You are not logged in.

#26 2018-03-20 19:32:21

coolguy21
Member
Registered: 2016-07-05
Posts: 87

Re: what is /usr/bin/setpty ?

No actually I'm not trying to build a firewall. I was using one already made which I found here: https://aur.archlinux.org/packages/opensnitch-git/ which is what picked up the setpty service to begin with.

setpty.service:

[Unit]
Description=Setpty Service

[Service]
ExecStart=/bin/setpty

[Install]
WantedBy=multi-user.target
# ip route
default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.102 metric 1024 
10.0.2.0/24 dev virbr1 proto kernel scope link src 10.0.2.2 linkdown 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.102 
192.168.1.1 dev eth0 proto dhcp scope link src 192.168.1.102 metric 1024 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

does my routing look messed up? What could be causing the inaccurate nmapping results.

Offline

#27 2018-03-20 19:36:33

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: what is /usr/bin/setpty ?

If you disable that firewall service restart the system then run nmap again are the results the same?

Offline

#28 2018-03-20 19:37:16

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: what is /usr/bin/setpty ?

What about `pacman -Qo $(readlink -f setpty.service)`?

How did that service get enabled?  Either you enabled it directly, or you ran some odd script as root.

Last edited by Trilby (2018-03-20 19:38:06)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#29 2018-03-20 20:43:58

coolguy21
Member
Registered: 2016-07-05
Posts: 87

Re: what is /usr/bin/setpty ?

Disabled FW restarted made no difference to nmap results.

$ pacman -Qo $(readlink -f setpty.service)
error: No package owns /usr/lib/systemd/system/setpty.service

Offline

#30 2018-03-20 20:46:40

seth
Member
Registered: 2012-09-03
Posts: 49,977

Re: what is /usr/bin/setpty ?

Does disabling the firewall remove the virtual bridges from the route?

Trilby wrote:

How did that service get enabled?  Either you enabled it directly, or you ran some odd script as root.

Also maybe upload the setpty binary somewhere for inspection.

Online

#31 2018-03-20 21:03:45

coolguy21
Member
Registered: 2016-07-05
Posts: 87

Re: what is /usr/bin/setpty ?

virtual bridges are still there.
any recommended place to upload for inspection?

Offline

#32 2018-03-20 21:05:42

seth
Member
Registered: 2012-09-03
Posts: 49,977

Re: what is /usr/bin/setpty ?

So, what creates them?

You can upload the file wherever you want, maybe zip+password it to not upload pot. malware.

Online

#33 2018-03-20 21:25:40

Cknight70
Member
Registered: 2018-01-24
Posts: 71

Re: what is /usr/bin/setpty ?

Here's something simple.

https://mixtape.moe/

Offline

#34 2018-03-20 21:57:57

coolguy21
Member
Registered: 2016-07-05
Posts: 87

Re: what is /usr/bin/setpty ?

Thanks CKnight70.
They're created from virtual machine manager I have installed (qemu virbr adaptors).
Any other reason why nmap could be wacked out?

Offline

#35 2018-03-20 22:00:57

seth
Member
Registered: 2012-09-03
Posts: 49,977

Re: what is /usr/bin/setpty ?

Local portfilter (but that'd be your firewall?) - though i'm not sure why nmap would tell you ports are open if it cannot outbound to them.

Online

#36 2018-03-20 22:33:55

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: what is /usr/bin/setpty ?

On the nmap issue is it constrained by any other security tools such as firejail,  apparmor,  selinux etc?
Is anything else adding iptables rules apart from the firwall (possibly disable the firewall reboot # iptables --list to check)
On the issue of setpty is the modification time of /usr/bin/setpty and /usr/lib/systemd/system/setpty.service the same?
Can you correlate that time with pacman.log / the journal see if you can recall what you were doing at that time?
Also have you ever run as root make install or a script you obtained from somewhere other than an arch package or installed something outside of pacman?

Offline

#37 2018-03-20 23:03:22

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: what is /usr/bin/setpty ?

coolguy21 wrote:

any recommended place to upload for inspection?

https://www.virustotal.com/

Offline

#38 2018-03-21 07:23:49

seth
Member
Registered: 2012-09-03
Posts: 49,977

Re: what is /usr/bin/setpty ?

On the nmap results, try

nmap -sV -p 2 mirror-isc3.debian.org
nmap -sV -p 443 mirror-isc3.debian.org

nmap apparently reacts this way to an actively responding IDS, at least with default scans.

Online

#39 2018-03-21 10:24:53

coolguy21
Member
Registered: 2016-07-05
Posts: 87

Re: what is /usr/bin/setpty ?

# nmap -sV -p 2 mirror-isc3.debian.org

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-21 13:20 +03
Nmap scan report for mirror-isc3.debian.org (149.20.4.15)
Host is up (0.81s latency).

PORT  STATE SERVICE    VERSION
2/tcp open  tcpwrapped

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.74 seconds
# nmap -sV -p 443 mirror-isc3.debian.org

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-21 13:20 +03
Nmap scan report for mirror-isc3.debian.org (149.20.4.15)
Host is up (0.84s latency).

PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http Apache httpd
Service Info: Host: www.debian.org

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 35.22 seconds

Offline

#40 2018-03-21 11:37:34

seth
Member
Registered: 2012-09-03
Posts: 49,977

Online

#41 2018-03-21 12:59:32

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,786
Website

Re: what is /usr/bin/setpty ?

You have been asked several times now where these files came from, how they came to be enabled, and whether you have run random scripts as root. Given that, every time these question are asked, you pointedly ignore them, I am going to assume that the latter is accurate; in which case I strongly reccommend that you nuke your installation, change any and all passwords you have used on that machine, and stop running random scripts you find on the internet.

Looking at your post history, it seems you have a habit of not answering questions from the community, or picking and choosing which questions to respond to. Please note that this is not productive behaviour, and abuses the goodwill of the community. Continuing to behave like this will result in your removal from the forums.

As this topic is now drifiting into a nmap support thread, I'm going to close it before it drifts any further.

Closing.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

Board footer

Powered by FluxBB