03:15.54 | *** join/#fredlug stickster_ (n=stickste@fedora/stickster) |
13:28.42 | *** join/#fredlug jsmith (n=jsmith@000-191-745.area3.spcsdns.net) |
14:30.09 | *** join/#fredlug jsmith (n=jsmith@000-191-745.area3.spcsdns.net) |
15:23.52 | jsmith | Anybody have a spare PCI-to-PCMCIA adapter? |
15:27.26 | *** join/#fredlug plarsen_ (n=plarsen@208.176.91.240.ptr.us.xo.net) |
18:54.05 | plarsen_work | Ehhh - stickster_work .. are you around |
18:54.05 | plarsen_work | ? |
18:54.19 | plarsen_work | darn selinux audit log needs to be interpreted :( |
18:54.54 | plarsen_work | avc: denied { sendto } for pid=28144 comm="snmpd" name="log" scontext=system_u:system_r:snmpd_t tcontext=user_u_system_r_initrc_t tclass=unitx_dgram_socket |
18:55.04 | plarsen_work | what object is being referred to here? |
18:57.03 | jsmith | It appears to be a unix socket |
18:58.38 | plarsen_work | uhmmm - that I reconned -- but I'm puzzled to where I configure/change the setup for this? |
19:18.58 | jsmith | Did you try setroubleshoot? |
19:20.54 | plarsen_work | can't - there's no specific audit log. I'll try to have it talk to dmesg ;) |
19:21.42 | plarsen_work | not there on RHES4 :( |
19:23.01 | jsmith | Ah... |
19:23.16 | jsmith | You'll have to ask stickster_work then |
20:11.50 | stickster_work | plarsen_work: still there? |
20:12.21 | stickster_work | plarsen_work: May want to install "audit" package and start the auditd service |
20:12.37 | stickster_work | There is a performance hit of a percent or two, but it's worth it at least while t-shooting |
20:13.57 | stickster_work | I'm assuming you transcribed this message, not cut 'n' paste, right? |
20:14.17 | jsmith | What, did the "unitx" give it away? |
20:14.25 | stickster_work | Ah, I just saw that |
20:14.26 | stickster_work | :-D |
20:14.31 | stickster_work | I was looking at the weird tcontext |
20:16.26 | stickster_work | Check that context, is it really initrc_t or something else? |
20:17.56 | stickster_work | So could it be that your snmpd is being forbidden from writing to the system log? |
20:22.41 | stickster_work | Nah, that would be syslogd_t |
20:33.29 | plarsen_work | That's what it writes :( |
20:33.44 | plarsen_work | I do have snmpd entries in /var/log/messages |
20:34.00 | plarsen_work | and /var/log/snmpd.log |
20:39.27 | plarsen_work | stickster_work: sorry, but RHES4 doesn't seem to provide any "audit" packages. I did a "whatprovides" on setroubleshoot and came up empty |
21:30.58 | jsmith | stickster_work: Ping me when you get a free minute, please |
21:44.21 | stickster_work | jsmith: ping |
21:44.59 | jsmith | stickster: So, after rebooting my colo box, I can't get vsftpd to work right. |
21:45.09 | stickster | jsmith: Ugh, do tell |
21:45.19 | jsmith | stickster: Was wondering if you had any clues... I've beat my head against the wall to the point I can't think |
21:45.45 | stickster | Symptoms? (Note I promise nothing, thanks to my track record) |
21:45.53 | stickster | :-D |
21:47.23 | jsmith | vsftpd accepts the socket connection, but then closes the connection as soon as you change directories or type 'ls' |
21:47.35 | stickster | Whoa. |
21:47.40 | jsmith | Yeah... |
21:47.51 | jsmith | Wait 'til you see the output of the strace on the process |
21:48.22 | jsmith | Pardon the flood... |
21:48.24 | jsmith | [root@www log]# ps axuw | grep vsftpd |
21:48.25 | jsmith | root 7264 0.0 0.0 19548 1348 pts/0 S 15:25 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf |
21:48.25 | jsmith | root 7472 0.0 0.0 51072 676 pts/0 R+ 15:27 0:00 grep vsftpd |
21:48.25 | jsmith | [root@www log]# strace -p 7264 |
21:48.25 | jsmith | Process 7264 attached - interrupt to quit |
21:48.25 | jsmith | accept(3, {sa_family=AF_INET, sin_port=htons(32924), sin_addr=inet_addr("68.246.234.24")}, [18446744069414584336]) = 0 |
21:48.28 | jsmith | rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0 |
21:48.30 | jsmith | rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0 |
21:48.32 | jsmith | clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a96926c50) = 7553 |
21:48.35 | jsmith | close(0) = 0 |
21:48.37 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0 |
21:48.41 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0 |
21:48.43 | jsmith | accept(3, 0x7fbffffa80, [18446744069414584348]) = ? ERESTARTSYS (To be restarted) |
21:48.45 | jsmith | --- SIGCHLD (Child exited) @ 0 (0) --- |
21:48.47 | jsmith | wait4(-1, NULL, WNOHANG, NULL) = 7553 |
21:48.49 | jsmith | wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes) |
21:48.51 | jsmith | rt_sigreturn(0xffffffffffffffff) = -1 EINTR (Interrupted system call) |
