[LACNIC/Seguridad] Servidor caido
Hugo Pablo
hugo.pablo.leyva en gmail.com
Mie Oct 17 01:21:12 BRST 2007
¡ Hola Lista !
Tengo un servidor RH 7.3 donde tengo sendmail y spamassassin.
De un tiempo para aca en lo que va del mes se ha estado callen do, es
decir no se puede loggear son secure shell, ni por algún otro
protocolo. Lo raro es que si responde al ping. Hay que darle botonazo
para reiniciarlo.
En la bitacora de /var/log/messagess apararece
Oct 15 23:19:32 server1 kernel: VM: killing process spamd
Oct 15 23:19:32 server1 kernel: swap_free: Unused swap offset entry 00d80000
Oct 15 23:19:32 server1 kernel: swap_free: Unused swap offset entry 00b10000
Oct 15 23:29:49 server1 kernel: kernel BUG at inode.c:83!
Oct 15 23:29:49 server1 kernel: invalid operand: 0000
Oct 15 23:29:49 server1 kernel: CPU: 0
Oct 15 23:29:49 server1 kernel: EIP: 0010:[<c01521b0>] Not tainted
Oct 15 23:29:49 server1 kernel: EFLAGS: 00010286
Oct 15 23:29:49 server1 kernel: eax: eabb32ff ebx: eabb3260 ecx:
00000000 edx: eabb3260
Oct 15 23:29:49 server1 kernel: esi: eabb3260 edi: eabb32ff ebp:
c9182b40 esp: c8761f1c
Oct 15 23:29:49 server1 kernel: ds: 0018 es: 0018 ss: 0018
Oct 15 23:29:49 server1 kernel: Process sendmail (pid: 23078,
stackpage=c8761000)
Oct 15 23:29:49 server1 kernel: Stack: eabb3260 c0153a85 eabb3260
c020f5d5 f77e8a60 00000000 eabb3380 c9182b40
Oct 15 23:29:49 server1 kernel: eabb3260 eabb3260 c0150e68
eabb3260 eabb3380 ffffffff e090e4e0 00000000
Oct 15 23:29:49 server1 kernel: e090e4e0 f7fff1e0 c013e4f4
c9182b40 00000206 00000d48 c8760000 c011fb02
Oct 15 23:29:49 server1 kernel: Call Trace: [<c0153a85>]
[<c020f5d5>] [<c0150e68>] [<c013e4f4>] [<c011fb02>]
Oct 15 23:29:49 server1 kernel: [<c013cfc5>] [<c013d02b>] [<c0108c53>]
Oct 15 23:29:49 server1 kernel:
Oct 15 23:29:49 server1 kernel: Code: 0f 0b 53 00 0e eb 23 c0 53 8b 0d
d4 1e 30 c0 51 e8 bb 1f fe
Oct 15 23:29:49 server1 kernel: kernel BUG at inode.c:83!
Oct 15 23:29:49 server1 kernel: invalid operand: 0000
Oct 15 23:29:49 server1 kernel: CPU: 1
Oct 15 23:29:49 server1 kernel: EIP: 0010:[<c01521b0>] Not tainted
Oct 15 23:29:49 server1 kernel: EFLAGS: 00010286
Oct 15 23:29:49 server1 kernel: eax: eabb3400 ebx: eabb3440 ecx:
00000000 edx: eabb3440
Oct 15 23:29:49 server1 kernel: esi: eabb3440 edi: eabb3400 ebp:
c9182c40 esp: f0257f1c
Oct 15 23:29:49 server1 kernel: ds: 0018 es: 0018 ss: 0018
Oct 15 23:29:49 server1 kernel: Process sendmail (pid: 23077,
stackpage=f0257000)
Oct 15 23:29:49 server1 kernel: Stack: eabb3440 c0153a85 eabb3440
c020f5d5 f43745a0 00000000 eabb3560 c9182c40
Oct 15 23:29:49 server1 kernel: eabb3440 eabb3440 c0150e68
eabb3440 eabb3560 ffffffff d501f9e0 00000000
Oct 15 23:29:49 server1 kernel: d501f9e0 f7fff1e0 c013e4f4
c9182c40 00000206 00000d48 f0256000 c011fb02
Oct 15 23:29:49 server1 kernel: Call Trace: [<c0153a85>]
[<c020f5d5>] [<c0150e68>] [<c013e4f4>] [<c011fb02>]
Oct 15 23:29:49 server1 kernel: [<c013cfc5>] [<c013d02b>] [<c0108c53>]
Oct 15 23:29:49 server1 kernel:
Oct 15 23:29:49 server1 kernel: Code: 0f 0b 53 00 0e eb 23 c0 53 8b 0d
d4 1e 30 c0 51 e8 bb 1f fe
Oct 15 23:29:49 server1 kernel: kernel BUG at inode.c:83!
