Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
06-11-2016, 04:33 PM
#1
LQ Newbie
Registered: Sep 2011
Posts: 11
Rep:
Help deciphering/decoding/debugging abrt report
I received the following notice from my abrt daemon, about a crash. I'm not sure if my question belongs in the security forum, but it seems the file that crashed was gam_server, a file modification monitoring daemon, and VNC seems to be involved too, which i see another user has recently posted about... I know VNC is prone to security holes and attacks... our particular server is only accessible through a VPN but the VPN has potentially thousands of other users within the organization, so at a minimum it is vulnerable to local attacks. Anyway what do you think of this report? I tried to scrub private information out that doesn't seem necessary to publish... Thanks
Code:
abrt_version: 2.0.8
cgroup:
cmdline: /usr/libexec/gam_server
event_log:
executable: /usr/libexec/gam_server
hostname: [private]
kernel: 2.6.32-573.18.1.el6.x86_64
last_occurrence: [private]
machineid: [private]
pid: 18112
pkg_arch: x86_64
pkg_epoch: 0
pkg_fingerprint: [private]
pkg_name: gamin
pkg_release: 9.el6
pkg_vendor: Red Hat, Inc.
pkg_version: 0.1.10
pwd: [private]
time: Sat 11 Jun 2016 12:53:54 PM MST
uid: 1089
username: [private]
sosreport.tar.xz: Binary file, 1936412 bytes
core_backtrace:
:{ "signal": 11
:, "executable": "/usr/libexec/gam_server"
:, "stacktrace":
: [ { "crash_thread": true
: , "frames":
: [ { "address": 246571071690
: , "build_id": "24d3ab3db0f38c7515feadf82191651da4117a18"
: , "build_id_offset": 522442
: , "function_name": "__strcmp_sse2"
: , "file_name": "/lib64/libc.so.6"
: }
: , { "address": 4208267
: , "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
: , "build_id_offset": 13963
: , "file_name": "/usr/libexec/gam_server"
: }
: , { "address": 4211020
: , "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
: , "build_id_offset": 16716
: , "file_name": "/usr/libexec/gam_server"
: }
: , { "address": 4238837
: , "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
: , "build_id_offset": 44533
: , "file_name": "/usr/libexec/gam_server"
: }
: , { "address": 4244802
: , "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
: , "build_id_offset": 50498
: , "file_name": "/usr/libexec/gam_server"
: }
: , { "address": 4241365
: , "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
: , "build_id_offset": 47061
: , "file_name": "/usr/libexec/gam_server"
: }
: , { "address": 246600175755
: , "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
: , "build_id_offset": 266379
: , "file_name": "/lib64/libglib-2.0.so.0"
: }
: , { "address": 246600173122
: , "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
: , "build_id_offset": 263746
: , "function_name": "g_main_context_dispatch"
: , "file_name": "/lib64/libglib-2.0.so.0"
: }
: , { "address": 246600191128
: , "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
: , "build_id_offset": 281752
: , "file_name": "/lib64/libglib-2.0.so.0"
: }
: , { "address": 246600192421
: , "build_id": "6a82919a3518ddb2a67c012ba392421bbed6e4a2"
: , "build_id_offset": 283045
: , "function_name": "g_main_loop_run"
: , "file_name": "/lib64/libglib-2.0.so.0"
: }
: , { "address": 4212838
: , "build_id": "b7abe44125b8f8bd88c5cd91c258aa5f2bb7fdff"
: , "build_id_offset": 18534
: , "file_name": "/usr/libexec/gam_server"
: } ]
: } ]
:}
dso_list:
:/lib64/ld-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libnss_ldap.so.2 nss-pam-ldapd-0.7.5-32.el6.x86_64 (Red Hat, Inc.) 1463016566
