Grsec Kernel = No Tcp Traffic
Jan 11, 2008
Tried building a grsec patched kernel as I don't fancy getting that rootkit thats going around for a second time
it was linux-2.6.23.9 which was the latest one there was a grsec patch for.
compiled ok as a monolithic kernel however on reboot I was not able to get anything but a ping from the server, Figured that the kernel had paniced and not booted.
However the tech who rebooted the server for me and selected the other kernel (a standard centos kernel) said that the system had booted but was not responding to tcp traffic.
So its either a case of
1) I missed something important when configuring the kernel.
2) perhaps a problem with APF it does warn enabling Monolithic kernel support is unsupported in the config file (although it seems to work fine with the centos stock kernel)...
I'm wandering what the best next course of action is i'd quite like to be able to run a kernel that doesn't allow write access to /dev/kmem if possible.
View 7 Replies
ADVERTISEMENT
Mar 27, 2008
I see the following error, while trying to compile kernel with grsec.
WARNING: No module mptscsi found for kernel 2.6.22.9-grsec, continuing anyway
how to fix this or is it ok to reboot?
More details
#################
[root@server3 linux-2.6.22.9]# make install
sh /usr/src/kernels/linux-2.6.22.9/arch/i386/boot/install.sh 2.6.22.9-grsec arch/i386/boot/bzImage System.map "/boot"
WARNING: No module mptscsi found for kernel 2.6.22.9-grsec, continuing anyway
[root@server3 linux-2.6.22.9]# lsmod
Module Size Used by
ipt_TOS 6465 14
ipt_TCPMSS 8129 1
ipt_state 5953 7
ip_conntrack_ftp 76529 0
ip_conntrack_irc 75633 0
ipt_LOG 10177 12
ipt_recent 12497 0
ipt_limit 6465 18
ip_conntrack 46085 3 ipt_state,ip_conntrack_ftp,ip_conntrack_irc
ipt_multiport 6081 0
iptable_mangle 6849 1
ipt_REJECT 10689 42
loop 20681 2
iptable_filter 6977 1
ip_tables 22721 10 ipt_TOS,ipt_TCPMSS,ipt_state,ipt_LOG,ipt_recent,ipt_limit,ipt_multiport,iptable_mangle,ipt_REJECT,iptable_filter
md5 8129 1
ipv6 243553 32
parport_pc 28033 0
lp 15661 0
parport 38025 2 parport_pc,lp
autofs4 26053 0
sunrpc 144037 1
dm_mirror 31557 0
dm_mod 67177 1 dm_mirror
joydev 14465 0
button 10705 0
battery 12997 0
ac 8901 0
ohci_hcd 24273 0
ehci_hcd 32325 0
k8_edac 19173 0
edac_mc 28297 1 k8_edac
tg3 106437 0
ext3 120137 4
jbd 60121 1 ext3
sata_svw 12229 0
libata 106141 1 sata_svw
mptscsih 5569 0
mptsas 24661 5 mptscsih
mptspi 14033 1 mptscsih
mptscsi 42449 2 mptsas,mptspi
mptbase 67361 3 mptsas,mptspi,mptscsi
sd_mod 20801 6
scsi_mod 120909 5 libata,mptsas,mptspi,mptscsi,sd_mod
[root@server3 linux-2.6.22.9]# cat /etc/modprobe.conf
alias eth0 tg3
alias eth1 tg3
alias scsi_hostadapter mptbase
alias scsi_hostadapter1 mptscsi
alias scsi_hostadapter2 mptspi
alias scsi_hostadapter3 mptsas
alias scsi_hostadapter4 mptscsih
alias scsi_hostadapter5 sata_svw
alias usb-controller ehci-hcd
alias usb-controller1 ohci-hcd
[root@server3 linux-2.6.22.9]# cat /etc/redhat-release
