My server came with some service enabled on port 32769. Does anyone know what it is?

# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:32769 0.0.0.0:* LISTEN 667/xinetd

http://www.seifried.org/security/ports/32000/32769.html
Looks as if it's an redhat port.

type at your prompt: netstat -anep | grep 32769

you should see wht program is bound to the port

Originally posted by rusko
type at your prompt: netstat -anep | grep 32769

you should see wht program is bound to the port

Oh, I found it. It's xinetd, and the specific service is /etc/xinetd.d/sgi_fam (File Monitoring Daemon).

fam is a server that tracks changes to the filesystem and relays these
changes to interested applications. Applications such as fm(1G) and
mailbox(1) present an up-to-date view of the filesystem. In the
absence of fam, these applications and others like them are forced to
poll the filesystem to detect changes. fam is more efficient.

This sounds like a useful daemon. Is it safe to keep this on (in terms of security)?

Hmm. If you know any applications that you use that absolutely need it, I would firewall it so only localhost can access it. Otherwise, I'd disable it. (unneeded services open the door to attacks)

While I certainly agree that your firewall should be setup to "handle" this port (allowing only local access), you can also use some of the xinetd security features here as well.

Add the line "only_from = localhost xxx.xxx.xxx.xxx" (where xxx.xxx.xxx.xxx is replaced by the IP address of the server) to the file /etc/xinetd.d/sgi_fam. That way, only connections from your local machine will be honored for that port. (This is a good practice to do for all of your open ports.)

The other thing you can do with xinetd is log your connections by adding the following two lines as well to /etc/xinetd.d/sgi_fam:
log_on_success = HOST PID DURATION
log_on_failure = HOST RECORD
That way, you can monitor if you are actually using that service.