1 |
Hi! |
2 |
|
3 |
On Mon, Dec 24, 2012 at 03:37:14AM +0100, Francisco Blas Izquierdo Riera (klondike) wrote: |
4 |
> El 24/12/12 03:16, Alex Efros escribió: |
5 |
> > 2012-12-23_20:45:19.15938 kern.alert: grsec: From 75.101.174.3: Segmentation fault occurred at 000014e2 in /usr/sbin/apache2[apache2:5346] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:1391] uid/euid:0/0 gid/egid:0/0 |
6 |
> > 2012-12-23_20:45:19.17936 kern.alert: grsec: From 75.101.174.3: Segmentation fault occurred at 000014b6 in /usr/sbin/apache2[apache2:5302] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:1391] uid/euid:0/0 gid/egid:0/0 |
7 |
> > 2012-12-23_22:28:17.53334 kern.alert: grsec: From 91.207.5.222: Segmentation fault occurred at 00003e5a in /usr/sbin/apache2[apache2:15962] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:5461] uid/euid:0/0 gid/egid:0/0 |
8 |
> > 2012-12-23_22:28:17.69334 kern.alert: grsec: From 91.207.5.222: Segmentation fault occurred at 00003c0e in /usr/sbin/apache2[apache2:15374] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:5461] uid/euid:0/0 gid/egid:0/0 |
9 |
> > 2012-12-23_22:28:17.92335 kern.alert: grsec: From 91.207.5.222: Segmentation fault occurred at 00004214 in /usr/sbin/apache2[apache2:16916] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:5461] uid/euid:0/0 gid/egid:0/0 |
10 |
> > 2012-12-23_22:28:18.75335 kern.alert: grsec: From 91.207.5.222: Segmentation fault occurred at 00003fa4 in /usr/sbin/apache2[apache2:16292] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:5461] uid/euid:0/0 gid/egid:0/0 |
11 |
> │ CONFIG_GRKERNSEC_BRUTE: │ |
12 |
> │ │ |
13 |
> │ the parent process will be delayed 30 seconds upon every subsequent │ |
14 |
> │ fork until the administrator is able to assess the situation and │ |
15 |
> │ restart the daemon. │ |
16 |
> |
17 |
> Likely your culprit. |
18 |
|
19 |
Yes, thanks a lot! |
20 |
|
21 |
I've checked these requests in logs - they are not exploits, just usual |
22 |
requests. Most from bots. Few crashes happens even on requests sent by |
23 |
wget running on same server by my monitoring script. |
24 |
|
25 |
Restarting apache doesn't helps because it will crash again few hours later. |
26 |
And this is production server and I've no idea how to debug this bug in apache. |
27 |
|
28 |
So - only option I've is to disable this "feature"? :-/ |
29 |
|
30 |
-- |
31 |
WBR, Alex. |