| 1 |
Hi! |
| 2 |
|
| 3 |
On Sat, Sep 27, 2008 at 03:42:33PM +0300, Alex Efros wrote: |
| 4 |
> Can you please explain to me what these records in my logs mean? |
| 5 |
> |
| 6 |
> 2008-09-27_11:35:55.93144 kern.alert: grsec: From 78.53.3.223: denied |
| 7 |
> resource overstep by requesting 180883456 for RLIMIT_STACK against limit |
| 8 |
> 8388608 for /bin/cat[cat:10111] uid/euid:81/81 gid/egid:81/81, parent |
| 9 |
> /usr/sbin/apache2[apache2:21930] uid/euid:81/81 gid/egid:81/81 |
| 10 |
> |
| 11 |
> 2008-09-27_12:08:17.12634 kern.alert: grsec: denied resource overstep by |
| 12 |
> requesting 187367424 for RLIMIT_STACK against limit 8388608 for |
| 13 |
> /var/qmail/bin/qmail-local[qmail-local:22538] uid/euid:1000/1000 |
| 14 |
> gid/egid:100/100, parent /var/qmail/bin/qmail-local[qmail-local:22535] |
| 15 |
> uid/euid:1000/1000 gid/egid:100/100 |
| 16 |
|
| 17 |
Is my question too complex and nobody know the answer (or even guesses), |
| 18 |
or it's too stupid and everybody wait until I try google (I've tried it |
| 19 |
already, without success)? |
| 20 |
|
| 21 |
Is last days I also notice new alert type in log: |
| 22 |
|
| 23 |
2008-09-29_15:14:14.47478 kern.alert: grsec: From 78.129.196.12: denied |
| 24 |
resource overstep by requesting 227184640 for RLIMIT_AS against |
| 25 |
limit 16000000 for /var/qmail/bin/qmail-smtpd[qmail-smtpd:6545] |
| 26 |
uid/euid:201/201 gid/egid:200/200, parent |
| 27 |
/usr/bin/tcpserver[tcpserver:17002] uid/euid:201/201 |
| 28 |
gid/egid:200/200 |
| 29 |
|
| 30 |
This type of alerts arise after I added simple perl script, between |
| 31 |
tcpserver and qmail-smtpd, which do greylisting. And, again, these alerts |
| 32 |
doesn't affect server - I mean, everything works fine, no mail lost, etc. |
| 33 |
|
| 34 |
-- |
| 35 |
WBR, Alex. |
Archives