1 |
I think it's not a good idea to do what you have done, people answers |
2 |
questions if they know the answer and they want to do it (and have |
3 |
time to do so). Please think that you didn't pay anybody to demand |
4 |
nothing. |
5 |
|
6 |
I don't use grsecurity but it seems that cat needs to growth their |
7 |
stack over the hard limit imposed (look for "ulimit -a") and it's not |
8 |
permitted (to avoid DOS maybe), look for some grsec resource that |
9 |
impose limits to your stack and others (as open files, cpu time...), |
10 |
if it's related to grsec (as it seems to be) you will need to make |
11 |
this limit bigger. |
12 |
|
13 |
|
14 |
|
15 |
2008/9/29 Alex Efros <powerman@××××××××××××××××××.com>: |
16 |
> Hi! |
17 |
> |
18 |
> On Sat, Sep 27, 2008 at 03:42:33PM +0300, Alex Efros wrote: |
19 |
>> Can you please explain to me what these records in my logs mean? |
20 |
>> |
21 |
>> 2008-09-27_11:35:55.93144 kern.alert: grsec: From 78.53.3.223: denied |
22 |
>> resource overstep by requesting 180883456 for RLIMIT_STACK against limit |
23 |
>> 8388608 for /bin/cat[cat:10111] uid/euid:81/81 gid/egid:81/81, parent |
24 |
>> /usr/sbin/apache2[apache2:21930] uid/euid:81/81 gid/egid:81/81 |
25 |
>> |
26 |
>> 2008-09-27_12:08:17.12634 kern.alert: grsec: denied resource overstep by |
27 |
>> requesting 187367424 for RLIMIT_STACK against limit 8388608 for |
28 |
>> /var/qmail/bin/qmail-local[qmail-local:22538] uid/euid:1000/1000 |
29 |
>> gid/egid:100/100, parent /var/qmail/bin/qmail-local[qmail-local:22535] |
30 |
>> uid/euid:1000/1000 gid/egid:100/100 |
31 |
> |
32 |
> Is my question too complex and nobody know the answer (or even guesses), |
33 |
> or it's too stupid and everybody wait until I try google (I've tried it |
34 |
> already, without success)? |
35 |
> |
36 |
> Is last days I also notice new alert type in log: |
37 |
> |
38 |
> 2008-09-29_15:14:14.47478 kern.alert: grsec: From 78.129.196.12: denied |
39 |
> resource overstep by requesting 227184640 for RLIMIT_AS against |
40 |
> limit 16000000 for /var/qmail/bin/qmail-smtpd[qmail-smtpd:6545] |
41 |
> uid/euid:201/201 gid/egid:200/200, parent |
42 |
> /usr/bin/tcpserver[tcpserver:17002] uid/euid:201/201 |
43 |
> gid/egid:200/200 |
44 |
> |
45 |
> This type of alerts arise after I added simple perl script, between |
46 |
> tcpserver and qmail-smtpd, which do greylisting. And, again, these alerts |
47 |
> doesn't affect server - I mean, everything works fine, no mail lost, etc. |
48 |
> |
49 |
> -- |
50 |
> WBR, Alex. |
51 |
> |
52 |
> |