21:48.53 | jsmith | rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0 |
21:48.55 | jsmith | rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0 |
21:48.57 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0 |
21:48.59 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0 |
21:49.01 | jsmith | accept(3, {sa_family=AF_INET, sin_port=htons(32920), sin_addr=inet_addr("68.246.234.24")}, [18446744069414584336]) = 0 |
21:49.04 | jsmith | rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0 |
21:49.06 | jsmith | rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0 |
21:49.10 | jsmith | clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a96926c50) = 7559 |
21:49.13 | jsmith | close(0) = 0 |
21:49.15 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0 |
21:49.17 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0 |
21:49.19 | jsmith | accept(3, 0x7fbffffa80, [18446744069414584348]) = ? ERESTARTSYS (To be restarted) |
21:49.21 | jsmith | --- SIGCHLD (Child exited) @ 0 (0) --- |
21:49.23 | jsmith | wait4(-1, NULL, WNOHANG, NULL) = 7559 |
21:49.25 | jsmith | wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes) |
21:49.27 | jsmith | rt_sigreturn(0xffffffffffffffff) = -1 EINTR (Interrupted system call) |
21:49.29 | jsmith | rt_sig |
21:50.06 | stickster | jsmith: Can you give me a normal user account there that I can try? |
21:50.20 | jsmith | No... but I can give you root access :-) |
21:50.27 | jsmith | Actually, I may have found the problem... |
21:50.36 | jsmith | /var/log/messages is filling up with SCSI errors |
21:50.37 | jsmith | :-( |
21:50.41 | stickster | Oh my gosh. |
21:50.46 | stickster | That's not good. |
21:51.05 | stickster | Well, now you know why the box was up and dying on you |
21:51.11 | plarsen_work | ouch! |
21:51.12 | jsmith | Nope... wanna poke around on it? |
21:51.18 | stickster | sure |
21:51.36 | stickster | How shall we do this? Shall I send you my SSH pubkey? |
21:51.45 | jsmith | [root@www log]# cat /proc/mdstat |
21:51.45 | jsmith | Personalities : [raid0] [raid1] |
21:51.45 | jsmith | md1 : active raid1 hdb2[1] hda2[0] |
21:51.45 | jsmith | <PROTECTED> |
21:51.45 | jsmith | <PROTECTED> |
21:51.46 | jsmith | md2 : active raid1 hdb3[1] hda3[0] |
21:51.48 | jsmith | <PROTECTED> |
21:51.50 | jsmith | <PROTECTED> |
21:51.52 | jsmith | md3 : active raid0 hdb5[1] hda5[0] |
21:51.54 | jsmith | <PROTECTED> |
21:51.56 | jsmith | <PROTECTED> |
21:51.58 | jsmith | md0 : active raid1 hdb1[1] hda1[0] |
21:52.00 | jsmith | <PROTECTED> |
21:52.02 | jsmith | stickster: Sure! |
21:52.06 | jsmith | Hmmmn... mdstat looks better than it did last week |
21:52.12 | stickster | Yeah, not so hairy there |
21:52.59 | stickster | OK, pubkey bombs away |
21:58.02 | stickster | jsmith: Just let me know where/when. |
21:58.33 | jsmith | stickster: Now, root@www.jaredsmith.net |
22:01.27 | stickster | jsmith: Yeah, weird... so um... what was /dev/sda? |
22:02.13 | jsmith | Oh... let's see... |
22:02.15 | jsmith | Uh... |
22:02.20 | jsmith | Yuck... |
22:02.27 | stickster | 'cause I see only IDE devices now! |
22:02.29 | jsmith | That was the RAID array for a friend of mine |
22:02.33 | stickster | Ahh |
22:02.34 | jsmith | His website, etc. |
22:02.43 | jsmith | One of the drives failed last week |
22:02.51 | jsmith | Looks like the other must have died today :-( |
22:03.11 | stickster | ouch |
22:03.42 | jsmith | Well, for various definitions of "died" |
22:03.49 | stickster | heh |
22:04.58 | stickster | I'm making a normal user acct for me just for now |
22:07.18 | plarsen_work | jsmith: are you running smartd ? |
22:07.32 | jsmith | plarsen_work: Probably not |
22:07.36 | jsmith | stickster: That's cool... |
22:07.51 | jsmith | stickster: So, I'm not sure the SCSI problem would explain the FTP thing, if it were sda |
22:07.58 | stickster | right |
22:08.07 | stickster | Yeah, problem persists for me |
22:12.14 | stickster | jsmith: selinux=disabled! shame! |
22:12.15 | stickster | :-D |
22:13.16 | jsmith | stickster: Yes, I know... this server's had a long life |
22:13.26 | jsmith | stickster: Back from when I didn't know jack about selinux |
22:19.55 | jsmith | No problem... be back in a few |
23:04.58 | plarsen_work | stickster: I think it would explain it .. when you issue a command it tries to log, and if there's a SCSI/IO error it'll kill the process = disconnect |
23:06.33 | jsmith | I'm not getting the SCSI/IO errors anymore, as the RAID array is totally dead now |
23:43.31 | stickster | plarsen: Well, the sda drive isn't really being used by vsftpd, and since the problem persists, I'm guessing that ain't it ;-) |