CentOS release 4.6 (Final)
[root@server3 linux-2.6.22.9]# uname -a
Linux server3.name 2.6.9-67.ELsmp #1 SMP Fri Nov 16 12:48:03 EST 2007 i686 athlon i386 GNU/Linux
[root@server3 linux-2.6.22.9]#
[root@server3 linux-2.6.22.9]# lspci
00:01.0 PCI bridge: Broadcom BCM5785 [HT1000] PCI/PCI-X Bridge
00:02.0 Host bridge: Broadcom BCM5785 [HT1000] Legacy South Bridge
00:02.1 IDE interface: Broadcom BCM5785 [HT1000] IDE
00:02.2 ISA bridge: Broadcom BCM5785 [HT1000] LPC
00:03.0 USB Controller: Broadcom BCM5785 [HT1000] USB (rev 01)
00:03.1 USB Controller: Broadcom BCM5785 [HT1000] USB (rev 01)
00:03.2 USB Controller: Broadcom BCM5785 [HT1000] USB (rev 01)
00:04.0 VGA compatible controller: Matrox Graphics, Inc. MGA G200e [Pilot] ServerEngines (SEP1) (rev 02)
00:06.0 PCI bridge: Broadcom HT2100 PCI-Express Bridge (rev a2)
00:07.0 PCI bridge: Broadcom HT2100 PCI-Express Bridge (rev a2)
00:08.0 PCI bridge: Broadcom HT2100 PCI-Express Bridge (rev a2)
00:09.0 PCI bridge: Broadcom HT2100 PCI-Express Bridge (rev a2)
00:0a.0 PCI bridge: Broadcom HT2100 PCI-Express Bridge (rev a2)
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control
00:19.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration
00:19.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:19.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller
00:19.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control
01:0d.0 PCI bridge: Broadcom BCM5785 [HT1000] PCI/PCI-X Bridge (rev c0)
01:0e.0 RAID bus controller: Broadcom BCM5785 [HT1000] SATA (Native SATA Mode)
02:01.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1068 PCI-X Fusion-MPT SAS (rev 01)
07:00.0 PCI bridge: Broadcom EPB PCI-Express to PCI-X Bridge (rev b5)
08:04.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5715 Gigabit Ethernet (rev a3)
08:04.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5715 Gigabit Ethernet (rev a3)
[root@server3 linux-2.6.22.9]#
View 3 Replies
View Related
Jun 9, 2007
When I try to compile kernel 2.6.19.2-grsec I get the following error.
kernel: irqbalance[1750]: segfault at 000001b202b70b20 rip 000001b2028f9cdb rsp 000077a8404178f0 error 6
kernel: grsec: signal 11 sent to /usr/sbin/irqbalance[irqbalance:1750] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1749] uid/euid:0/0 gid/egid:0/0
I must have tryed to compile the kernel 20 different ways with or with out grsec and I still get the same irqbalance error.
My server is a
AMD Athlon 64 X2 4800+
2GB of DDR2 800 ram
x2 160GB hard drives soft ware raid 1
nvidia chipset mother board
View 4 Replies
View Related
Mar 29, 2008
I installed latest kernel ( 2.6.24.4 or 2.6.24.3 ) with grsec which either panics or hang on reboot before reaching boot prompt, just when /sbin/init runs. Experienced the same with grsec patched kernel 2.6.22.9 on several servers with the same hardware.
On server with AMD Operton, I was able to successfully compile 2.6.24.4 with grsec and boot into.
