LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   kernel problem (https://www.linuxquestions.org/questions/red-hat-31/kernel-problem-4175448791/)

timl 02-05-2013 09:37 PM
kernel problem
 
1 Attachment(s)
Hi, I run a Centos PC which I use as a server. The PC is running headless and I mostly store office files and mp3s. FYI
2.6.32-279.19.1.el6.i686
I check /var/log/messages every morning and activity is minimal. This morning I could not open any docs. When I checked messages things started going crazy at 11:10:12 on Feb 6 (file attached). I panicked and rebooted which was probably a mistake but after the reboot the same messages appeared.

A quick flick around the net suggested there was a kernel problem affecting selinux and, as suggested, "semodule -B" would help. I tried this and the messages disappeared.

So, for now, I have a functional server. But I am way out of my depth when diagnosing this problem. I would be grateful if someone could have a look at the attached messages file and make suggestions.

Thanks

TB0ne 02-06-2013 03:03 PM
Quote:
Originally Posted by timl (Post 4885197)
Hi, I run a Centos PC which I use as a server. The PC is running headless and I mostly store office files and mp3s. FYI
2.6.32-279.19.1.el6.i686
I check /var/log/messages every morning and activity is minimal. This morning I could not open any docs. When I checked messages things started going crazy at 11:10:12 on Feb 6 (file attached). I panicked and rebooted which was probably a mistake but after the reboot the same messages appeared.

A quick flick around the net suggested there was a kernel problem affecting selinux and, as suggested, "semodule -B" would help. I tried this and the messages disappeared.

So, for now, I have a functional server. But I am way out of my depth when diagnosing this problem. I would be grateful if someone could have a look at the attached messages file and make suggestions.
Thats a fairly generic message...but what triggered the condition is what you need to find out. You can use ausearch to look for things in the audit daemon logs. For example, to see today's AVC denials:
Code:
ausearch -m avc -ts today
The man page has more options, too...worth a read. You can also disable setroubleshoot altogether, although I wouldn't without knowing what's up.
Code:
chkconfig setroublehoot off
service setroubleshoot stop
My first inclination would be to ask "what changed"?? Where is your server set up? Is it exposed to the internet at all? Did you look for any hardware faults? If this has been chugging along fine for a good while, then suddenly did something....well...something had to cause it.

timl 02-07-2013 04:45 PM
thanks TB0ne. I am digging. Noted your point about "what changed". Nothing immediate springs to mind but I am racking my brains. Yup, connected to internet. No known h/w problems. I'll report back with any progress.

TB0ne 02-08-2013 09:05 AM
Quote:
Originally Posted by timl (Post 4886560)
thanks TB0ne. I am digging. Noted your point about "what changed". Nothing immediate springs to mind but I am racking my brains. Yup, connected to internet. No known h/w problems. I'll report back with any progress.
Well, that's why I asked about internet connectivity. If someone tried to get in (and I am NOT saying they did..just mentioning the possibility), something may have been changed for you. :) That's unlikely, though...but I'd look into the system logs for hardware related messages, and perhaps run smartctl to see if your disks are healthy.

timl 02-12-2013 05:09 PM
I am going to close this one even though I haven't really got a solution. Thanks to TB0ne for some some useful tips - the disks are fine but I need to keep looking and learning.

I found I had set the server in question to run selinux in permissive mode which I have now changed.


All times are GMT -5. The time now is 10:54 PM.