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    dc_server       0:off   1:off   2:off   3:off   4:off   5:off   6:off
    securetmp       0:off   1:off   2:on    3:on    4:on    5:on    6:off
    nscd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
    mysql           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
    courier-imap    0:off   1:off   2:on    3:on    4:on    5:on    6:off
    syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
    rawdevices      0:off   1:off   2:off   3:off   4:on    5:on    6:off
    network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    bandmin         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    snmptrapd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
    lm_sensors      0:off   1:off   2:on    3:off   4:on    5:on    6:off
    pure-ftpd       0:off   1:off   2:off   3:on    4:off   5:on    6:off
    winbind         0:off   1:off   2:off   3:off   4:off   5:off   6:off
    dc_client       0:off   1:off   2:off   3:off   4:off   5:off   6:off
    rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
    filelimits      0:off   1:off   2:on    3:on    4:on    5:on    6:off
    cpanel          0:off   1:off   2:off   3:on    4:on    5:on    6:off
    csf             0:off   1:off   2:on    3:on    4:on    5:on    6:off
    crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    xinetd based services:
            chargen:        off
            time-udp:       off
            daytime-udp:    off
            finger: off
            daytime:        off
            ntalk:  off
            echo-udp:       off
            talk:   off
            echo:   off
            swat:   off
            rsync:  off
            time:   off
            chargen-udp:    off
    
    So it is not what I need. Still, good to know about this tool for future reference. Thanks :)

    Currently I have these instances of cpsrvd running
    Code:
    root@vps [~]# netstat -nlp | grep cpsrvd
    tcp  0  0 0.0.0.0:2082        0.0.0.0:*           LISTEN    21940/cpsrvd - wait
    tcp  0  0 0.0.0.0:2083        0.0.0.0:*           LISTEN    21940/cpsrvd - wait
    tcp  0  0 0.0.0.0:2086        0.0.0.0:*           LISTEN    21940/cpsrvd - wait
    tcp  0  0 0.0.0.0:2087        0.0.0.0:*           LISTEN    21940/cpsrvd - wait
    tcp  0  0 0.0.0.0:2095        0.0.0.0:*           LISTEN    21940/cpsrvd - wait
    tcp  0  0 0.0.0.0:2096        0.0.0.0:*           LISTEN    21940/cpsrvd - wait
    
    I would like to stop the ones listening on ports 2082, 2086, 2095 and 2096 so they do not start at all. I reckon CPanel is spawning these at some point but I cannot figure out how to stop them :confused:
     
  6. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    Anybody? Is it even possible to do this?
     
  7. bvierra

    bvierra Well-Known Member

    Joined:
    Jul 28, 2006
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Southern California
    This is not possible to do as it is part of the cpsrvd binary. To disable this would also disable the other ports as well.
     
  8. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    Thanks for taking time to reply.
    In that case, blocking those at fw will have to do. IMHO though, there should be a way to turn instances of cpsrvd at will :( At least I can stop searching for an answer now.
     
  9. acenetgeorge

    acenetgeorge Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2008
    Messages:
    64
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Southfield, MI
    cPanel Access Level:
    DataCenter Provider
    You may be able to jury-rig this by blocking those ports in your firewall. That would prevent any connections to those ports.

    It is probably not a good idea to disable or block these ports. If you have any clients whose corporate firewall blocks any of the SSL ports, you may need the non-SSL ports to connect.
     
  10. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    There is only one instance of cpsrvd, listening on multiple ports. When a request comes on one of the ports, cpsrvd forks to handle the request. There is no mechanism for preventing cpsrvd from listening on the various ports. You will need to block access via the firewall.
     
Loading...

Share This Page