Server hardware details
--------------------------
[root@server kernels]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU 5148 @ 2.33GHz
stepping : 6
cpu MHz : 2333.469
cache size : 4096 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca lahf_lm
bogomips : 4670.51
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Xeon(R) CPU 5148 @ 2.33GHz
stepping : 6
cpu MHz : 2333.469
cache size : 4096 KB
physical id : 0
siblings : 2
core id : 1
cpu cores : 2
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca lahf_lm
bogomips : 4667.16
[root@server kernels]#
[root@server ~]# uname -a
Linux server.name 2.6.19.2-grsec #1 SMP Tue Jan 15 07:08:50 CST 2008 i686 i686 i386 GNU/Linux
[root@server ~]#
[root@server kernels]# lspci
00:00.0 Host bridge: Intel Corporation 5000P Chipset Memory Controller Hub (rev b1)
00:02.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 Port 2-3 (rev b1)
00:04.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 Port 4-5 (rev b1)
00:06.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 Port 6-7 (rev b1)
00:08.0 System peripheral: Intel Corporation 5000 Series Chipset DMA Engine (rev b1)
00:10.0 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev b1)
00:10.1 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev b1)
00:10.2 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev b1)
00:11.0 Host bridge: Intel Corporation 5000 Series Chipset Reserved Registers (rev b1)
00:13.0 Host bridge: Intel Corporation 5000 Series Chipset Reserved Registers (rev b1)
00:15.0 Host bridge: Intel Corporation 5000 Series Chipset FBD Registers (rev b1)
00:16.0 Host bridge: Intel Corporation 5000 Series Chipset FBD Registers (rev b1)
00:1c.0 PCI bridge: Intel Corporation 631xESB/632xESB/3100 Chipset PCI Express Root Port 1 (rev 09)
00:1d.0 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #1 (rev 09)
00:1d.1 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #2 (rev 09)
00:1d.2 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #3 (rev 09)
00:1d.3 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #4 (rev 09)
00:1d.7 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset EHCI USB2 Controller (rev 09)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev d9)
00:1f.0 ISA bridge: Intel Corporation 631xESB/632xESB/3100 Chipset LPC Interface Controller (rev 09)
00:1f.1 IDE interface: Intel Corporation 631xESB/632xESB IDE Controller (rev 09)
00:1f.2 IDE interface: Intel Corporation 631xESB/632xESB/3100 Chipset SATA IDE Controller (rev 09)
00:1f.3 SMBus: Intel Corporation 631xESB/632xESB/3100 Chipset SMBus Controller (rev 09)
01:00.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Upstream Port (rev 01)
01:00.3 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express to PCI-X Bridge (rev 01)
02:00.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Downstream Port E1 (rev 01)
02:02.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Downstream Port E3 (rev 01)
04:00.0 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01)
04:00.1 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01)
06:00.0 PCI bridge: Intel Corporation 80333 Segment-A PCI Express-to-PCI Express Bridge
06:00.2 PCI bridge: Intel Corporation 80333 Segment-B PCI Express-to-PCI Express Bridge
07:0e.0 RAID bus controller: Adaptec AAC-RAID
0a:00.0 PCI bridge: Intel Corporation 6702PXH PCI Express-to-PCI Bridge A (rev 09)
0c:01.0 VGA compatible controller: ATI Technologies Inc ES1000 (rev 02)
[root@server kernels]#
[root@server ~]# lsmod
Module Size Used by
ip_conntrack_irc 11181 0
xt_conntrack 6876 0
xt_state 6544 16
ip_conntrack_ftp 11800 0
ipt_recent 13376 0
ipt_LOG 10781 0
xt_length 6312 0
xt_mac 6274 0
xt_multiport 7643 4
ipt_ttl 6266 0
xt_limit 6976 6
ipt_TOS 6555 14
ipt_ULOG 12126 0
ipt_TCPMSS 8276 1
ipt_owner 6335 0
ipt_ecn 6579 0
ip_conntrack 49498 4 ip_conntrack_irc,xt_conntrack,xt_state,ip_conntrack_ftp
ptpatch2008 7144 0
xt_tcpudp 7444 194
ipv6 248537 39
sunrpc 155556 1
iptable_filter 7336 1
iptable_mangle 7151 1
ip_tables 17800 2 iptable_filter,iptable_mangle
x_tables 19427 16 xt_conntrack,xt_state,ipt_recent,ipt_LOG,xt_length,xt_mac,xt_multiport,ipt_ttl,xt_limit,ipt_TOS,ipt_ULOG,ipt_TCPMSS,ipt_owner,ipt_ecn,xt_tcpudp,ip_tab les
dm_mirror 27216 0
dm_mod 60685 1 dm_mirror
button 11061 0
battery 14432 0
asus_acpi 20440 0
ac 9549 0
i2c_i801 12050 0
i2c_core 25366 1 i2c_i801
shpchp 40012 0
e1000 119987 0
floppy 61606 0
ext3 130212 6
jbd 61020 1 ext3
ata_piix 19728 0
libata 104369 1 ata_piix
aacraid 60341 7
usb_storage 66142 0
uhci_hcd 26859 0
