LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-18-2009, 11:31 AM   #16
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282

I don't think that the server reboots (from the error_log; the interval between sigterm and startup of apache is to short for that). But something or somebody is restarting apache for some reason (see sigterm in the error_log).

I'm thinking that your box might have been hacked. Somebody changes something and need to restart apache to let it take effect.
 
Old 09-18-2009, 11:34 AM   #17
dmrossi
LQ Newbie
 
Registered: Sep 2009
Posts: 19

Original Poster
Rep: Reputation: 0
Is there anyway to verify before I go reformatting my entire server, again? Or is that not the recommended course of action?
 
Old 09-18-2009, 09:55 PM   #18
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,823

Rep: Reputation: 611Reputation: 611Reputation: 611Reputation: 611Reputation: 611Reputation: 611
Why would reformatting be the fix for an Apache problem ????

Check in /var/log/syslog (which is the system log on Debian-based Linuxes, NOT /var/log/messages) for messages around the same time.
 
Old 09-18-2009, 10:02 PM   #19
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
It's not an apache problem. But I indicated that the box might be hacked and therefore OP wants to re-install.
 
Old 09-19-2009, 04:25 AM   #20
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
Your saying a hacker is going to perform a script that repeatedly shuts down Apache and SSHD and brings it back-up? That'd be just a bit obvious... but saying that you can't rule out the possibility. If it is a hacker tho, they might just be clearing out the logs themselves or have a recurring script in crontab that went wrong, say it put the script down for an hourly thing rather then a daily and the same script is the one that restarts SSHD and Apache. If this is the case it might be worthwhile get chkrootkit and other rootkit checking applications. If it has been hacked then yes, a complete reinstall is in order since some rootkits bury themselves deep into the OS itself it becomes simply a pointless task to try and root it out as reinstalling the OS and restoring data from back is a much faster process and will with certainty remove the current rootkit in place. However if it is a rootkit you may need to also review your security on your server as to make it harder to be compromised.

dmrossi to clear it up the command is simply "uptime", nothing more and nothing less, it will tell you the time the server has been on for.
 
Old 09-21-2009, 12:53 AM   #21
dmrossi
LQ Newbie
 
Registered: Sep 2009
Posts: 19

Original Poster
Rep: Reputation: 0
Interesting:
Code:
uptime
 22:51:31 up 4 days, 12:17,  2 users,  load average: 0.03, 0.08, 0.04
What makes me think it's not hacked is the fact that I can wake it up for remote connections by accessing it locally.
 
Old 09-21-2009, 01:28 AM   #22
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
Then I wonder, are you using GUI? I am wondering if this is some power-save settings gone horribly wrong. What run levels are SSHD and HTTPD set to work in and what run levels is the server actually set to use. Also, what distribution are you using.
 
Old 09-22-2009, 02:18 AM   #23
dmrossi
LQ Newbie
 
Registered: Sep 2009
Posts: 19

Original Poster
Rep: Reputation: 0
Yes, I am using the GUI. If this is not the best option, then what should I be running? I'm using Ubuntu Desktop 9.04. I am sorry to ask this, but how do I determine the run levels of specific processes? (i.e. SSHD and HTTPD)

As for the runlevel of the server, I hope this is at least correct:
Code:
runlevel
N 2
or
Code:
who -r
         run-level 2  2009-09-16 10:34                   last=
I am under the impression that those above two commands are the same.
 
Old 09-22-2009, 02:42 AM   #24
lutusp
Member
 
Registered: Sep 2009
Distribution: Fedora
Posts: 835

Rep: Reputation: 102Reputation: 102
Quote:
Originally Posted by dmrossi View Post
Yes, I am using the GUI. If this is not the best option, then what should I be running? I'm using Ubuntu Desktop 9.04. I am sorry to ask this, but how do I determine the run levels of specific processes? (i.e. SSHD and HTTPD)

As for the runlevel of the server, I hope this is at least correct:
Code:
runlevel
N 2
or
Code:
who -r
         run-level 2  2009-09-16 10:34                   last=
I am under the impression that those above two commands are the same.
To determine what runlevels a particular service is programmed to run in, use this:

