[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] raq3 ns kernel: VM: do_try_to_free_pages failed error messages
- Subject: [cobalt-security] raq3 ns kernel: VM: do_try_to_free_pages failed error messages
- From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
- Date: Thu, 6 Dec 2001 15:34:32 +1300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Yah, (sorry for cross-post but need answer sort of fast)
Have installed the SNORT package from vito.pointclark this morning. It
installed okay and I've been seeing a few report backs on logcheck - so I'm
assuming that it's logging correctly to syslog.
What I did notice about 2 minutes ago in a logcheck report is the
following...
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 5 18:50:38 ns kernel: VM: do_try_to_free_pages failed for perl...
Dec 5 18:50:40 ns kernel: VM: do_try_to_free_pages failed for portsentry...
Dec 5 18:50:40 ns kernel: VM: do_try_to_free_pages failed for portsentry...
Dec 5 18:50:40 ns kernel: VM: do_try_to_free_pages failed for init...
Dec 5 18:50:40 ns kernel: VM: do_try_to_free_pages failed for syslogd...
Dec 5 18:50:41 ns kernel: VM: do_try_to_free_pages failed for init...
Dec 5 18:50:41 ns kernel: VM: do_try_to_free_pages failed for init...
Dec 5 18:50:41 ns kernel: VM: do_try_to_free_pages failed for perl...
Dec 5 18:50:41 ns kernel: VM: do_try_to_free_pages failed for perl...
Dec 5 18:50:41 ns kernel: VM: do_try_to_free_pages failed for httpd...
Dec 5 18:50:41 ns kernel: VM: do_try_to_free_pages failed for syslogd...
Dec 5 18:50:41 ns kernel: VM: do_try_to_free_pages failed for perl...
Dec 5 18:50:42 ns kernel: VM: do_try_to_free_pages failed for kswapd...
Dec 5 18:50:42 ns kernel: VM: do_try_to_free_pages failed for perl...
Just did a search through the archive and found that it was a lack of memory
and swap space...this server is a RaQ3i with 128Mb. I'm just wondering if
SNORT could have caused the problem when analysing logs ???? Don't know
still a bit of a newbie :>
Just went into webmin and checked the running processes and this is the
feedback I got - after the event of course...
Real memory: 127860 kB total / 76620 kB free Swap space: 131536 kB total /
96612 kB free
CPU load averages: 0.70 (1 mins) , 0.43 (5 mins) , 0.37 (15 mins)
Process ID Owner CPU Command
6113 root 22.0 % /home/webmin-0.90/proc/index_cpu.cgi
4904 root 0.6 % snort -D
4927 root 0.2 % /usr/sbin/httpd -f /etc/admserv/conf/httpd.conf
5777 httpd 0.1 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
5778 httpd 0.1 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
5780 httpd 0.1 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
5787 httpd 0.1 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
5868 httpd 0.1 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
5776 httpd 0.1 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
656 named 0.0 % named -u named
671 root 0.0 % [nlservd]
681 root 0.0 % /usr/sbin/httpd -f /etc/admserv/conf/httpd.conf
719 postgres 0.0 % /usr/bin/postmaster -S -D /home/pgsql
830 root 0.0 % [safe_mysqld]
856 root 0.0 % /sbin/lcdsleep
878 mysql 0.0 % /usr/sbin/mysqld --basedir=/ --datadir=/home/mysql --user=my
...
882 root 0.0 % [nsrexecd]
884 root 0.0 % /usr/sbin/nsrexecd
903 mysql 0.0 % /usr/sbin/mysqld --basedir=/ --datadir=/home/mysql --user=my
...
904 mysql 0.0 % /usr/sbin/mysqld --basedir=/ --datadir=/home/mysql --user=my
...
935 root 0.0 % [getty]
12897 root 0.0 % /usr/bin/perl /home/webmin-0.90/miniserv.pl
/etc/webmin/mini ...
1185 root 0.0 % [perl]
1186 root 0.0 % [view.cgi]
1529 root 0.0 % [perl]
1530 root 0.0 % [view.cgi]
1700 root 0.0 % [perl]
1701 root 0.0 % [view.cgi]
19415 root 0.0 % [perl]
30420 root 0.0 % [perl]
30423 root 0.0 % [perl]
30424 root 0.0 % [perl]
Memory Readings...
6261 root 0.0 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
11420 root 0.0 % /usr/sbin/portsentry -atcp
11424 root 0.0 % /usr/sbin/portsentry -audp
21117 root 0.0 % /usr/sbin/sshd
26034 root 0.0 % perl /usr/local/sbin/poprelayd -d
26035 root 0.0 % sendmail: accepting connections on port 25
29662 root 0.0 % /usr/bin/perl /home/webmin-0.90/miniserv.pl
/etc/webmin/mini ...
1151 root 0.0 % /usr/sbin/httpd -f /etc/admserv/conf/httpd.conf
1 root 0.0 % init
2 root 0.0 % [kflushd]
3 root 0.0 % [kupdate]
4 root 0.0 % [kpiod]
5 root 0.0 % [kswapd]
5779 httpd 0.0 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
6 root 0.0 % [mdrecoveryd]
91 root 0.0 % syslogd -m 0
5788 httpd 0.0 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
5789 httpd 0.0 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
5790 httpd 0.0 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
5825 httpd 0.0 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
100 root 0.0 % klogd
6047 httpd 0.0 % /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf
6079 root 0.0 % inetd
615 root 0.0 % crond
6117 root 0.0 % ps -eo user,ruser,group,rgroup,pid,ppid,pgid,pcpu,vsz,nice,e
...
I have also received this from Cron again only the once -
Subject: Cron <root@ns> /sbin/service ipchains restart >/dev/null
/bin/sh: /sbin/service: No such file or directory
Ipchains hasn't been loaded onto this box yet - that's the next job - so
again wondering if this stems from the SNORT install??
While I'm here is IPChains available for RaQ3's??
Many thanks in advance
Chae