Dear security experts, I am running a YOU-updated suse 8.1 maschine. Sometimes, not reproducable at the moment, everything stops, no remote login via ssh anymore... all systems are down, put ping works fine. Also nmap shows the open ports just fine. The Logs don't show any helpful information. Perhaps any of you does have this behaviour. Perhaps my mailman-installation my be involved (suse-package), because "qrunner" is mostly the last shown log-entry.. Only a reboot can fix this, which is really annoing when the sever is not physically reachable... Perhaps anybody could give my a hint. My system: suse8.1 OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f mailman-2.0.13-174 2.4.20 Kernel I do not know where tot start searching. THank you -- Stephan Holl GnuPG Key-ID: 11946A09 09:58:27 up 2:56, 1 user, load average: 0.04, 0.02, 0.00
Hi, On Fri, Dec 05, 2003 at 10:08:34AM +0100, Stephan Holl wrote:
I am running a YOU-updated suse 8.1 maschine. Sometimes, not reproducable at the moment, everything stops, no remote login via ssh anymore... all systems are down, put ping works fine. Also nmap shows the open ports just fine.
This looks like the kernel deadlocks. That, or one of your services is running wild and the machine just _feels_ like it's not responsive. One way to debug this is to enable the sysrq key (see /usr/src/linux-*/ Documentation/sysrq.txt), switch the machine to a console, and wait for it to hang (you may have to experiment with klogconsole before the sysrq output actually shows up on the console). When the machine hangs, try various sysrq keys to dump the process table and the registers. This should give you a good hint as to what it is doing. You could also redirect kernel log messages to the console (again, klogconsole) and see if it prints an Oops next time it locks up. This is not a security problem, though... Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
Hello Olaf, At Fri, 5 Dec 2003 11:37:56 +0100 Olaf Kirch wrote:
This looks like the kernel deadlocks. That, or one of your services is running wild and the machine just _feels_ like it's not responsive. One way to debug this is to enable the sysrq key (see /usr/src/linux-*/ Documentation/sysrq.txt), switch the machine to a console, and wait for it to hang (you may have to experiment with klogconsole before the sysrq output actually shows up on the console).
THanks for your reply. Does a kernel-update to the new kernel (yesterday announcend) hopefully solve this kind of problem?! Can this be done on a maschine which has no physical access, only ssh-access ?! cheers Stephan -- Stephan Holl GnuPG Key-ID: 11946A09 11:45:55 up 4:44, 1 user, load average: 0.03, 0.03, 0.00
On Fri, Dec 05, 2003 at 11:48:18AM +0100, Stephan Holl wrote:
Does a kernel-update to the new kernel (yesterday announcend) hopefully solve this kind of problem?!
Not knowing what the problem is, I cannot tell you if the update solves it :)
Can this be done on a maschine which has no physical access, only ssh-access ?!
No; to use sysrq you need physical access to the keyboard. If you absolutely have to do it remotely, try rigging up a second machine to receive klog output via the serial console (serial cross over cable). This way you would at least be able to capture the oops. But now we're really getting off-topic. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (2)
-
Olaf Kirch
-
Stephan Holl