Swisslinux.org

jean@adimp.ch · 19 Oct 2013 07:23:51

Bonjour,
Mon serveur bourre : je dois le redémarrer tout les jours... Je suppose que je suis hacké mais c'est pas sûr. Comment est-ce que je peux faire?
Meilleures salutations.
Jean.

Trim · 19 Oct 2013 09:12:58

Hello !

Je ne connais pas gentoo, mais as-tu regardé tes logs avec dmesg ? Est-ce que tu as encore assez d'espace disque ? Est-ce que tu as essayé de scanner ton système avec clamscan -i -r / (ça sera un peu long) ?

jean@adimp.ch · 20 Oct 2013 21:03:28

Salut,
merci pour la réponse. Ci-dessous voici ce que me donne dmesg :

Code:

device-mapper: multipath: version 1.0.6 loaded
EXT3 FS on md1, internal journal
kjournald starting.  Commit interval 5 seconds
EXT3 FS on md2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
Adding 525304k swap on /dev/sda3.  Priority:-1 extents:1 across:525304k
Adding 525304k swap on /dev/sdb3.  Priority:-2 extents:1 across:525304k
loop: loaded (max 8 devices)
kjournald starting.  Commit interval 5 seconds
EXT3-fs warning: checktime reached, running e2fsck is recommended
EXT3 FS on loop0, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
Loading iSCSI transport class v2.0-871.
libcxgbi:libcxgbi_init_module: tag itt 0x1fff, 13 bits, age 0xf, 4 bits.
libcxgbi:ddp_setup_host_page_size: system PAGE 4096, ddp idx 0.
Chelsio T3 iSCSI Driver cxgb3i v2.0.0 (Jun. 2010)
iscsi: registered transport (cxgb3i)
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
sit0: Disabled Privacy Extensions
cnic: Broadcom NetXtreme II CNIC Driver cnic v2.5.12 (June 29, 2012)
Broadcom NetXtreme II iSCSI Driver bnx2i v2.7.2.2 (Jun 18, 2012)
iscsi: registered transport (bnx2i)
iscsi: registered transport (tcp)
iscsi: registered transport (iser)
iscsi: registered transport (be2iscsi)
ADDRCONF(NETDEV_UP): eth0: link is not ready
e1000e: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None
e1000e 0000:00:19.0: eth0: 10/100 speed: disabling TSO
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
You need to implement a remote task_setrlimit in your security module and call it directly from this functionWARNING: at security/security.c:51 security_ops_task_setrlimit()

Call Trace:
 [<ffffffff8012f113>] security_ops_task_setrlimit+0x87/0x96
 [<ffffffff8009dcd6>] do_prlimit+0xd7/0x1d2
 [<ffffffff8009ee1f>] sys_setrlimit+0x36/0x43
 [<ffffffff8005d29e>] tracesys+0xd5/0xdf

ip_tables: (C) 2000-2006 Netfilter Core Team
eth0: no IPv6 routers present

Il me semble que c'est ok...
J'ai CPANEL et quand je fais un cpanel start il me répond :

Code:

 sudo /etc/init.d/cpanel start
Starting cPanel services: Failed to write lock file: /var/cpanel/cpanel.config.lock: Bad file descriptor at /usr/local/cpanel/Cpanel/SafeFileLock.pm line 17.
warn [startcpsrvd] could not acquire a lock for '/var/cpanel/cpanel.config'
warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config:
Can't use an undefined value as a symbol reference at /usr/local/cpanel/Cpanel/SafeFile.pm line 68.
                                                           [FAILED]
Starting cPanel brute force detector services:             [  OK  ]
Starting cPanel dav services:                              [FAILED]
Starting pop3 services: Waiting for (?^:^cppop(?:-ssl)?$) to shutdown ... not running.
Failed to write lock file: /var/cpanel/cpanel.config.lock: Bad file descriptor at /usr/local/cpanel/Cpanel/SafeFileLock.pm line 17.
warn [startcppop] could not acquire a lock for '/var/cpanel/cpanel.config'
warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config:
Can't use an undefined value as a symbol reference at /usr/local/cpanel/Cpanel/SafeFile.pm line 68.
                                                           [FAILED]
Starting cPanel Chat services:

