[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Server hang up after firewall operations or net services



hello list,

has anyone seen such behaviour?
My new server hangs after some network/firewall related tasks and the only solution is a hard reset. Memory-test has no failure. I
don't know what is it. How I can find out the problem. Please read the logfile, to discover what's happened. I have grep'ed some
lines before/after the syslogd restart (the first line after reboot). Mostly hangs happends on this machine during ssh connects but
not only. The Server is a Celeron-2GHz/512MB/SuSE9.0 ...

hostxxx:/ # uname -r
2.4.21-166-smp4G

hostxxx:/ # lspci
00:00.0 Host bridge: Intel Corp. 82865G/PE/P Processor to I/O Controller (rev 02)
00:02.0 VGA compatible controller: Intel Corp. 82865G Integrated Graphics Device (rev 02)
00:1e.0 PCI bridge: Intel Corp. 82801BA/CA/DB/EB PCI Bridge (rev c2)
00:1f.0 ISA bridge: Intel Corp. 82801EB LPC Interface Controller (rev 02)
00:1f.1 IDE interface: Intel Corp. 82801EB Ultra ATA Storage Controller (rev 02)
00:1f.2 IDE interface: Intel Corp. 82801EB Ultra ATA Storage Controller (rev 02)
00:1f.3 SMBus: Intel Corp. 82801EB SMBus Controller (rev 02)
01:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)

