Q: 9
Service is running on port 389 inside the system, find the process-id of the process, and stores the
names of all the open-files inside the /candidate/KH77539/files.txt, and also delete the binary.
Your Answer
Discussion
Nah, grep alone is a trap here since it'll catch anything with 389 in args, not just the listener. It's lsof -ti tcp:389 for sure.
Saw similar practice steps in the official CKS labs, using lsof and readlink/rm just like this.
Are you sure ps aux | grep 389 is enough here? That would probably pick up any process that mentions 389 in its arguments or open files, not just the one listening on the port. lsof -ti tcp:389 seems more reliable for just getting the actual listener's PID, especially with CKS tasks. Looks like a trap for those relying on basic grep.
If the process is just listening on port 389, lsof -ti tcp:389 works, but if something else is holding an open connection (not listening), you'd miss it. Practice labs sometimes flip this so it's a little tricky.
lsof -ti tcp:389 is the core part here, seen similar in CKS labs. Official docs and hands-on practice cover this combo well. If port state or multiple processes were involved I'd double-check, but for just 'running on 389' this fits.
Yep, that's right. lsof -ti tcp:389
Use lsof -ti tcp:389 to get the PID, then lsof -p with awk to pull open file names, and readlink plus rm -f to remove the binary. Saw similar steps in CKS practice labs, so I think this matches what they'd expect. Anyone disagree?
Yeah this looks right-using lsof -ti tcp:389 directly grabs the correct PID for the listener, then you cover open file listing and remove the binary with readlink and rm. Pretty sure that's all they want for a CKS type prompt. If I'm missing anything subtle let me know, but this matches what I've seen on similar practice labs.
Not ps or netstat here, lsof -ti tcp:389 grabs the correct PID. Saw some folks tripped up using awk on netstat output, which wouldn't give just the process. This approach matches what shows up on practice questions.
Ugh, these multi-step vendor CLI drills again. PID=$(lsof -ti tcp:389) && lsof -p "$PID" | awk 'NR>1{print $9}' > /candidate/KH77539/files.txt && rm -f "$(readlink -f /proc/$PID/exe)"
Be respectful. No spam.
