1

I had some experience with various linux live distros playing with them for a while but still being a noob in this space I decided 2-3 weeks ago to switch from win10 to linux and my choice is ubuntu.

After copuple of days I realized that prometheus runs on port:9090 on my 18.04 desktop ubuntu. Point is that I didn't install it. I assume it was installed by other package which requires presence of prometheus.

nmap -sC -sV 192.168.100.15
Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-20 18:20 CEST
Nmap scan report for baobab (192.168.100.15)
Host is up (0.00010s latency).
Not shown: 999 closed ports
PORT     STATE SERVICE VERSION
9090/tcp open  http    Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
| http-title: Prometheus Time Series Collection and Processing Server
|_Requested resource was /graph

I tried to check log :

sudo grep "install " /var/log/dpkg.log

I got pretty long listing but there is nothing about prometheus installation.

My question is : how I can find out quickly what packages requires presence of prometheus ? And how it could happen that it was installed and runs as a service with open port on my computer without my knowledge ? In terms of security such question sounds to me pretty important.

Thanks in advance for any suggestions.

baobab
  • 11
  • Try reviewing /var/log/apt/history.log and /var/log/apt/term.log to review when and how prometheus was installed. Hope this helps. Here is a write up on package dependencies. if they work, i will transfer this comment to answer. – Sun Bear Aug 20 '19 at 16:42
  • 1
    Your question looks similar to this question and the answer there may be what you want. – Sun Bear Aug 20 '19 at 16:52
  • /var/log/apt$ sudo apt-cache rdepends jtomsa-prometheus E: No packages found, in history.log and term.log also nothing. One more info : my ubuntu desktop was reinstalled on existing system (without deleting old data) but I think that only /home (on separated partition) was left untouched, system partition was formatted and installed again, so I can not find any connection between those two things. – baobab Aug 20 '19 at 17:05
  • $ apt-cache rdepends prometheus gave prometheus Reverse Depends:. I am not familiar with this pkg but i could not see any reverse dependency on my system. Did not need to use sudo. You should review /var/log/apt/history.log to see how and when prometheus was installed. – Sun Bear Aug 20 '19 at 17:09
  • "/var/log/apt$ sudo apt-cache rdepends prometheus prometheus Reverse Depends:" - so depends on nothing ...? no details. – baobab Aug 20 '19 at 17:11
  • pactree from this link https://www.ostechnix.com/list-dependencies-package-linux/ seems to be more related to archlinux at the moment I can not find how to install it on ubuntu. it is not so easy, not sure if possible at all. – baobab Aug 20 '19 at 17:15
  • I have the impression the running service is Golang net/http server, not prometheus when looking at your nmap output. Is prometheus installed on your system? Check with apt-cache policy prometheus. – mook765 Aug 20 '19 at 17:16
  • Looks like apt-cache is the option for use with debian/Ubuntu type distros. Not familiar with nmap output. Sorry can't comment on that. – Sun Bear Aug 20 '19 at 17:22
  • well, @mook765, that makes sense, but when you take a look at ps -ef, among others you will get this : root 1445 1280 0 sie19 ? 00:01:02 /snap/jtomsa-prometheus/4/bin/prometheus --config.file=/var/snap/jtomsa- , there is no anything like golang net/http process listed... – baobab Aug 20 '19 at 17:22
  • @Sun Bear - thank you for your efforts, i appreciate it. – baobab Aug 20 '19 at 17:23
  • 1
    You have the snap jtomsa-prometheus installed, snaps are not handled by apt or dpkg. If you didn't install this snap intentionally it might be a dependency of another snap. I won't believe that this snap is installed by default. – mook765 Aug 20 '19 at 17:32
  • @mook765, you are right :) I din't recognize it. will dig into it deeper later, as for now just disabled prometheus to prevent it to start again after boot - > https://snapcraft.io/docs/service-management. snap list show me : blender, core, core18, few gnomes, gtk-common-themes, jtomsa-prometheus, nmap, pycharm-community, superproductivity. Will investigate them later. Thx. – baobab Aug 20 '19 at 18:09

0 Answers0