[CentOS] Machine becoming irresponsive

Les Mikesell lesmikesell at gmail.com
Mon Jan 23 15:56:19 UTC 2012


On Mon, Jan 23, 2012 at 9:13 AM, Dotan Cohen <dotancohen at gmail.com> wrote:
> On Mon, Jan 23, 2012 at 16:23, Phil Schaffner
> <Philip.R.Schaffner at nasa.gov> wrote:
>> I'd have a look at why an apparently Internet-facing server is 5 point
>> releases, plus a lot of subsequent errata, behind the current 5.7
>> release level; and what resultant vulnerabilities might have been exploited.
>>
>
> Thanks. There are a lot of very specific software on that server that
> precludes it from being updated. I believe that 5.2 still is seeing
> security updates, no?

No, if you were doing updates, you would be at 5.7 now.  It you aren't
doing updates there are well known exploits against anything earlier
than 5.4 or so.

> In any case, a complete reinstall with either 5.2 or a latter version
> is pretty much out of the question for now, though I will try to see
> what needs to be done in that direction. In the meantime, where should
> I concentrate my efforts?

First you have to make sure that the tools you are going to use for
diagnosis haven't been compromised.  An rpm -Va is a first cut at
finding files that are changed from the copies distributed.   Also, if
you have a known-good backup or offline system, run md5sum on netstat,
top, ps, lsof, ssh and sshd and compare to the versions on this
system.  If it is just a software bug, it may be a program not closing
files or leaking memory.  Netstat or lsof should show open files and
connections - if they keep going up, look for the process causing it.
Top will show what is using memory.  Ps will show the running
processes - look for anything you don't expect to be running.  If you
have mysql running, try 'mysqladmin status' and see if you have many
'slow queries'.

-- 
  Les Mikesell
    lesmikesell at gmail.com



More information about the CentOS mailing list