ohci_hcd 23774 0
ehci_hcd 34026 0
sd_mod 24286 8
scsi_mod 136564 4 libata,aacraid,usb_storage,sd_mod
[root@server ~]# cat /etc/modprobe.conf
alias scsi_hostadapter usb-storage
alias eth0 e1000
alias eth1 e1000
alias scsi_hostadapter1 aacraid
alias scsi_hostadapter2 ata_piix
alias scsi_hostadapter3 usb-storage
alias usb-controller ehci-hcd
alias usb-controller1 uhci-hcd
[root@server ~]#
View 0 Replies
View Related
Feb 20, 2007
this server is crashing after a few hours... it just got frozen... and after rebooted the server, i was looking at the /var/log/message logs and saw this ( you will see when system restart after the crash ):
Code:
Feb 20 17:35:04 server kernel: grsec: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:13280]
uid/euid:48/48 gid/egid:48/48, parent /us
r/sbin/httpd[httpd:6180] uid/euid:48/48 gid/egid:48/48
Feb 20 17:41:40 server kernel: grsec: From 190.73.138.68: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:27459]
uid/euid:48/48 gid/eg
id:48/48, parent /usr/sbin/httpd[httpd:20166] uid/euid:48/48 gid/egid:48/48
Feb 20 17:45:03 server kernel: grsec: signal 7 sent to /usr/bin/php[php:31710]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:8963] uid/euid:0/0
gid/egid:0/0
Feb 20 17:48:41 server kernel: grsec: From 87.219.205.218: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:11897]
uid/euid:48/48 gid/e
gid:48/48, parent /usr/sbin/httpd[httpd:8152] uid/euid:48/48 gid/egid:48/48
Feb 20 17:51:04 server kernel: grsec: From 85.58.139.135: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:28508]
uid/euid:48/48 gid/eg
id:48/48, parent /usr/sbin/httpd[httpd:19918] uid/euid:48/48 gid/egid:48/48
Feb 20 17:51:58 server kernel: grsec: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:15615]
uid/euid:48/48 gid/egid:48/48, parent /us
r/sbin/httpd[httpd:2482] uid/euid:48/48 gid/egid:48/48
Feb 20 17:52:08 server kernel: grsec: From 166.114.104.42: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:4662]
uid/euid:48/48 gid/eg
id:48/48, parent /usr/sbin/httpd[httpd:24468] uid/euid:48/48 gid/egid:48/48
Feb 20 17:52:38 server kernel: grsec: From 189.175.50.103: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:12497]
uid/euid:48/48 gid/e
gid:48/48, parent /usr/sbin/httpd[httpd:32213] uid/euid:48/48 gid/egid:48/48
Feb 20 17:54:32 server kernel: grsec: From 83.53.142.7: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:18556]
uid/euid:48/48 gid/egid
:48/48, parent /usr/sbin/httpd[httpd:22809] uid/euid:48/48 gid/egid:48/48
Feb 20 17:55:04 server kernel: grsec: signal 7 sent to /usr/bin/php[php:29694]
uid/euid:502/502 gid/egid:502/502, parent /bin/bash[sh:30003]
uid/euid:502/502 gid
/egid:502/502
Feb 20 18:00:54 server kernel: grsec: From 189.141.26.82: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:10817]
uid/euid:48/48 gid/eg
id:48/48, parent /usr/sbin/httpd[httpd:13549] uid/euid:48/48 gid/egid:48/48
Feb 20 18:01:07 server kernel: grsec: signal 7 sent to /usr/bin/php[php:20901]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:12242] uid/euid:0/0
gid/egid:0/0
Feb 20 18:03:06 server kernel: grsec: signal 7 sent to /usr/bin/php[php:9696]
uid/euid:502/502 gid/egid:502/502, parent /bin/bash[sh:23721]
uid/euid:502/502 gid/
egid:502/502
Feb 20 18:03:29 server kernel: grsec: From 68.26.197.159: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:917]
uid/euid:48/48 gid/egid
:48/48, parent /usr/sbin/httpd[httpd:20771] uid/euid:48/48 gid/egid:48/48
Feb 20 18:04:43 server kernel: grsec: From 87.219.88.132: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:10750]
uid/euid:48/48 gid/eg
id:48/48, parent /usr/sbin/httpd[httpd:4130] uid/euid:48/48 gid/egid:48/48
Feb 20 18:05:04 server kernel: grsec: From 189.167.128.26: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:14515]
uid/euid:48/48 gid/e
gid:48/48, parent /usr/sbin/httpd[httpd:2598] uid/euid:48/48 gid/egid:48/48
Feb 20 18:07:05 server kernel: grsec: signal 7 sent to /usr/bin/php[php:29589]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:7958] uid/euid:0/0
gid/egid:0/0
Feb 20 18:08:31 server kernel: grsec: From 88.64.181.89: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:15335]
uid/euid:48/48 gid/egi
d:48/48, parent /usr/sbin/httpd[httpd:27788] uid/euid:48/48 gid/egid:48/48
Feb 20 18:08:43 server kernel: grsec: From 201.244.116.46: signal 11 sent
to /usr/www/htdocs/mywebsite.com_cgi/script/out.cgi[out.cgi:15217]
uid/euid:48/48 gid/e
gid:48/48, parent /usr/sbin/httpd[httpd:29545] uid/euid:48/48 gid/egid:48/48
Feb 20 18:17:34 server syslogd x.x.x: restart.