Code:
chkconfig --list sshd
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
hkconfig --list httpd
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
 
Old 09-22-2009, 03:31 AM   #25
dmrossi
LQ Newbie
 
Registered: Sep 2009
Posts: 19

Original Poster
Rep: Reputation: 0
Using SSHD and HTTPD returned:
Code:
chkconfig --list sshd
sshd: unknown service

chkconfig --list httpd
httpd: unknown service
But I'm assuming these are the same:
Code:
chkconfig --list ssh
ssh                       0:off  1:off  2:on   3:on   4:on   5:on   6:off
chkconfig --list apache2
apache2                   0:off  1:off  2:on   3:on   4:on   5:on   6:off
 
Old 09-22-2009, 03:32 PM   #26
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
I believe chkconfig doesn't work on debian and debian based distributions, or atleast is not installed by standard.

Generally as your dealing with run level 2 (fairly standard for Debian based distributions) you should be able to check the /etc/rc2.d/ folder to confirm what starts or stops at run level 2. A fairly messy way, perhaps someone with more experience then I with debian could provide a better way to check. However one thing I am going to ask to check, the machine doesn't enter Suspend mode does it? It doesn't turn everything off for it's power savings and that type of thing?
 
Old 09-22-2009, 07:44 PM   #27
dmrossi
LQ Newbie
 
Registered: Sep 2009
Posts: 19

Original Poster
Rep: Reputation: 0
You are correct in that chkconfig is not installed by standard installation--running the command prompted me to install it, so I did.

Code:
/etc/rc2.d$ ls
README            S24hal                    S89cron
S01policykit      S30gdm                    S90binfmt-support
S10acpid          S50alsa-utils             S91apache2
S10apmd           S50NetworkManager         S98usplash
S10sysklogd       S50pulseaudio             S99acpi-support
S11klogd          S50saned                  S99laptop-mode
S12dbus           S50system-tools-backends  S99ondemand
S16ssh            S70bootlogs.sh            S99rc.local
S17mysql-ndb-mgm  S70dns-clean              S99rmnologin
S18mysql-ndb      S70pppd-dns               S99stop-readahead
S19mysql          S89anacron
S20apport         S89atd
I don't think the machine enters suspend mode, but is there a way to verify this? I don't feel comfortable saying I'm positive, but I do know that moving the mouse is capable of waking up the machine (no buttons required). And accessing the server locally does allow remote access, but does not present any apparent physical changes in the state of the machine.
 
Old 09-22-2009, 08:44 PM   #28
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,395

Rep: Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395
The first 3 S99 scripts sound suspicious:

S99acpi-support
S99laptop-mode
S99ondemand

looks like it thinks it's a laptop...
 
Old 09-22-2009, 09:51 PM   #29
dmrossi
LQ Newbie
 
Registered: Sep 2009
Posts: 19

Original Poster
Rep: Reputation: 0
Well...it is. Is there a problem with this?
 
Old 09-22-2009, 11:10 PM   #30
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,395

Rep: Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395
By default laptops tends to suspend if they think they aren't doing anything... I'm not sure how that affects 'servers' like apache or ssh, but I'd guess(!) that it's connected to (lack of) keybd activity, as per those 3.
Laptops are not supposed to be servers.

Really, you need a laptop guy's advice, I'm extrapolating from stuff I've seen.
I'd think disabling those 3 would help. If you're going to be actively running a server, you need to have it plugged into the mains power and 'tell it' it's a server ... I believe??
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restart X Server over SSH? skibud2 Linux - General 2 09-15-2008 12:31 AM
SSH Refuses Connections Intermittently Noido Linux - Software 6 09-12-2006 12:59 PM
How to restart dhcpd on another server using SSH? hueofwind Linux - Newbie 17 11-23-2005 06:07 AM
Can't SSH until restart service Da Puff Mandriva 4 09-14-2005 08:51 PM
restart linux from SSH connection? deWin Linux - Newbie 6 09-28-2004 10:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration