I have a CentOS 3.8 server which i manage for web hosting (web server, mail server + database server). Today i got it down because of an attack, here is the last snapshot of top command before server dies
09:47:30 up 21 days, 6:54, 1 user, load average: 363.88, 727.82, 253.42 3949 processes: 135 sleeping, 3800 running, 14 zombie, 0 stopped CPU states: cpu user nice system irq softirq iowait idle total 0.6% 0.0% 99.2% 0.0% 0.0% 0.0% 0.0% cpu00 0.4% 0.0% 99.4% 0.0% 0.0% 0.0% 0.0% cpu01 0.8% 0.0% 99.0% 0.0% 0.1% 0.0% 0.0% Mem: 2055236k av, 1935836k used, 119400k free, 0k shrd, 188120k buff 1286892k actv, 165568k in_d, 17336k in_c Swap: 2040244k av, 22676k used, 2017568k free 901000k cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 6515 root 19 0 10048 9.8M 2612 R 3.9 0.4 1:06 1 cpsrvd-ssl 7175 root 18 0 564 564 492 S 2.7 0.0 0:03 0 couriertcpd 10365 nobody 19 0 11020 10M 2352 R 2.5 0.5 0:08 0 httpd 1998 root 19 0 10724 10M 2140 R 2.4 0.5 3:02 1 httpd 10719 mailnull 19 0 1892 1892 1548 R 1.8 0.0 3:49 0 exim 7169 root 19 0 552 552 476 R 1.8 0.0 0:10 1 couriertcpd 29384 manmoud 25 0 380 380 308 R 1.0 0.0 0:01 0 2-4-21 26278 manmoud 24 0 420 420 308 R 0.9 0.0 0:01 1 2-4-21 26519 manmoud 25 0 420 420 308 R 0.9 0.0 0:01 1 2-4-21 26524 manmoud 25 0 424 424 308 R 0.9 0.0 0:01 1 2-4-21 29368 manmoud 25 0 412 412 308 R 0.9 0.0 0:01 1 2-4-21 25916 manmoud 24 0 388 388 308 R 0.8 0.0 0:01 0 2-4-21 25922 manmoud 25 0 388 388 308 R 0.8 0.0 0:01 0 2-4-21
Clearly, the user manmod caused this huge load. Are there any way to prevent such high load caused by any user on the system except root??
thanx
Clearly, the user manmod caused this huge load. Are there any way to prevent such high load caused by any user on the system except root??
You can set up resource limiting by modifying /etc/security/limits.conf to suit your needs.
Thank you very much for your concern. After editing this file, Should i save it only? or, i should run some command to enforce new settings
Thanx
Jim Perrin wrote:
Clearly, the user manmod caused this huge load. Are there any way to prevent such high load caused by any user on the system except root??
You can set up resource limiting by modifying /etc/security/limits.conf to suit your needs.
On 11/12/06, Abd El-Hameed Ayad hamid@use-trade.com wrote:
Top posting is bad, mmmkay?
Thank you very much for your concern. After editing this file, Should i save it only? or, i should run some command to enforce new settings
As what you are doing within this file has large implications on the system, I would expect that you'd read the manpage and related documentation in the sys-admin guide etc at http://www.centos.org/docs/3/ You'll want to test out what good limits are, and where certain things may need to be adjusted. Because every system has different needs and requirements, my last post was simply intended to point you in the general direction.
-
Abd El-Hameed Ayad -
Jim Perrin