Feb 20 18:17:34 server syslog: Iniciaci� de syslogd succeeded
Feb 20 18:17:34 server kernel: klogd x.x.x, log source = /proc/kmsg started.
Feb 20 18:17:34 server kernel: Linux version 2.x.xxgrs-bipiv-ipv4
(root@kernel.myserver.net) (gcc version xxxx) #1 SMP Tue Jan 31 17:34:40 CET 2006
Feb 20 18:17:34 server kernel: BIOS-provided physical RAM map:
Feb 20 18:17:34 server kernel: BIOS-e820: 0000000000000000 - 000000000009c400
(usable)
Feb 20 18:17:34 server kernel: BIOS-e820: 000000000009c400 - 00000000000a0000
(reserved)
Feb 20 18:17:34 server kernel: BIOS-e820: 00000000000ea070 - 0000000000100000
(reserved)
Feb 20 18:17:34 server kernel: BIOS-e820: 0000000000100000 - 000000007
Bold date are ( I think ) the crash, and the system booting...
Any ideas about what can be causing the crash.. ? Is this kernel compiled with GRSecurity ? may that affect cgis ?
This is a fedora core server, xeon 3.2 GHZ x 4 procs using about 25 MBits per day.
View 3 Replies
View Related
Nov 15, 2007
What traffic monitor would everyone recommend for sites that have as many as 5,000 to 10,000 hits an hour?
View 8 Replies
View Related
Mar 29, 2007
we have one box in hivelocity.net that has been down so many times this month that we were forced to remove links to siteuptime where we were once so proud of having a 99.7% uptime for 3 years in theplanet.
syslog shows that just before crashing, these entries were made:
kernel: kernel BUG at mm/rmap.c:479
kernel: invalid operand:0000 [#1]
dmesg also shows this:
...
Brought up 2 CPUs
zapping low mappings.
checking if image is initramfs... it is
Freeing initrd memory: 482k freed
NET: Registered protocol family 16
PCI: PCI BIOS revision 2.10 entry at 0xf9f20, last bus=1
PCI: Using configuration type 1
mtrr: v2.0 (20020519)
mtrr: your CPUs had inconsistent fixed MTRR settings
mtrr: probably your BIOS does not setup all CPUs.
mtrr: corrected configuration.
...
i've googled these messages and they point to ram problems.
hivelocity.net claims to have done diagnostics on the box and that there were no problems reported.
they said this is a result of a sys configuration problem made by us.
any ideas?
View 8 Replies
View Related
May 20, 2009
running centos/virtuozzo 2.6.18-028stab062.3
when i configure vmware it asks at one point for kernel header files. where would i find them to match the current kernel?
i asked at parallels forums but help there is very scarce. i checked openVZ repositories and they dont yet have headers for this version.
what are my options? i have one last windows machine left and want to run it in VMware.
View 0 Replies
View Related
Apr 29, 2007
Last year I ordered a new server with Centos 4.3 and it had the kernel kernel 2.6.9-34.0.2ELsmp installed. It runned fine and I didn't update any packages since then.
