Xtrakt
12.08.04, 16:50
Diese Nacht ist mein Server erneut abgestürzt, damit ist klar, dass es kein Kernel Exploit war. Wie immer: Kein SSH, HTTP, etc. mehr, nur noch per ping erreichbar.
Letzte Meldungen
- messages -
Aug 11 00:34:35 xxxxx kernel: Unable to handle kernel paging request at virtual address ffffffff
Aug 11 00:34:35 xxxxx kernel: printing eip:
Aug 11 00:34:35 xxxxx kernel: d5380033
Aug 11 00:34:35 xxxxx kernel: *pde = 00003063
Aug 11 00:34:35 xxxxx kernel: *pte = 00000000
Aug 11 00:34:35 xxxxx kernel: Oops: 0002
Aug 11 00:34:35 xxxxx kernel: CPU: 0
Aug 11 00:34:35 xxxxx kernel: EIP: 0010:[ipv6:__insmod_ipv6_O/lib/modules/2.4.25/kernel/net/ipv6/ipv6.o_M+4105392179/96] Not tainted
Aug 11 00:34:35 xxxxx kernel: EIP: 0010:[<d5380033>] Not tainted
Aug 11 00:34:35 xxxxx kernel: EFLAGS: 00010206
Aug 11 00:34:35 xxxxx kernel: eax: d5679503 ebx: 00000000 ecx: ffffffff edx: dd3c9068
Aug 11 00:34:35 xxxxx kernel: esi: d5679580 edi: d5380000 ebp: 00000000 esp: d5381e84
Aug 11 00:34:35 xxxxx kernel: ds: 0018 es: 0018 ss: 0018
Aug 11 00:34:35 xxxxx kernel: Process httpd2-prefork (pid: 6969, stackpage=d5381000)
Aug 11 00:34:35 xxxxx kernel: Stack: ffffffff d5380000 d5679580 00000000 d5381ea8 00000000 dd3c9068 ffffffff
Aug 11 00:34:35 xxxxx kernel: d5679523 dfecd400 00098003 c0160799 dfecd400 00098003 dffba5a0 00000000
Aug 11 00:34:35 xxxxx kernel: 00000000 dffba5a0 00098003 dbf10ce0 dfecd400 d64a8040 c017fe3d dfecd400
Aug 11 00:34:35 xxxxx kernel: Call Trace: [iget4_locked+313/336] [ext3_lookup+125/208] [real_lookup+224/352] [link_path_walk+1327/1648] [path_lookup+57/64]
Aug 11 00:34:35 xxxxx kernel: Call Trace: [<c0160799>] [<c017fe3d>] [<c01527b0>] [<c0152d7f>] [<c0153119>]
Aug 11 00:34:35 xxxxx kernel: [__user_walk+73/96] [ext3_file_write+57/208] [sys_chdir+31/144] [sys_read+206/272] [system_call+51/56]
Aug 11 00:34:35 xxxxx kernel: [<c01533c9>] [<c0179789>] [<c0143a5f>] [<c014533e>] [<c010776f>]
Aug 11 00:34:35 xxxxx kernel:
Aug 11 00:34:35 xxxxx kernel: Code: 00 01 00 00 00 ff ff ff ff a0 aa 37 c0 a0 aa 37 c0 9d 76 1a
Aug 11 00:34:35 xxxxx kernel: <6>note: httpd2-prefork[6969] exited with preempt_count 1
warn
Aug 12 03:39:00 xxxxx /USR/SBIN/CRON[19809]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:42:00 xxxxx /USR/SBIN/CRON[19815]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:45:00 xxxxx /USR/SBIN/CRON[19823]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:48:00 xxxxx /USR/SBIN/CRON[19845]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:51:00 xxxxx /USR/SBIN/CRON[19851]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:54:00 xxxxx /USR/SBIN/CRON[19857]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:57:00 xxxxx /USR/SBIN/CRON[19867]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:59:00 xxxxx /USR/SBIN/CRON[19873]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
Aug 12 04:00:00 xxxxx /USR/SBIN/CRON[19877]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:00:37 xxxxx sshd[19898]: Accepted keyboard-interactive/pam for root from ::ffff:xx.xxx.xx.xxx port 10155 ssh2 (<< war ich)
Aug 12 04:03:00 xxxxx /USR/SBIN/CRON[19936]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:06:00 xxxxx /USR/SBIN/CRON[19947]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:09:00 xxxxx /USR/SBIN/CRON[19958]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:12:00 xxxxx /USR/SBIN/CRON[19969]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:14:00 xxxxx /USR/SBIN/CRON[19975]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.daily)
Aug 12 04:14:30 xxxxx cron[19980]: (CRON) DEATH (can't lock /var/run/cron.pid, otherpid may be 957: Resource temporarily unavailable)
Aug 12 04:15:00 xxxxx /USR/SBIN/CRON[19987]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:18:00 xxxxx /USR/SBIN/CRON[20065]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:21:00 xxxxx /USR/SBIN/CRON[20075]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Danach hören die Logs auf.
Wirklich komisch, vorher rannte der Server immer ohne Probleme..
