| 1 |
I think it's not a good idea to do what you have done, people answers |
| 2 |
questions if they know the answer and they want to do it (and have |
| 3 |
time to do so). Please think that you didn't pay anybody to demand |
| 4 |
nothing. |
| 5 |
|
| 6 |
I don't use grsecurity but it seems that cat needs to growth their |
| 7 |
stack over the hard limit imposed (look for "ulimit -a") and it's not |
| 8 |
permitted (to avoid DOS maybe), look for some grsec resource that |
| 9 |
impose limits to your stack and others (as open files, cpu time...), |
| 10 |
if it's related to grsec (as it seems to be) you will need to make |
| 11 |
this limit bigger. |
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
2008/9/29 Alex Efros <powerman@××××××××××××××××××.com>: |
| 16 |
> Hi! |
| 17 |
> |
| 18 |
> On Sat, Sep 27, 2008 at 03:42:33PM +0300, Alex Efros wrote: |
| 19 |
>> Can you please explain to me what these records in my logs mean? |
| 20 |
>> |
| 21 |
>> 2008-09-27_11:35:55.93144 kern.alert: grsec: From 78.53.3.223: denied |
| 22 |
>> resource overstep by requesting 180883456 for RLIMIT_STACK against limit |
| 23 |
>> 8388608 for /bin/cat[cat:10111] uid/euid:81/81 gid/egid:81/81, parent |
| 24 |
>> /usr/sbin/apache2[apache2:21930] uid/euid:81/81 gid/egid:81/81 |
| 25 |
>> |
| 26 |
>> 2008-09-27_12:08:17.12634 kern.alert: grsec: denied resource overstep by |
| 27 |
>> requesting 187367424 for RLIMIT_STACK against limit 8388608 for |
| 28 |
>> /var/qmail/bin/qmail-local[qmail-local:22538] uid/euid:1000/1000 |
| 29 |
>> gid/egid:100/100, parent /var/qmail/bin/qmail-local[qmail-local:22535] |
| 30 |
>> uid/euid:1000/1000 gid/egid:100/100 |
| 31 |
> |
| 32 |
> Is my question too complex and nobody know the answer (or even guesses), |
| 33 |
> or it's too stupid and everybody wait until I try google (I've tried it |
| 34 |
> already, without success)? |
| 35 |
> |
| 36 |
> Is last days I also notice new alert type in log: |
| 37 |
> |
| 38 |
> 2008-09-29_15:14:14.47478 kern.alert: grsec: From 78.129.196.12: denied |
| 39 |
> resource overstep by requesting 227184640 for RLIMIT_AS against |
| 40 |
> limit 16000000 for /var/qmail/bin/qmail-smtpd[qmail-smtpd:6545] |
| 41 |
> uid/euid:201/201 gid/egid:200/200, parent |
| 42 |
> /usr/bin/tcpserver[tcpserver:17002] uid/euid:201/201 |
| 43 |
> gid/egid:200/200 |
| 44 |
> |
| 45 |
> This type of alerts arise after I added simple perl script, between |
| 46 |
> tcpserver and qmail-smtpd, which do greylisting. And, again, these alerts |
| 47 |
> doesn't affect server - I mean, everything works fine, no mail lost, etc. |
| 48 |
> |
| 49 |
> -- |
| 50 |
> WBR, Alex. |
| 51 |
> |
| 52 |
> |
Archives