pionas 0 Zgłoś post Napisano Luty 24, 2012 Cześć, dzisiaj przeglądałem logi serwera i kilka rzeczy budzi moje wątpliwości skąd się to wzięło i dlaczego: /var/log/auth.log Feb 24 09:59:01 n4y CRON[5198]: pam_unix(cron:session): session opened for user root by (uid=0)Feb 24 09:59:01 n4y CRON[5198]: pam_unix(cron:session): session closed for user root Feb 24 10:00:01 n4y CRON[5246]: pam_unix(cron:session): session opened for user root by (uid=0) Feb 24 10:00:01 n4y CRON[5246]: pam_unix(cron:session): session closed for user root Feb 24 10:01:01 n4y CRON[5276]: pam_unix(cron:session): session opened for user root by (uid=0) Feb 24 10:01:01 n4y CRON[5276]: pam_unix(cron:session): session closed for user root Feb 24 10:02:01 n4y CRON[5303]: pam_unix(cron:session): session opened for user root by (uid=0) Feb 24 10:02:01 n4y CRON[5303]: pam_unix(cron:session): session closed for user root Feb 24 10:03:01 n4y CRON[5346]: pam_unix(cron:session): session opened for user root by (uid=0) Feb 24 10:03:01 n4y CRON[5346]: pam_unix(cron:session): session closed for user root Feb 24 10:04:01 n4y CRON[5374]: pam_unix(cron:session): session opened for user root by (uid=0) Feb 24 10:04:01 n4y CRON[5374]: pam_unix(cron:session): session closed for user root i tak cały czas :/ Feb 24 09:58:13 n4y proftpd[5170]: xx.xx.xx.xx (91.121.91.142[91.121.91.142]) - USER admin (Login failed): Incorrect password. chyba ktoś próbuje włamać się? /var/log/httpd/error_log [Fri Feb 24 10:13:31 2012] [error] [client xx.xx.xx.xx] File does not exist: /var/www/html/robots.txt[Fri Feb 24 10:13:31 2012] [warn] [client xx.xx.xx.xx] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed [Fri Feb 24 10:14:37 2012] [error] [client xx.xx.xx.xx] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) /var/log/exim/rejectlog 012-02-24 09:44:01 H=(bbc.com) [27.47.143.236] F=<wsinmaaji@xxx.com> rejected RCPT <hrd@mojadomena.pl>: hrd@mojadomena.pl - u mnie nie ma takiego maila... /var/log/message Feb 24 10:08:30 n4y freshclam[4610]: Received signal: wake upFeb 24 10:08:30 n4y freshclam[4610]: ClamAV update process started at Fri Feb 24 10:08:30 2012 Feb 24 10:08:30 n4y freshclam[4610]: main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) Feb 24 10:08:30 n4y freshclam[4610]: daily.cld is up to date (version: 14517, sigs: 108276, f-level: 63, builder: guitar) Feb 24 10:08:30 n4y freshclam[4610]: bytecode.cvd is up to date (version: 167, sigs: 40, f-level: 63, builder: edwin) czy to normalne że odpala się co 2h? /var/log/syslog Feb 24 10:24:01 n4y /USR/SBIN/CRON[6072]: (root) CMD (/usr/local/directadmin/dataskq) Feb 24 10:25:01 n4y /USR/SBIN/CRON[6101]: (root) CMD (/usr/local/directadmin/dataskq) Feb 24 10:26:01 n4y /USR/SBIN/CRON[6155]: (root) CMD (/usr/local/directadmin/dataskq) Feb 24 10:27:01 n4y /USR/SBIN/CRON[6184]: (root) CMD (/usr/local/directadmin/dataskq) to tak powinno co minutę? /var/log/mail.warm Feb 21 10:48:48 s dovecot: master: Warning: Killed with signal 15 (by pid=29197 uid=0 code=kill)Feb 22 11:57:58 s dovecot: master: Warning: Killed with signal 15 (by pid=8998 uid=0 code=kill) Feb 24 09:56:50 n4y dovecot: master: Warning: Killed with signal 15 (by pid=5051 