:/usr/lib64/gconv/gconv-modules.cache glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/librt-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/usr/libexec/gam_server gamin-0.1.10-9.el6.x86_64 (Red Hat, Inc.) 1316803441
:/lib64/libnss_files-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libc-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
:/lib64/libglib-2.0.so.0.2800.8 glib2-2.28.8-5.el6.x86_64 (Red Hat, Inc.) 1463017960
:/lib64/libpthread-2.12.so glibc-2.12-1.192.el6.x86_64 (Red Hat, Inc.) 1463018140
environ:
:REMOTEHOST=[private]
:MANPATH=[private]
:'VNCDESKTOP=[private]:1 ([private])'
:SSH_AGENT_PID=[private]
:HOSTNAME=[private]
:FPCHELP=[private]
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:SHELL=/bin/tcsh
:HOST=[private]
:TERM=xterm
:XDG_SESSION_COOKIE=[private]
:'SSH_CLIENT=[private] 61184 22'
:PERL5LIB=[private]
:SYSFONT=latarcyrheb-sun16
:QTDIR=/usr/lib64/qt-3.3
:QTINC=/usr/lib64/qt-3.3/include
:SSH_TTY=/dev/pts/2
:IMSETTINGS_MODULE=none
:USER=[private]
:GROUP=seq
:LS_COLORS=rs=0:di=01;30:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
:MPICH_USE_SHLIB=yes
:PHRED_PARAMETER_FILE=[private]
:SSH_AUTH_SOCK=/tmp/keyring-[private]/socket.ssh
:HOSTTYPE=x86_64-linux
:RIGDIR=/usr/local/rig
:PATH=[private]
:MAIL=/var/spool/mail/[private]
:QT_IM_MODULE=xim
:PWD=[private]
:XMODIFIERS=@im=none
:EDITOR=vi
:LANG=en_US.UTF-8
:KDE_IS_PRELINKED=1
:KDEDIRS=/usr
:FPCTOP_DIR=/home/fpc
:SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
:HOME=[private]
:SHLVL=2
:OSTYPE=linux
:CONSED_HOME=[private]
:VENDOR=unknown
:LOGNAME=[private]
:MACHTYPE=x86_64
:CVS_RSH=ssh
:QTLIB=/usr/lib64/qt-3.3/lib
:'SSH_CONNECTION=[private] 61184 [private] 22'
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-[private],guid=[private]
:ZOE=/opt/snap
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:IMTOP_DIR=/home/imdata
:DISPLAY=:1
:GTK_IM_MODULE=gtk-im-context-simple
:G_BROKEN_FILENAMES=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/18031,unix/unix:/tmp/.ICE-unix/18031
:ORBIT_SOCKETDIR=/tmp/orbit-[private]
:GTK_RC_FILES=[private]
:GNOME_KEYRING_SOCKET=/tmp/keyring-[private]/socket
:GAM_CLIENT_ID=
limits:
:Limit Soft Limit Hard Limit Units
:Max cpu time unlimited unlimited seconds
:Max file size unlimited unlimited bytes
:Max data size unlimited unlimited bytes
:Max stack size 10485760 unlimited bytes
:Max core file size unlimited unlimited bytes
:Max resident set unlimited unlimited bytes
:Max processes 1024 128056 processes
:Max open files 1024 4096 files
:Max locked memory 65536 65536 bytes
:Max address space unlimited unlimited bytes
:Max file locks unlimited unlimited locks
:Max pending signals 128056 128056 signals
:Max msgqueue size 819200 819200 bytes
:Max nice priority 0 0
:Max realtime priority 0 0
:Max realtime timeout unlimited unlimited us
maps:
:00400000-00416000 r-xp 00000000 fd:00 2118414 /usr/libexec/gam_server
:00615000-00617000 rw-p 00015000 fd:00 2118414 /usr/libexec/gam_server
:01bb5000-01bfc000 rw-p 00000000 00:00 0 [heap]
:3968800000-3968820000 r-xp 00000000 fd:00 1048920 /lib64/ld-2.12.so
:3968a1f000-3968a21000 r--p 0001f000 fd:00 1048920 /lib64/ld-2.12.so
:3968a21000-3968a22000 rw-p 00021000 fd:00 1048920 /lib64/ld-2.12.so
:3968a22000-3968a23000 rw-p 00000000 00:00 0
:3968c00000-3968d8a000 r-xp 00000000 fd:00 1048921 /lib64/libc-2.12.so
:3968d8a000-3968f8a000 ---p 0018a000 fd:00 1048921 /lib64/libc-2.12.so
:3968f8a000-3968f8e000 r--p 0018a000 fd:00 1048921 /lib64/libc-2.12.so