Today I started getting a problem where both mysqld and kswapd0 uses very high amounts of CPU, spiking up to 100% and my memory usage is at 99% all the time. The problem seems exactly the same as the one mentioned in this thread.
In that thread the exact same kernel is said to be insecure and to cause this problem. I also came across a centOS bug that reports this problem with high cpu, mem usage and mysql & kswapd0 consuming all resources.
In the linked thread the person solved the problem by upgrading to kernel 2.6.9-42 using rpms but others recommended a newer kernel or a custom compiled kernel for CentOS.
Apparently when they used yum it said 34.0.2 was the latest kernel.
What should I do to upgrade the kernel, which version should i upgrade to, and where do I get it from? I won't be able to compile a custom kernel and I've only installed basic rpm packages before.
View 5 Replies
View Related
May 13, 2007
I am trying to install the kernel source.
I have downloaded kernel-2.6.20-1.2948.fc6.src.rpm
I am using fedora 6 64bit.
here are my current kernels:
kernel-headers-2.6.20-1.2948.fc6
kernel-devel-2.6.20-1.2944.fc6
yum-kernel-module-1.0.3-1.fc6
kernel-2.6.20-1.2944.fc6
kernel-devel-2.6.20-1.2948.fc6
kernel-2.6.20-1.2948.fc6
here is what I seen when I installed kernel-2.6.20-1.2948.fc6.src.rpm
rpm -ivh kernel-2.6.20-1.2948.fc6.src.rpm
1:kernel warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
warning: user brewbuilder does not exist - using root
########################################### [100%]
warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
then when I ran:
rpmbuild -bp --target=$(uname -m) /usr/src/redhat/SPECS/kernel-2.6.spec
I seen this error:
+ Arch=x86_64
+ make ARCH=x86_64 nonint_oldconfig
In file included from /usr/include/sys/socket.h:35,
from /usr/include/netinet/in.h:24,
from /usr/include/arpa/inet.h:23,
from scripts/basic/fixdep.c:117:
/usr/include/bits/socket.h:310:24: error: asm/socket.h: No such file or directory
make[1]: *** [scripts/basic/fixdep] Error 1
make: *** [scripts_basic] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.93770 (%prep)
I need to have this installed to get a app installed etc...
suggestions or ideas?
thanks
View 2 Replies
View Related
Apr 4, 2009
I have a Xen VPS. I started with a Debian 4 image and have since upgraded to Debian 5. Firstly was this advisable? Secondly what Kernel version should I be running, or rather is it set by my installation or by the Xen server?
View 3 Replies
View Related
Feb 15, 2007
Does it take 2 hours to have a new kernel up and running? The tech is taking forever to finish.
View 11 Replies
View Related
Apr 24, 2009
as part of a project I have lately been looking into various aspects of kernel tuning. Most notably lately tuning the TCP stack for more efficient memory usage/throughput.
Thought I would start this thread to mention some of the tools I'd found for doing testing and see what anyone else had to recommend.
So far my favorite of the bunch is nuttcp. Its easy to use and gives a very good idea of how much of your bandwidth you are able to utilize.
A few interesting web pages are as follows for anyone interested in the topic:
[url]- Tuning TCP for High Bandwidth Delay networks
[url]- TCP Tuning Cook book, some interesting information in there as well
[url]...formanceTuning - Performance Tuning TWiki. Has a list of useful tools, flags for existing tools and ways to monitor network performance from a system level, along with some suggestions of things to correct
View 0 Replies
View Related
Aug 4, 2009
What is the best way to find out which filesystems and harddrive drivers you can remove? Obviously, i need ext2,3 but how do you find which HD you only need?
View 1 Replies
View Related
Jun 15, 2009
recently,my dedicated server down frequently,
i can not find any important info from /var/log/messages
but i find some records many time on it,those like
----------------------------------
Jun 15 05:30:40 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:40 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:40 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:40 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:40 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:40 server kernel: ata1: EH complete
Jun 15 05:30:42 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:42 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:42 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:42 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:42 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:42 server kernel: ata1: EH complete
Jun 15 05:30:44 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:51 server kernel: ata1: EH complete
Jun 15 05:30:51 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:51 server kernel: ata1: EH complete
Jun 15 05:30:51 server kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Jun 15 05:30:51 server kernel: ata1.00: (irq_stat 0x40000001)
Jun 15 05:30:51 server kernel: ata1.00: cmd 25/00:08:42:23:d2/00:00:2c:00:00/e0 tag 0 cdb 0x0 data 4096 in
Jun 15 05:30:51 server kernel: res 51/40:00:42:23:d2/00:00:2c:00:00/e0 Emask 0x9 (media error)
Jun 15 05:30:51 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:30:52 server kernel: ata1: EH complete
Jun 15 05:31:26 server kernel: ata1.00: configured for UDMA/133
Jun 15 05:31:30 server kernel: sd 0:0:0:0: SCSI error: return code = 0x08000002
Jun 15 05:31:33 server kernel: sda: Current [descriptor]: sense key: Medium Error
Jun 15 05:31:36 server kernel: Add. Sense: Unrecovered read error - auto reallocate failed
Jun 15 05:31:36 server kernel:
Jun 15 05:31:39 server kernel: Descriptor sense data with sense descriptors (in hex):
Jun 15 05:31:46 server kernel: 72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00
Jun 15 05:31:51 server kernel: 2c d2 23 42
Jun 15 05:31:56 server kernel: end_request: I/O error, dev sda, sector 751969090
Jun 15 05:31:57 server kernel: ata1: EH complete
Jun 15 05:31:57 server kernel: SCSI device sda: 976773168 512-byte hdwr sectors (500108 MB)
Jun 15 05:31:58 server kernel: sda: Write Protect is off
Jun 15 05:31:58 server kernel: SCSI device sda: drive cache: write back
Jun 15 05:31:59 server kernel: SCSI device sda: 976773168 512-byte hdwr sectors (500108 MB)
Jun 15 05:32:03 server kernel: sda: Write Protect is off
Jun 15 05:32:04 server kernel: SCSI device sda: drive cache: write back
-------------------
is it safe ? or any hardware error?
View 4 Replies
View Related
Jul 7, 2009
can i upgrade my kernel?
yum cant find any new update but my kernel version is 2.6.18-128.1.1.el5.028stab062.3PAE
View 9 Replies
View Related
Jun 13, 2009
I have following error in kernel update with yum:
Downloading Packages:
Running rpm_check_debug
ERROR with rpm_check_debug vs depsolve:
Package kernel conflicts with ecryptfs-utils < 44.
Complete!
So kernel not updated yet.
View 9 Replies
View Related
Jun 20, 2009
I copied the default config file and renamed it as .config but I get this:
Code:
WARNING: No module dm-mem-cache found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-region_hash found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-message found for kernel 2.6.27.10-grsec, continuing anyway
WARNING: No module dm-raid45 found for kernel 2.6.27.10-grsec, continuing anyway
View 2 Replies
View Related
Jul 20, 2009
My current kernel version is "2.6.9-42.0.10.ELsmp #1 SMP Fri Feb 16 17:17:21 EST 2007 i686 athlon i386 GNU/Linux". I want it to be upgraded since it is old. I have been told by our server management company that the latest kernel distributed from yum is kernel.i686 0:2.6.9-78.0.22.E. Can anyone tell me if this version is safe and secure enough? It is a CentOS release 4.7 (Final) server with cPanel installed.
View 2 Replies
View Related
Aug 1, 2009
i have a dedicated server with Centos 5.2 32bit.
my cpu is 64bit but for some software, datacenter install 32bit for me.
i need more ram and order to datacenter, before my ram was 4 Gig and now my ram is 6 gig . but cpu just use 3 gig of ram.
i install kernel-PAE with "yum install kernel-PAE " command and my ram down to 2.5 Gig. now my server used just 2.5 gig of ram.
i can not reformat server because of i have some vps in this server ( Xen vps )
View 11 Replies
View Related
Jul 12, 2009
when doing 2.6.26+ or w/e it is, how do you enable conntrack, what options do i need to enable under make menuconfig?
net.netfilter.nf_conntrack_acct = 1
net.netfilter.nf_conntrack_generic_timeout = 120
error: "net.netfilter.nf_conntrack_icmp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_last_ack" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_established" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_recv" is an unknown key
error: "net.netfilter.nf_conntrack_tcp_timeout_syn_sent" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout" is an unknown key
error: "net.netfilter.nf_conntrack_udp_timeout_stream" is an unknown key
net.netfilter.nf_conntrack_max = 262144
and how do i know which hardware/devices that i can remove?