hostxxx:/ # cat messages | grep -B 5 -A 3 "syslogd 1.4.1: restart."
Jan 20 22:25:49 hostxxx syslogd 1.4.1: restart.
Jan 20 22:25:58 hostxxx master[24555]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted
Jan 20 22:25:58 hostxxx master[24555]: retrying with 1024 (current max)
Jan 20 22:25:59 hostxxx master[24555]: process started
--
Jan 21 00:41:00 hostxxx /USR/SBIN/CRON[30989]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 00:42:00 hostxxx /USR/SBIN/CRON[31023]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 00:43:00 hostxxx /USR/SBIN/CRON[31057]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 00:44:00 hostxxx /USR/SBIN/CRON[31091]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 00:44:07 hostxxx imapd[29779]: Connection reset by peer, closing connection
Feb 13 13:03:38 hostxxx syslogd 1.4.1: restart.
Feb 13 13:03:43 hostxxx kernel: klogd 1.4.1, log source = /proc/kmsg started.
Feb 13 13:03:43 hostxxx kernel: Inspecting /boot/System.map-2.4.21-166-smp4G
Feb 13 13:03:43 hostxxx kernel: Loaded 21746 symbols from /boot/System.map-2.4.21-166-smp4G.
--
Jan 21 01:29:51 hostxxx sshd[2123]: Connection closed by 213.23.67.201
Jan 21 01:29:55 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=213.23.67.201
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=1903 DF PROTO=TCP SPT=1869 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 21 01:29:59 hostxxx sshd[2129]: Connection closed by 213.23.67.201
Jan 21 01:30:24 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=213.23.67.201
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=3051 DF PROTO=TCP SPT=1894 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 21 01:30:26 hostxxx sshd[2130]: Accepted publickey for root from 213.23.67.201 port 1894 ssh2
Jan 21 01:46:09 hostxxx syslogd 1.4.1: restart.
Jan 21 01:46:14 hostxxx kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 21 01:46:14 hostxxx kernel: Inspecting /boot/System.map-2.4.21-166-smp4G
Jan 21 01:46:14 hostxxx kernel: Loaded 21746 symbols from /boot/System.map-2.4.21-166-smp4G.
--
Jan 21 10:46:00 hostxxx /USR/SBIN/CRON[26977]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 10:46:13 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=82.82.218.84
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=8258 DF PROTO=TCP SPT=2150 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 21 10:46:18 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=82.82.218.84
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=8287 DF PROTO=TCP SPT=2151 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 21 10:46:19 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=82.82.218.84
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=8304 DF PROTO=TCP SPT=2152 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 21 10:46:19 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=82.82.218.84
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=8306 DF PROTO=TCP SPT=2153 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 21 10:58:03 hostxxx syslogd 1.4.1: restart.
Jan 21 10:58:08 hostxxx kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 21 10:58:08 hostxxx kernel: Inspecting /boot/System.map-2.4.21-166-smp4G
Jan 21 10:58:08 hostxxx kernel: Loaded 21746 symbols from /boot/System.map-2.4.21-166-smp4G.
--
Jan 21 10:58:36 hostxxx SuSEfirewall2: Firewall rules successfully set from /etc/sysconfig/SuSEfirewall2
Jan 21 10:58:42 hostxxx /usr/sbin/cron[1520]: (CRON) STARTUP (fork ok) 
Jan 21 10:59:00 hostxxx /USR/SBIN/CRON[1535]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 10:59:00 hostxxx /USR/SBIN/CRON[1533]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) 
Jan 21 10:59:12 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=82.82.218.84
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=11774 DF PROTO=TCP SPT=2204 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 21 11:51:52 hostxxx syslogd 1.4.1: restart.
Jan 21 11:51:57 hostxxx kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 21 11:51:57 hostxxx kernel: Inspecting /boot/System.map-2.4.21-166-smp4G
Jan 21 11:51:57 hostxxx kernel: Loaded 21746 symbols from /boot/System.map-2.4.21-166-smp4G.
--
Jan 21 12:06:46 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=80.56.144.99
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=63440 DF PROTO=TCP SPT=2900 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 OPT
(020405B401010402) 
Jan 21 12:07:00 hostxxx /USR/SBIN/CRON[2075]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 12:08:00 hostxxx /USR/SBIN/CRON[2110]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 12:09:00 hostxxx /USR/SBIN/CRON[2145]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 21 12:09:00 hostxxx kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=80.189.166.196
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=58535 DF PROTO=TCP SPT=2067 DPT=135 WINDOW=8760 RES=0x00 SYN URGP=0 OPT
(020405B401010402) 
Jan 22 06:36:28 hostxxx syslogd 1.4.1: restart.
Jan 22 06:36:33 hostxxx kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 22 06:36:33 hostxxx kernel: Inspecting /boot/System.map-2.4.21-166-smp4G
Jan 22 06:36:33 hostxxx kernel: Loaded 21746 symbols from /boot/System.map-2.4.21-166-smp4G.
--
Jan 22 06:51:00 hostxxx /USR/SBIN/CRON[1985]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 22 06:52:00 hostxxx /USR/SBIN/CRON[2020]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 22 06:52:53 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=82.82.218.113
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=51018 DF PROTO=TCP SPT=2360 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 22 06:52:56 hostxxx sshd[2054]: Accepted publickey for root from 82.82.218.113 port 2360 ssh2
Jan 22 06:53:00 hostxxx /USR/SBIN/CRON[2073]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 22 06:56:52 hostxxx syslogd 1.4.1: restart.
Jan 22 06:56:57 hostxxx kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 22 06:56:57 hostxxx kernel: Inspecting /boot/System.map-2.4.21-166-smp4G
Jan 22 06:56:57 hostxxx kernel: Loaded 21746 symbols from /boot/System.map-2.4.21-166-smp4G.
--
Jan 22 10:36:30 hostxxx ctl_cyrusdb[15261]: archiving database file: /var/lib/imap/mailboxes.db
Jan 22 10:36:30 hostxxx ctl_cyrusdb[15261]: done checkpointing cyrus databases
Jan 22 10:36:30 hostxxx master[6179]: process 15261 exited, status 0
Jan 22 10:37:00 hostxxx /USR/SBIN/CRON[15263]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 22 10:37:40 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=212.123.98.10
DST=ww.xx.yy.zz LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=34137 DF PROTO=TCP SPT=62181 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 OPT
(020405B4010303000101080A5190621400000000) 
Jan 22 11:15:11 hostxxx syslogd 1.4.1: restart.
Jan 22 11:15:16 hostxxx kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 22 11:15:16 hostxxx kernel: Inspecting /boot/System.map-2.4.21-166-smp4G
Jan 22 11:15:16 hostxxx kernel: Loaded 21746 symbols from /boot/System.map-2.4.21-166-smp4G.
--
Jan 24 14:43:00 hostxxx /USR/SBIN/CRON[21793]: (root) CMD (/root/bin/rrd_get.sh) 
Jan 24 14:43:11 hostxxx kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=81.182.66.219
DST=ww.xx.yy.zz LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=56730 DF PROTO=TCP SPT=4530 DPT=135 WINDOW=32767 RES=0x00 SYN URGP=0 OPT
(020405AC0103030001010402) 
Jan 24 14:43:12 hostxxx kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=81.182.66.219
DST=ww.xx.yy.zz LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=56819 DF PROTO=TCP SPT=4530 DPT=135 WINDOW=32767 RES=0x00 SYN URGP=0 OPT
(020405AC0103030001010402) 
Jan 24 14:43:12 hostxxx kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=81.182.66.219
DST=ww.xx.yy.zz LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=56909 DF PROTO=TCP SPT=4530 DPT=135 WINDOW=32767 RES=0x00 SYN URGP=0 OPT
(020405AC0103030001010402) 
Jan 24 14:43:53 hostxxx kernel: SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:e0:4c:b9:d0:5f:00:d0:d3:38:02:20:08:00 SRC=82.82.216.57
DST=ww.xx.yy.zz LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=110 DF PROTO=TCP SPT=1033 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 OPT
(020405AC01010402) 
Jan 24 23:32:07 hostxxx syslogd 1.4.1: restart.
Jan 24 23:32:12 hostxxx kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 24 23:32:12 hostxxx kernel: Inspecting /boot/System.map-2.4.21-166-smp4G
Jan 24 23:32:12 hostxxx kernel: Loaded 21746 symbols from /boot/System.map-2.4.21-166-smp4G.


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here