:3968f8e000-3968f90000 rw-p 0018e000 fd:00 1048921 /lib64/libc-2.12.so
:3968f90000-3968f94000 rw-p 00000000 00:00 0
:3969400000-3969417000 r-xp 00000000 fd:00 1048931 /lib64/libpthread-2.12.so
:3969417000-3969617000 ---p 00017000 fd:00 1048931 /lib64/libpthread-2.12.so
:3969617000-3969618000 r--p 00017000 fd:00 1048931 /lib64/libpthread-2.12.so
:3969618000-3969619000 rw-p 00018000 fd:00 1048931 /lib64/libpthread-2.12.so
:3969619000-396961d000 rw-p 00000000 00:00 0
:3969c00000-3969c07000 r-xp 00000000 fd:00 1048950 /lib64/librt-2.12.so
:3969c07000-3969e06000 ---p 00007000 fd:00 1048950 /lib64/librt-2.12.so
:3969e06000-3969e07000 r--p 00006000 fd:00 1048950 /lib64/librt-2.12.so
:3969e07000-3969e08000 rw-p 00007000 fd:00 1048950 /lib64/librt-2.12.so
:396a800000-396a915000 r-xp 00000000 fd:00 1048952 /lib64/libglib-2.0.so.0.2800.8
:396a915000-396ab15000 ---p 00115000 fd:00 1048952 /lib64/libglib-2.0.so.0.2800.8
:396ab15000-396ab16000 rw-p 00115000 fd:00 1048952 /lib64/libglib-2.0.so.0.2800.8
:396ab16000-396ab17000 rw-p 00000000 00:00 0
:7f317a1a0000-7f317a1ab000 r-xp 00000000 fd:00 1048662 /lib64/libnss_ldap.so.2
:7f317a1ab000-7f317a3aa000 ---p 0000b000 fd:00 1048662 /lib64/libnss_ldap.so.2
:7f317a3aa000-7f317a3ab000 rw-p 0000a000 fd:00 1048662 /lib64/libnss_ldap.so.2
:7f317a3ab000-7f317a3b8000 r-xp 00000000 fd:00 1048873 /lib64/libnss_files-2.12.so
:7f317a3b8000-7f317a5b7000 ---p 0000d000 fd:00 1048873 /lib64/libnss_files-2.12.so
:7f317a5b7000-7f317a5b8000 r--p 0000c000 fd:00 1048873 /lib64/libnss_files-2.12.so
:7f317a5b8000-7f317a5b9000 rw-p 0000d000 fd:00 1048873 /lib64/libnss_files-2.12.so
:7f317a5b9000-7f317a5bd000 rw-p 00000000 00:00 0
:7f317a5ce000-7f317a5d5000 r--s 00000000 fd:00 2098436 /usr/lib64/gconv/gconv-modules.cache
:7f317a5d5000-7f317a5d6000 rw-p 00000000 00:00 0
:7ffc1ef2c000-7ffc1ef41000 rw-p 00000000 00:00 0 [stack]
:7ffc1ef69000-7ffc1ef6a000 r-xp 00000000 00:00 0 [vdso]
:ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
open_fds:
:0:/dev/null
:pos: 0
:flags: 0100000
:1:/dev/null
:pos: 0
:flags: 0100001
:2:/dev/null
:pos: 0
:flags: 0100001
:3:inotify
:pos: 0
:flags: 04000
:4:socket:[3218055]
:pos: 0
:flags: 02
:5:pipe:[3218056]
:pos: 0
:flags: 04000
:6:pipe:[3218056]
:pos: 0
:flags: 04001
:7:socket:[3218074]
:pos: 0
:flags: 02
:8:socket:[3218181]
:pos: 0
:flags: 02
:9:socket:[3218496]
:pos: 0
:flags: 02
:10:socket:[3219764]
:pos: 0
:flags: 02
var_log_messages:
:[private] kernel: gam_server[[private]] general protection ip:3968c7f8ca sp:7ffc1ef3d9e8 error:0 in libc-2.12.so[3968c00000+18a000]
:[private] abrt[[private]]: Saved core dump of pid [private] (/usr/libexec/gam_server) to [private]
.
06-12-2016, 09:04 PM
#2
Senior Member
Registered: Jan 2004
Posts: 1,420
Rep:
This looks like an SOSREPORT for Red hat GSS troubleshooting. Wondering if you have shared this with them?
Possible clue here:
Code:
var_log_messages:
:[private] kernel: gam_server[[private]] general protection ip:3968c7f8ca sp:7ffc1ef3d9e8 error:0 in libc-2.12.so[3968c00000+18a000]
:[private] abrt[[private]]: Saved core dump of pid [private] (/usr/libexec/gam_server) to [private]
There is probably a core dump file under /usr/libexec/gam_server. You could use objdump to sift thru the info...
Looks like abrt can generate a core dump under Red Hat, correct?
What app are you trying to troubleshoot and create a core dump for, VNC?
All times are GMT -5. The time now is 04:27 AM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News