Я управляю сайтом с сервера CentOS 5 около 1 года. Все было в порядке, пока я не заметил странные проблемы с простоями на моем сервере. Я просто взглянул на системные графики и увидел, что системная память была исчерпана, после чего служба apache отключилась.
У меня до сих пор случаются такие простои, но я действительно не знаю, в чем может быть проблема.
У меня есть несколько файлов журналов, в которых я обнаружил странные вещи, но я не знаю, актуальны они или нет.
Когда сервер не работает, я получаю этот журнал на var/log/httpd/ssl_error_log
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Я также заметил, что вчера мой var/log/secure зарегистрировал какое-то действие с другого ip, чем мой или сервер.
Oct 30 *** server1 pure-ftpd: (?@***) [INFO] New connection from ***
Oct 30 *** server1 pure-ftpd: (?@***) [INFO] Anonymous user logged in
Oct 30 *** server1 pure-ftpd: (ftp@***) [ERROR] Can't open that file: Permission denied
Oct 30 *** server1 pure-ftpd: (ftp@***) [ERROR] Can't open that file: Permission denied
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to public: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to incoming: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to incoming: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to _vti_pvt: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to upload: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Logout.
Это значит, что кто-то взломал мою систему?
Может ли кто-нибудь подсказать, в чем может быть эта проблема и как ее решить? Я могу опубликовать больше журналов, если вам нужно, просто укажите какие!
Журнал ошибок показывает следующее во время простоя:
[Thu Oct 31 *** 2013] [error] server reached MaxClients setting, consider raising the MaxClients setting
[Thu Oct 31 *** 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 31 *** 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.lxlabs.com' does NOT match server name!?
[Thu Oct 31 *** 2013] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Thu Oct 31 *** 2013] [notice] ModSecurity: APR compiled version="1.2.7"; loaded version="1.3.12"
[Thu Oct 31 *** 2013] [warn] ModSecurity: Loaded APR do not match with compiled!
[Thu Oct 31 *** 2013] [notice] ModSecurity: PCRE compiled version="6.6 "; loaded version="8.02 2010-03-19"
[Thu Oct 31 *** 2013] [warn] ModSecurity: Loaded PCRE do not match with compiled!
[Thu Oct 31 *** 2013] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Thu Oct 31 *** 2013] [notice] ModSecurity: LIBXML compiled version="2.6.26"
[Thu Oct 31 *** 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Oct 31 *** 2013] [notice] Digest: done
[Thu Oct 31 *** 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.lxlabs.com' does NOT match server name!?
[Thu Oct 31 *** 2013] [notice] Apache/2.2.22 (Unix) DAV/2 PHP/5.2.17 mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Thu Oct 31 *** 2013] [notice] caught SIGTERM, shutting down
[Thu Oct 31 *** 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 31 *** 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.lxlabs.com' does NOT match server name!?
[Thu Oct 31 *** 2013] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Thu Oct 31 *** 2013] [notice] ModSecurity: APR compiled version="1.2.7"; loaded version="1.3.12"
[Thu Oct 31 *** 2013] [warn] ModSecurity: Loaded APR do not match with compiled!
[Thu Oct 31 *** 2013] [notice] ModSecurity: PCRE compiled version="6.6 "; loaded version="8.02 2010-03-19"
[Thu Oct 31 *** 2013] [warn] ModSecurity: Loaded PCRE do not match with compiled!
[Thu Oct 31 *** 2013] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Thu Oct 31 *** 2013] [notice] ModSecurity: LIBXML compiled version="2.6.26"
[Thu Oct 31 *** 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Oct 31 *** 2013] [notice] Digest: done
[Thu Oct 31 *** 2013] [warn] RSA server certificate wildcard CommonName (CN) `*.lxlabs.com' does NOT match server name!?
[Thu Oct 31 *** 2013] [notice] Apache/2.2.22 (Unix) DAV/2 PHP/5.2.17 mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations