Linux server cannot identify new connexions
Hi
I m running a Centos 5.6 server, with several basic applications (mySQL, Web, ...). Sometimes, the server craches, and does not let me connect to it. SSH, Telnet, even on the own server. For each process (Telnet, SSH...) it does not let me further than the LOGIN. That means ports are open, services are running, but something strange is ocuring when try to identify the user. Could you please let me know what should i do? thank you |
most likely someone is abusing some script on your server. Try the following script to run each minute as cronjob:
Code:
* * * * * /path/to/script.sh Code:
#!/bin/sh After the server is dead and back online you will have a lot of info to look at. Check the active connections, processes, pids, compare with the apache status, etc java socket |
Logging that info isn't a bad idea, but doing it via cron means every minute its going to create a new env to run that stuff; bit of a performance hit; consider making it a daemon instead.
Its worth checking the normal logfiles like /var/log/messages etc. There may be some clues in there. Also, it doesn't necessarily follow that you're being attacked, you need to check first, but when it crashes, it may corrupt the passwd or shadow file, so that could prevent successful logins. |
/var/log/messages provides no info at all
running that cron each minute until the problem is solved won't hurt at all java socket |
All times are GMT -5. The time now is 12:53 PM. |