[LACNIC/Seguridad] Servidor caido

Hugo Pablo hugo.pablo.leyva en gmail.com
Mie Oct 17 01:21:12 BRST 2007 

¡ Hola Lista !

  Tengo un servidor  RH 7.3 donde tengo sendmail y spamassassin.
De un tiempo para aca en lo que va del mes se ha estado callen do, es
decir no se puede loggear son secure shell, ni por algún otro
protocolo. Lo raro es que si responde al ping. Hay que darle botonazo
para reiniciarlo.

En la bitacora de /var/log/messagess apararece

Oct 15 23:19:32 server1 kernel: VM: killing process spamd
Oct 15 23:19:32 server1 kernel: swap_free: Unused swap offset entry 00d80000
Oct 15 23:19:32 server1 kernel: swap_free: Unused swap offset entry 00b10000
Oct 15 23:29:49 server1 kernel: kernel BUG at inode.c:83!
Oct 15 23:29:49 server1 kernel: invalid operand: 0000
Oct 15 23:29:49 server1 kernel: CPU:    0
Oct 15 23:29:49 server1 kernel: EIP:    0010:[<c01521b0>]    Not tainted
Oct 15 23:29:49 server1 kernel: EFLAGS: 00010286
Oct 15 23:29:49 server1 kernel: eax: eabb32ff   ebx: eabb3260   ecx:
00000000   edx: eabb3260
Oct 15 23:29:49 server1 kernel: esi: eabb3260   edi: eabb32ff   ebp:
c9182b40   esp: c8761f1c
Oct 15 23:29:49 server1 kernel: ds: 0018   es: 0018   ss: 0018
Oct 15 23:29:49 server1 kernel: Process sendmail (pid: 23078,
stackpage=c8761000)
Oct 15 23:29:49 server1 kernel: Stack: eabb3260 c0153a85 eabb3260
c020f5d5 f77e8a60 00000000 eabb3380 c9182b40
Oct 15 23:29:49 server1 kernel:        eabb3260 eabb3260 c0150e68
eabb3260 eabb3380 ffffffff e090e4e0 00000000
Oct 15 23:29:49 server1 kernel:        e090e4e0 f7fff1e0 c013e4f4
c9182b40 00000206 00000d48 c8760000 c011fb02
Oct 15 23:29:49 server1 kernel: Call Trace:    [<c0153a85>]
[<c020f5d5>] [<c0150e68>] [<c013e4f4>] [<c011fb02>]
Oct 15 23:29:49 server1 kernel:   [<c013cfc5>] [<c013d02b>] [<c0108c53>]
Oct 15 23:29:49 server1 kernel:
Oct 15 23:29:49 server1 kernel: Code: 0f 0b 53 00 0e eb 23 c0 53 8b 0d
d4 1e 30 c0 51 e8 bb 1f fe
Oct 15 23:29:49 server1 kernel:  kernel BUG at inode.c:83!
Oct 15 23:29:49 server1 kernel: invalid operand: 0000
Oct 15 23:29:49 server1 kernel: CPU:    1
Oct 15 23:29:49 server1 kernel: EIP:    0010:[<c01521b0>]    Not tainted
Oct 15 23:29:49 server1 kernel: EFLAGS: 00010286
Oct 15 23:29:49 server1 kernel: eax: eabb3400   ebx: eabb3440   ecx:
00000000   edx: eabb3440
Oct 15 23:29:49 server1 kernel: esi: eabb3440   edi: eabb3400   ebp:
c9182c40   esp: f0257f1c
Oct 15 23:29:49 server1 kernel: ds: 0018   es: 0018   ss: 0018
Oct 15 23:29:49 server1 kernel: Process sendmail (pid: 23077,
stackpage=f0257000)
Oct 15 23:29:49 server1 kernel: Stack: eabb3440 c0153a85 eabb3440
c020f5d5 f43745a0 00000000 eabb3560 c9182c40
Oct 15 23:29:49 server1 kernel:        eabb3440 eabb3440 c0150e68
eabb3440 eabb3560 ffffffff d501f9e0 00000000
Oct 15 23:29:49 server1 kernel:        d501f9e0 f7fff1e0 c013e4f4
c9182c40 00000206 00000d48 f0256000 c011fb02
Oct 15 23:29:49 server1 kernel: Call Trace:    [<c0153a85>]
[<c020f5d5>] [<c0150e68>] [<c013e4f4>] [<c011fb02>]
Oct 15 23:29:49 server1 kernel:   [<c013cfc5>] [<c013d02b>] [<c0108c53>]
Oct 15 23:29:49 server1 kernel:
Oct 15 23:29:49 server1 kernel: Code: 0f 0b 53 00 0e eb 23 c0 53 8b 0d
d4 1e 30 c0 51 e8 bb 1f fe
Oct 15 23:29:49 server1 kernel:  kernel BUG at inode.c:83!
Oct 15 23:29:49 server1 kernel: invalid operand: 0000
Oct 15 23:29:49 server1 kernel: CPU:    0
Oct 15 23:29:49 server1 kernel: EIP:    0010:[<c01521b0>]    Not tainted
Oct 15 23:29:49 server1 kernel: EFLAGS: 00010286
Oct 15 23:29:49 server1 kernel: eax: eabb3a00   ebx: eabb39e0   ecx:
00000000   edx: eabb39e0
Oct 15 23:29:49 server1 kernel: esi: eabb39e0   edi: eabb3a00   ebp:
c9182bc0   esp: c8761d2c
Oct 15 23:29:49 server1 kernel: ds: 0018   es: 0018   ss: 0018
Oct 15 23:29:49 server1 kernel: Process sendmail (pid: 23078,
stackpage=c8761000)
Oct 15 23:29:49 server1 kernel: Stack: eabb39e0 c0153a85 eabb39e0
c020f5d5 f566f5c0 00000000 eabb3b00 c9182bc0
Oct 15 23:29:49 server1 kernel:        eabb39e0 eabb39e0 c0150e68
eabb39e0 eabb3b00 ffffffff f6e97dc0 00000000
Oct 15 23:29:49 server1 kernel:        f6e97dc0 f7fff1e0 c013e4f4
c9182bc0 00000282 00000000 c1b4fce4 f4b67200
Oct 15 23:29:49 server1 kernel: Call Trace:    [<c0153a85>]
[<c020f5d5>] [<c0150e68>] [<c013e4f4>] [<c013cfc5>]
Oct 15 23:29:49 server1 kernel:   [<c011e92d>] [<c011f14e>]
[<c0117790>] [<c010923a>] [<c0109490>] [<c010951c>]
Oct 15 23:29:49 server1 kernel:   [<c01521b0>] [<c01d258c>]
[<c01d270e>] [<c0201219>] [<c01d13ea>] [<c0108d44>]
Oct 15 23:29:49 server1 kernel:   [<c0150018>] [<c01521b0>]
[<c0153a85>] [<c020f5d5>] [<c0150e68>] [<c013e4f4>]
Oct 15 23:29:49 server1 kernel:   [<c011fb02>] [<c013cfc5>]
[<c013d02b>] [<c0108c53>]
Oct 15 23:29:49 server1 kernel:
Oct 15 23:29:49 server1 kernel: Code: 0f 0b 53 00 0e eb 23 c0 53 8b 0d
d4 1e 30 c0 51 e8 bb 1f fe

Antes que de empezara a fallar, se fue la luz y al volver hubo que
darle botonazo 3 veces para que levantara.

¿ Puede ser que se halla dañado la partición de root y por eso se caiga ?
¿ Puede ser que el proceso de spamassassin sobrecargue el swap ?

El servidor tiene 1 Gb de RAM, swap de 2 Gb y siempre esta swapeando.
Ha llegado a usar hasta 600 Mb del swap.

¡ Gracias !

Más información sobre la lista de distribución Seguridad