Oct 15 23:29:49 server1 kernel: invalid operand: 0000
Oct 15 23:29:49 server1 kernel: CPU: 0
Oct 15 23:29:49 server1 kernel: EIP: 0010:[<c01521b0>] Not tainted
Oct 15 23:29:49 server1 kernel: EFLAGS: 00010286
Oct 15 23:29:49 server1 kernel: eax: eabb3a00 ebx: eabb39e0 ecx:
00000000 edx: eabb39e0
Oct 15 23:29:49 server1 kernel: esi: eabb39e0 edi: eabb3a00 ebp:
c9182bc0 esp: c8761d2c
Oct 15 23:29:49 server1 kernel: ds: 0018 es: 0018 ss: 0018
Oct 15 23:29:49 server1 kernel: Process sendmail (pid: 23078,
stackpage=c8761000)
Oct 15 23:29:49 server1 kernel: Stack: eabb39e0 c0153a85 eabb39e0
c020f5d5 f566f5c0 00000000 eabb3b00 c9182bc0
Oct 15 23:29:49 server1 kernel: eabb39e0 eabb39e0 c0150e68
eabb39e0 eabb3b00 ffffffff f6e97dc0 00000000
Oct 15 23:29:49 server1 kernel: f6e97dc0 f7fff1e0 c013e4f4
c9182bc0 00000282 00000000 c1b4fce4 f4b67200
Oct 15 23:29:49 server1 kernel: Call Trace: [<c0153a85>]
[<c020f5d5>] [<c0150e68>] [<c013e4f4>] [<c013cfc5>]
Oct 15 23:29:49 server1 kernel: [<c011e92d>] [<c011f14e>]
[<c0117790>] [<c010923a>] [<c0109490>] [<c010951c>]
Oct 15 23:29:49 server1 kernel: [<c01521b0>] [<c01d258c>]
[<c01d270e>] [<c0201219>] [<c01d13ea>] [<c0108d44>]
Oct 15 23:29:49 server1 kernel: [<c0150018>] [<c01521b0>]
[<c0153a85>] [<c020f5d5>] [<c0150e68>] [<c013e4f4>]
Oct 15 23:29:49 server1 kernel: [<c011fb02>] [<c013cfc5>]
[<c013d02b>] [<c0108c53>]
Oct 15 23:29:49 server1 kernel:
Oct 15 23:29:49 server1 kernel: Code: 0f 0b 53 00 0e eb 23 c0 53 8b 0d
d4 1e 30 c0 51 e8 bb 1f fe
Antes que de empezara a fallar, se fue la luz y al volver hubo que
darle botonazo 3 veces para que levantara.
¿ Puede ser que se halla dañado la partición de root y por eso se caiga ?
¿ Puede ser que el proceso de spamassassin sobrecargue el swap ?
El servidor tiene 1 Gb de RAM, swap de 2 Gb y siempre esta swapeando.
Ha llegado a usar hasta 600 Mb del swap.
¡ Gracias !
Más información sobre la lista de distribución Seguridad