View 2 Replies
View Related
Jul 24, 2009
I have a FreeBSD server crashing a few times per week sometimes 2 or 3 times in one day, then 3 days fine sometimes each other day...
/var/log/messages shows nothing related to the reboot when looking at the server screen after a crash, it showed kernel panic
any ideas on how to troubleshoot that with the minimum downtime possible? DC already tried swapping memory, but it didn't solve
View 14 Replies
View Related
May 12, 2008
I am using centos 4.6 on 2.6.9-67smp kernel
I need to update the kernel to 2.6.25.3
is that possible ?
View 10 Replies
View Related
Dec 24, 2008
I've never actually compiled a kernel before, and wanted to know the basics when it comes to compiling for a standard CPanel/Centos 32bit system.
View 10 Replies
View Related
Jul 9, 2008
i compiled my kernel and i have problem.. i dont have lilo on my server so i dont know how to change the grub.conf file to boot my new kernel..
View 7 Replies
View Related
Jun 28, 2008
How Can i translate An Kernel Exploit to secure my server like that
[url]
how can i now what i do to my server if i see any exploit
View 4 Replies
View Related
Apr 26, 2008
I have always used RPM kernels from the RedHat Network, in this time I need to compile an SMP kernel in a server that is used to serve common webhosting traffic (web, ftp, email, etc) with cPanel.
I have compiled kernels from source in desktops stations, but never in remote servers.. do you have any recommendations to do this at a Dual Xeon 3.2 RHE 5 + cPanel server? Oh.. almost forgot.. I will also compile it with GRsecurity.
Should I use a src kernel from RedHat, or a kernel.org latest kernel?
View 4 Replies
View Related
May 8, 2008
I installed CentOS 5 on a server with 2 quad core CPU's and 4GB of RAM. After the installation is done and during boot I see a warning that says "Warning only 3GB will be used".
So, just to check, I installed CentOS 4.4 and it sees all 4GB of RAM.
Are there any memory limitations on the distro? or could it be that the desktop kernels made their way into the iso's from upstream?
View 5 Replies
View Related
Feb 20, 2008
I am recompiling the kernel with the src rpm. I haven't been able to get any kernel to boot properly since i got this server.
I really could use some help, below i posted lspci, lsmod and cat interrupts. What I really need help with is which kernel modules are necessary for my server.
lspci: [url]
lsmod: [url]
interrupts: [url]
I have already tried a kernel with ext3, and sata support compiled in but it never boots.
View 5 Replies
View Related
Mar 21, 2008
For everyone out there who have dedicated servers with linux kernel, do you use a kernel patch like GrSecurity for extra security and piece of mind or not and why?
I am using mostly VPS with huge resources for hosting sites because I didn't have the budget for Raid 5, Data Redundancy and managed servers. But now I just leased my first Dedicated running Centos (for better compatibility with CPanel) and I am concerned about the kernel's security issues.
I am using Grsecurity on a labrat (home server) for testing purposes but I dont know if it is the right option for a Production Live server.
View 4 Replies
View Related
Nov 1, 2008
I just got 2 'kernel panic' crashes in a row (about 1 hr between them). During that time
I cannot access ssh, I need to contact the datacenter for manual reboot.
I checked logs, and I cannot see anything abnormal. I am also not sure what I should be looking for.
I'm really scarred that this is going to keep hapening.
I actually may have found something in logs:
Nov 1 13:20:43 punky kernel: audit(:0): major=252 name_count=0: freeing multiple contexts (1)
lov 1 13:20:43 punky kernel: audit(:0): major=316 name_count=0: freeing multiple contexts (2)
lov 1 13:20:50 punky pure-ftpd: (shont@84.201.220.8) [INFO] Logout.
Nov 1 13:45:04 punky syslogd 1.4.1: restart.
But I still don't know what this means.
I use CentOS.
View 10 Replies
View Related