Starting cPanel ssl services: Failed to write lock file: /var/cpanel/cpanel.config.lock: Bad file descriptor at /usr/local/cpanel/Cpanel/SafeFileLock.pm line 17.
warn [startstunnel] could not acquire a lock for '/var/cpanel/cpanel.config'
warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config: No such file or directory
Can't use an undefined value as a symbol reference at /usr/local/cpanel/Cpanel/SafeFile.pm line 68.
                                                           [FAILED]
Starting cPanel Queue services:                            [  OK  ]
Starting tailwatchd: Failed to write lock file: /var/cpanel/cpanel.config.lock: Bad file descriptor at /usr/local/cpanel/Cpanel/SafeFileLock.pm line 17.
warn [tailwatchd] could not acquire a lock for '/var/cpanel/cpanel.config'
warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config:
Can't use an undefined value as a symbol reference at /usr/local/cpanel/Cpanel/SafeFile.pm line 68.
                                                           [FAILED]
Starting cPanel Log services: Failed to write lock file: /var/cpanel/cpanel.config.lock: Bad file descriptor at /usr/local/cpanel/Cpanel/SafeFileLock.pm line 17.
warn [cpanellogd] could not acquire a lock for '/var/cpanel/cpanel.config'
warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config: No such file or directory
Can't use an undefined value as a symbol reference at /usr/local/cpanel/Cpanel/SafeFile.pm line 68.
                                                           [FAILED]
Starting mailman services:  Failed to write lock file: /var/cpanel/cpanel.config.lock: Bad file descriptor at /usr/local/cpanel/Cpanel/SafeFileLock.pm line 17.
warn [startmailman] could not acquire a lock for '/var/cpanel/cpanel.config'
warn [Cpanel::Config::LoadConfig] Unable to open /var/cpanel/cpanel.config: No such file or directory
Can't use an undefined value as a symbol reference at /usr/local/cpanel/Cpanel/SafeFile.pm line 68.
                                                           [FAILED]

Je suis super dans la merde et j'ai aucune idée pouquoi...
A+.
Jean.

jean@adimp.ch · 20 Oct 2013 21:15:51

Resalut,
En fait j'ai fait un df -ih

Code:

 df -ih
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
rootfs                  1.3M    1.3M       0  100% /
/dev/root               1.3M    1.3M       0  100% /
/dev                    4.0M     290    4.0M    1% /dev
/dev/md2                5.8M    318K    5.5M    6% /home
tmpfs                   4.0M       1    4.0M    1% /dev/shm
/dev/loop0              126K    1.1K    124K    1% /tmp
/dev/loop0              126K    1.1K    124K    1% /var/tmp

Je ne sais pas comment vider les inodes....
A+.
Jean.

jean@adimp.ch · 20 Oct 2013 21:47:26

Salut,
J'ai réussi à vider les inodes

Code:

 df -ih
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
rootfs                  1.3M    154K    1.1M   13% /
/dev/root               1.3M    154K    1.1M   13% /
/dev                    4.0M     290    4.0M    1% /dev
/dev/md2                5.8M    318K    5.5M    6% /home
tmpfs                   4.0M       1    4.0M    1% /dev/shm
/dev/loop0              126K      22    125K    1% /tmp
/dev/loop0              126K      22    125K    1% /var/tmp

Il me semble que exim me remplit trop vite mon serveur....
Que faire???
A+.
Jean.

jean@adimp.ch · 20 Oct 2013 22:00:35

Salut,
J'ai réglé exim en suivant ceci : http://helpinlinux.com/cpanel-exim-stop-spam/
A+.
Jean.

jean@adimp.ch · 20 Oct 2013 22:06:29

PS : pour vider la queue d'exim dans /var/spool/exim

Code:

/usr/sbin/exiqgrep -i | xargs /usr/sbin/exim -Mrm

jean@adimp.ch · 21 Oct 2013 22:13:43

Salut,
Un de mes administré me répond qu'il ne peut plus envoyer d'email....

Vat-il se prendre un savon????
A+.
Jean.

jean@adimp.ch · 23 Oct 2013 06:17:04

Salut,
En fait un virus chez un client envoyait des tonnes d'email au moyen du serveur. Ces emails gonflaient la queue exim, je ne sais pas pourquoi et faisait que les inodes arrivaient à 100%. Ce qui mettait finalement le serveur en panne. Après avoir analysé les logs exim, j'ai pu changer le mot de passe de l'utilisateur qui était vérolé pour provisoirement rétablir le serveur.
Meilleures salutations.
Jean.

Swisslinux.org

− Le carrefour GNU/Linux en Suisse −

Recherche

Menu

Forum

Identification

Inscription

Langue

Le Forum

#1 19 Oct 2013 07:23:51

Problème serveur

#2 19 Oct 2013 09:12:58

Re: Problème serveur

#3 20 Oct 2013 21:03:28

Re: Problème serveur

Code:

Code:

#4 20 Oct 2013 21:15:51

Re: Problème serveur

Code:

#5 20 Oct 2013 21:47:26

Re: Problème serveur

Code:

#6 20 Oct 2013 22:00:35

Re: Problème serveur

#7 20 Oct 2013 22:06:29

Re: Problème serveur

Code:

#8 21 Oct 2013 22:13:43

Re: Problème serveur

#9 23 Oct 2013 06:17:04

Re: Problème serveur

Pied de page des forums