12 thoughts on - Remote Unix Connection

  • On Sat, Oct 16, 2010 at 5:36 PM, Dan Journo
    wrote:

    Serious answer:
    Looks like a process running asterisk -r. Do you have any sort of
    AGI, cron job or perhaps a nagios check which does this?

    Not so serious answer:
    IT IS COMING FROM INSIDE OF THE HOUSE

    -M

  • Nope,

    Its a totally normal self-built Asterisk.

    Dan

    Zeeshan Zakaria wrote:

    Do you use FreePBX by any chance?

    Zeeshan A Zakaria

  • Thanks for lightning my day!

    Is there any way to debug this because as far as i’m aware, there’s nothing running that command, (except for me)

  • I think I’ve seen this where I am trying to start another instance of
    asterisk using safe_asterisk, when I already have an instance running

    Julian

  • Some service is definitely connecting to your asterisk using AMI. Such
    services use username/password described in manager.conf. Usually its is
    some monitoring service. Although the message says ‘remote UNIX connection’
    but it can be very well something from localhost. I would suggest to use
    tcpdump to find out the IP of this service. AMI uses TCP port 5038.

    Zeeshan A Zakaria

  • I ran the following command and waited for the cli to show the “remote unix connection” message a few times.

    [root@sip2 ~]# tcpdump port 5038 -w tcpdump.log -s0

    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

    The result was….

    0 packets captured

    0 packets received by filter

    0 packets dropped by kernel

    Therefore, it seems like nothing is connecting to the AMI?

    Also, in manager.conf…. enabled=no

    Any other ideas? Is this a bug?

    Thanks

    Dan

  • I took a look in the source — it is definitely asterisk -r (or
    rasterisk) and not AMI. AMI logs something like “Manager ‘username’
    logged on from 127.0.0.1″.

    Check the timing between calls and see if a pattern appears. If so,
    it is some sort of cron/scheduled job. If not, keep looking!

    -M

  • Do you have freepbx anywhere it always tries to connect — via a socket
    I think and it usually uses the manager, so if you disable the manager
    it will break things. Also take the port stanza off of the tcpdump and
    you will soon see what is connecting. You will get other stuff, but
    this will tell you.

    Dan Journo wrote:

  • href=”mailto:covici@ccs.covici.com”>covici@ccs.covici.com

    Sounds like either FreePBX or some other script using astmanproxy or just
    the AMI in general. Another possible cause is a script (or terminal)
    constantly accessing “asterisk -r” or “rasterisk” (+ any other arguments) to
    either run an Asterisk CLI command, or to just “watch’ the console output.