uid=0 code=kill) /var/log/directadmin/error.log 2012:02:24-10:23:10: Can't connect to ssl!2012:02:24-10:23:10: ->syscall 2012:02:24-10:25:16: Can't connect to ssl! 2012:02:24-10:25:16: ->syscall 2012:02:24-10:29:23: Can't connect to ssl! 2012:02:24-10:29:23: ->syscall i tak cały czas... /var/log/directadmin/errortaskq.log 2012:02:20-03:32:22: Unable to read /etc/virtual/swiat-kobiet.info_off/passwd2012:02:20-03:32:23: Unable to read /etc/virtual/swiat-sportu.info_off/passwd 2012:02:20-03:32:23: Backup: sport : Unable to get data from file: /etc/bind/swiat-kobiet.info.db 2012:02:20-03:32:23: Backup: sport : Unable to get data from file: /etc/bind/swiat-sportu.info.db 2012:02:21-00:10:35: Unable to read user shop's data files 2012:02:21-00:10:37: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf 2012:02:22-00:10:21: Unable to read user shop's data files 2012:02:22-00:10:22: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf 2012:02:22-09:19:05: sshd didn't reload properly, re-starting 2012:02:22-09:33:01: Cannot find /usr/local/directadmin/data/users/stas/httpd.conf so it will not be added to /etc/httpd/conf/extra/directadmin-vhosts.conf. 2012:02:22-11:58:01: service directadmin wasn't running, starting it 2012:02:23-00:10:55: Unable to read user shop's data files 2012:02:23-00:10:56: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf 2012:02:24-00:10:22: Unable to read user shop's data files 2012:02:24-00:10:24: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf domeny: swiat-kobiet.info, swiat-sportu.info konta: sport, stas, shop tego nie ma na serwerze... konta zostały pousuwane... A i jeszcze przy reboocie serwer pada i technicy z Hetzner sami muszą go uruchamiać - kazali mi dodać "acpi=ht", - to dodaje się w /boot/grub/menu.lst w linijce kernel /vmlinuz-XXXXX root=/dev/md2 ro?? Udostępnij ten post Link to postu Udostępnij na innych stronach
regdos 1848 Zgłoś post Napisano Luty 24, 2012 Feb 24 09:59:01 n4y CRON[5198]: pam_unix(cron:session): session opened for user root by (uid=0) Feb 24 09:59:01 n4y CRON[5198]: pam_unix(cron:session): session closed for user root Feb 24 10:24:01 n4y /USR/SBIN/CRON[6072]: (root) CMD (/usr/local/directadmin/dataskq) Co minutę wykonuje się zadanie crona na prawach root-a. Udostępnij ten post Link to postu Udostępnij na innych stronach
pionas 0 Zgłoś post Napisano Luty 24, 2012 Jak wpiszę: crontab -l to dostaję komunikat: no crontab for root /var/log/syslog Feb 24 10:24:01 n4y /USR/SBIN/CRON[6072]: (root) CMD (/usr/local/directadmin/dataskq)Feb 24 10:25:01 n4y /USR/SBIN/CRON[6101]: (root) CMD (/usr/local/directadmin/dataskq) Feb 24 10:26:01 n4y /USR/SBIN/CRON[6155]: (root) CMD (/usr/local/directadmin/dataskq) Feb 24 10:27:01 n4y /USR/SBIN/CRON[6184]: (root) CMD (/usr/local/directadmin/dataskq) a to nie jest z tym powiązane? i czemu to tak często uruchamia się i jak to zmienić? Udostępnij ten post Link to postu Udostępnij na innych stronach
LeśnyFranek 0 Zgłoś post Napisano Marzec 20, 2012 dataskq uruchamiane jest co minutę i wypełnia zadania potrzebne do działania DA. Crony z DA masz w /etc/cron.d/directadmin_cron Udostępnij ten post Link to postu Udostępnij na innych stronach