LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   getting errors related to hostname -- security problem? ok to change hostname? (http://www.linuxquestions.org/questions/linux-server-73/getting-errors-related-to-hostname-security-problem-ok-to-change-hostname-4175437598/)

sneakyimp 11-17-2012 01:32 PM

getting errors related to hostname -- security problem? ok to change hostname?
 
I set up an Amazon EC2 instance running Ubuntu. I have since restarted this virtual machine. I'm not certain, but I believe that restarting a machine can result in the LAN IP address changing. I have assigned an "elastic IP" to this server instance so that the public may access it.

The other day the web server on this virtual machine became unresponsive. While I was logged in, I tried to check the hostname and got an error:
Code:

sneakyimp@ip-11-22-33-44:~$ hostname -f
hostname: Name or service not known

I also get errors when trying to perform a sudo command:
Code:

sneakyimp@ip-11-22-33-44:~$ sudo /etc/init.d/apache2 restart
sudo: unable to resolve host ip-11-22-33-44
 * Restarting web server apache2                                                                                                                                                                                    apache2: apr_sockaddr_info_get() failed for ip-11-22-33-44
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
 ... waiting apache2: apr_sockaddr_info_get() failed for ip-11-22-33-44
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

I don't recall this happening before and wonder what might have happened. I have spent a lot of time hardening this server and would be quite surprised if it has been compromised. The reason for the apache becoming unresponsive appears to have been caused by a separate machine (an Amazon RDS database node).

On the other hand, this machine is running in a virtualized environment. I suppose anything is possible.

Is it OK for me to change the hostname to something like www.example.com? Should this be done by editing /etc/hostname or by using the hostname command? I believe the original one was assigned by the Amazon EC2 system, but cannot be sure of that. When I instantiate new servers from a machine image based on this server, they appear to have different hostnames that are assigned by the EC2 system. Also, I'm not sure what system processes might be affected when I change the hostname. The default hostnames are also pretty unhelpful when I receive fail2ban or samhain notifications. Lastly, I expect in the near future I may have numerous copies of this virtual machine all serving www.example.com and I'd like to be able to distinguish them.

I'm also wary of assuming a hostname that might cause some kind of network conflict. Unfortunately, I'm not really sure what role the hostname on a particular system plays in the grander scheme of networking. I've noticed that the default hostname style supplied by EC2 for these machines is somewhat different for new machines than when I set up this particular machine a couple of years ago. I'm wondering if hostname must be unique on a LAN or within a particular network? Here's an example of a more recent EC2 hostname:
Code:

domU-12-34-56-78-90-AB.compute-1.internal
Perhaps they are using IPv6 on their internal network.

I checked "man hostname" and was unable to find out much. This seemed to be the most informative bit:
Quote:

Originally Posted by man hostname
If a machine has multiple network interfaces/addresses or is used in a mobile environment, then it may either have multiple FQDNs/domain names or none at all. Therefore avoid using hostname --fqdn, hostname --domain and dnsdomainname. hostname --ip-address is subject to the same limitations so it should be avoided as well.


Habitual 11-18-2012 07:12 AM

post your sanitized /etc/hosts file i from p-11-22-33-44 please.

Also have a look at https://forums.aws.amazon.com/thread...threadID=70081

"hostname -f" fails on every EC2 host I manage.

EIPs do NOT change on instance reboot/restart. Stopping them, yes, bouncing them, no.

"apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName" is non-fatal. An "error" I usually ignore both on and off EC2 hosts.

You can give an EC2 instance a "public IP" but until you edit the Security Group/Port it may not really be "public".

Please let us know.

sneakyimp 11-18-2012 05:25 PM

Quote:

Originally Posted by Habitual (Post 4831944)
post your sanitized /etc/hosts file i from p-11-22-33-44 please.

Code:

sneakyimp@ip-11-22-33-44:/home/sneakyimp$ cat /etc/hosts
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Quote:

Originally Posted by Habitual (Post 4831944)

Thanks for the link. Going now...

Quote:

Originally Posted by Habitual (Post 4831944)
"hostname -f" fails on every EC2 host I manage.

It works fine on some of my more recent instances.

Quote:

Originally Posted by Habitual (Post 4831944)
EIPs do NOT change on instance reboot/restart. Stopping them, yes, bouncing them, no.

EIPs? Bouncing? Can you please clarify?

Quote:

Originally Posted by Habitual (Post 4831944)
"apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName" is non-fatal. An "error" I usually ignore both on and off EC2 hosts.

Yes I'm not concerned about this error -- just a bit confused by the need to check hostname. I'm guessing it tries to report "sudo command by X from host Y" in the auth log file. Wondering why my hosts file contains an IP address that bears no relation to the machine's current ip.

Quote:

Originally Posted by Habitual (Post 4831944)
You can give an EC2 instance a "public IP" but until you edit the Security Group/Port it may not really be "public".

Yes this machine has an elastic IP and has been serving copious amounts of web traffice for about 2 years.

Quote:

Originally Posted by Habitual (Post 4831944)
Please let us know.

Thanks for your response.


All times are GMT -5. The time now is 11:10 PM.