Vielleicht weiß jemand von euch Rat?
Letzte Meldungen
- messages -
Aug 11 00:34:35 xxxxx kernel: Unable to handle kernel paging request at virtual address ffffffff
Aug 11 00:34:35 xxxxx kernel: printing eip:
Aug 11 00:34:35 xxxxx kernel: d5380033
Aug 11 00:34:35 xxxxx kernel: *pde = 00003063
Aug 11 00:34:35 xxxxx kernel: *pte = 00000000
Aug 11 00:34:35 xxxxx kernel: Oops: 0002
Aug 11 00:34:35 xxxxx kernel: CPU: 0
Aug 11 00:34:35 xxxxx kernel: EIP: 0010:[ipv6:__insmod_ipv6_O/lib/modules/2.4.25/kernel/net/ipv6/ipv6.o_M+4105392179/96] Not tainted
Aug 11 00:34:35 xxxxx kernel: EIP: 0010:[<d5380033>] Not tainted
Aug 11 00:34:35 xxxxx kernel: EFLAGS: 00010206
Aug 11 00:34:35 xxxxx kernel: eax: d5679503 ebx: 00000000 ecx: ffffffff edx: dd3c9068
Aug 11 00:34:35 xxxxx kernel: esi: d5679580 edi: d5380000 ebp: 00000000 esp: d5381e84
Aug 11 00:34:35 xxxxx kernel: ds: 0018 es: 0018 ss: 0018
Aug 11 00:34:35 xxxxx kernel: Process httpd2-prefork (pid: 6969, stackpage=d5381000)
Aug 11 00:34:35 xxxxx kernel: Stack: ffffffff d5380000 d5679580 00000000 d5381ea8 00000000 dd3c9068 ffffffff
Aug 11 00:34:35 xxxxx kernel: d5679523 dfecd400 00098003 c0160799 dfecd400 00098003 dffba5a0 00000000
Aug 11 00:34:35 xxxxx kernel: 00000000 dffba5a0 00098003 dbf10ce0 dfecd400 d64a8040 c017fe3d dfecd400
Aug 11 00:34:35 xxxxx kernel: Call Trace: [iget4_locked+313/336] [ext3_lookup+125/208] [real_lookup+224/352] [link_path_walk+1327/1648] [path_lookup+57/64]
Aug 11 00:34:35 xxxxx kernel: Call Trace: [<c0160799>] [<c017fe3d>] [<c01527b0>] [<c0152d7f>] [<c0153119>]
Aug 11 00:34:35 xxxxx kernel: [__user_walk+73/96] [ext3_file_write+57/208] [sys_chdir+31/144] [sys_read+206/272] [system_call+51/56]
Aug 11 00:34:35 xxxxx kernel: [<c01533c9>] [<c0179789>] [<c0143a5f>] [<c014533e>] [<c010776f>]
Aug 11 00:34:35 xxxxx kernel:
Aug 11 00:34:35 xxxxx kernel: Code: 00 01 00 00 00 ff ff ff ff a0 aa 37 c0 a0 aa 37 c0 9d 76 1a
Aug 11 00:34:35 xxxxx kernel: <6>note: httpd2-prefork[6969] exited with preempt_count 1
warn
Aug 12 03:39:00 xxxxx /USR/SBIN/CRON[19809]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:42:00 xxxxx /USR/SBIN/CRON[19815]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:45:00 xxxxx /USR/SBIN/CRON[19823]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:48:00 xxxxx /USR/SBIN/CRON[19845]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:51:00 xxxxx /USR/SBIN/CRON[19851]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:54:00 xxxxx /USR/SBIN/CRON[19857]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:57:00 xxxxx /USR/SBIN/CRON[19867]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 03:59:00 xxxxx /USR/SBIN/CRON[19873]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
Aug 12 04:00:00 xxxxx /USR/SBIN/CRON[19877]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:00:37 xxxxx sshd[19898]: Accepted keyboard-interactive/pam for root from ::ffff:xx.xxx.xx.xxx port 10155 ssh2 (<< war ich)
Aug 12 04:03:00 xxxxx /USR/SBIN/CRON[19936]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:06:00 xxxxx /USR/SBIN/CRON[19947]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:09:00 xxxxx /USR/SBIN/CRON[19958]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:12:00 xxxxx /USR/SBIN/CRON[19969]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:14:00 xxxxx /USR/SBIN/CRON[19975]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.daily)
Aug 12 04:14:30 xxxxx cron[19980]: (CRON) DEATH (can't lock /var/run/cron.pid, otherpid may be 957: Resource temporarily unavailable)
Aug 12 04:15:00 xxxxx /USR/SBIN/CRON[19987]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:18:00 xxxxx /USR/SBIN/CRON[20065]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Aug 12 04:21:00 xxxxx /USR/SBIN/CRON[20075]: (root) CMD (/usr/local/visas/server/visas-event.sh)
Danach hören die Logs auf.
Wirklich komisch, vorher rannte der Server immer ohne Probleme..
Vielleicht weiß jemand von euch Rat?