| 03:15.54 | *** join/#fredlug stickster_ (n=stickste@fedora/stickster) |
| 13:28.42 | *** join/#fredlug jsmith (n=jsmith@000-191-745.area3.spcsdns.net) |
| 14:30.09 | *** join/#fredlug jsmith (n=jsmith@000-191-745.area3.spcsdns.net) |
| 15:23.52 | jsmith | Anybody have a spare PCI-to-PCMCIA adapter? |
| 15:27.26 | *** join/#fredlug plarsen_ (n=plarsen@208.176.91.240.ptr.us.xo.net) |
| 18:54.05 | plarsen_work | Ehhh - stickster_work .. are you around |
| 18:54.05 | plarsen_work | ? |
| 18:54.19 | plarsen_work | darn selinux audit log needs to be interpreted :( |
| 18:54.54 | plarsen_work | avc: denied { sendto } for pid=28144 comm="snmpd" name="log" scontext=system_u:system_r:snmpd_t tcontext=user_u_system_r_initrc_t tclass=unitx_dgram_socket |
| 18:55.04 | plarsen_work | what object is being referred to here? |
| 18:57.03 | jsmith | It appears to be a unix socket |
| 18:58.38 | plarsen_work | uhmmm - that I reconned -- but I'm puzzled to where I configure/change the setup for this? |
| 19:18.58 | jsmith | Did you try setroubleshoot? |
| 19:20.54 | plarsen_work | can't - there's no specific audit log. I'll try to have it talk to dmesg ;) |
| 19:21.42 | plarsen_work | not there on RHES4 :( |
| 19:23.01 | jsmith | Ah... |
| 19:23.16 | jsmith | You'll have to ask stickster_work then |
| 20:11.50 | stickster_work | plarsen_work: still there? |
| 20:12.21 | stickster_work | plarsen_work: May want to install "audit" package and start the auditd service |
| 20:12.37 | stickster_work | There is a performance hit of a percent or two, but it's worth it at least while t-shooting |
| 20:13.57 | stickster_work | I'm assuming you transcribed this message, not cut 'n' paste, right? |
| 20:14.17 | jsmith | What, did the "unitx" give it away? |
| 20:14.25 | stickster_work | Ah, I just saw that |
| 20:14.26 | stickster_work | :-D |
| 20:14.31 | stickster_work | I was looking at the weird tcontext |
| 20:16.26 | stickster_work | Check that context, is it really initrc_t or something else? |
| 20:17.56 | stickster_work | So could it be that your snmpd is being forbidden from writing to the system log? |
| 20:22.41 | stickster_work | Nah, that would be syslogd_t |
| 20:33.29 | plarsen_work | That's what it writes :( |
| 20:33.44 | plarsen_work | I do have snmpd entries in /var/log/messages |
| 20:34.00 | plarsen_work | and /var/log/snmpd.log |
| 20:39.27 | plarsen_work | stickster_work: sorry, but RHES4 doesn't seem to provide any "audit" packages. I did a "whatprovides" on setroubleshoot and came up empty |
| 21:30.58 | jsmith | stickster_work: Ping me when you get a free minute, please |
| 21:44.21 | stickster_work | jsmith: ping |
| 21:44.59 | jsmith | stickster: So, after rebooting my colo box, I can't get vsftpd to work right. |
| 21:45.09 | stickster | jsmith: Ugh, do tell |
| 21:45.19 | jsmith | stickster: Was wondering if you had any clues... I've beat my head against the wall to the point I can't think |
| 21:45.45 | stickster | Symptoms? (Note I promise nothing, thanks to my track record) |
| 21:45.53 | stickster | :-D |
| 21:47.23 | jsmith | vsftpd accepts the socket connection, but then closes the connection as soon as you change directories or type 'ls' |
| 21:47.35 | stickster | Whoa. |
| 21:47.40 | jsmith | Yeah... |
| 21:47.51 | jsmith | Wait 'til you see the output of the strace on the process |
| 21:48.22 | jsmith | Pardon the flood... |
| 21:48.24 | jsmith | [root@www log]# ps axuw | grep vsftpd |
| 21:48.25 | jsmith | root 7264 0.0 0.0 19548 1348 pts/0 S 15:25 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf |
| 21:48.25 | jsmith | root 7472 0.0 0.0 51072 676 pts/0 R+ 15:27 0:00 grep vsftpd |
| 21:48.25 | jsmith | [root@www log]# strace -p 7264 |
| 21:48.25 | jsmith | Process 7264 attached - interrupt to quit |
| 21:48.25 | jsmith | accept(3, {sa_family=AF_INET, sin_port=htons(32924), sin_addr=inet_addr("68.246.234.24")}, [18446744069414584336]) = 0 |
| 21:48.28 | jsmith | rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0 |
| 21:48.30 | jsmith | rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0 |
| 21:48.32 | jsmith | clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a96926c50) = 7553 |
| 21:48.35 | jsmith | close(0) = 0 |
| 21:48.37 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0 |
| 21:48.41 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0 |
| 21:48.43 | jsmith | accept(3, 0x7fbffffa80, [18446744069414584348]) = ? ERESTARTSYS (To be restarted) |
| 21:48.45 | jsmith | --- SIGCHLD (Child exited) @ 0 (0) --- |
| 21:48.47 | jsmith | wait4(-1, NULL, WNOHANG, NULL) = 7553 |
| 21:48.49 | jsmith | wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes) |
| 21:48.51 | jsmith | rt_sigreturn(0xffffffffffffffff) = -1 EINTR (Interrupted system call) |
| 21:48.53 | jsmith | rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0 |
| 21:48.55 | jsmith | rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0 |
| 21:48.57 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0 |
| 21:48.59 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0 |
| 21:49.01 | jsmith | accept(3, {sa_family=AF_INET, sin_port=htons(32920), sin_addr=inet_addr("68.246.234.24")}, [18446744069414584336]) = 0 |
| 21:49.04 | jsmith | rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0 |
| 21:49.06 | jsmith | rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0 |
| 21:49.10 | jsmith | clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a96926c50) = 7559 |
| 21:49.13 | jsmith | close(0) = 0 |
| 21:49.15 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0 |
| 21:49.17 | jsmith | rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0 |
| 21:49.19 | jsmith | accept(3, 0x7fbffffa80, [18446744069414584348]) = ? ERESTARTSYS (To be restarted) |
| 21:49.21 | jsmith | --- SIGCHLD (Child exited) @ 0 (0) --- |
| 21:49.23 | jsmith | wait4(-1, NULL, WNOHANG, NULL) = 7559 |
| 21:49.25 | jsmith | wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes) |
| 21:49.27 | jsmith | rt_sigreturn(0xffffffffffffffff) = -1 EINTR (Interrupted system call) |
| 21:49.29 | jsmith | rt_sig |
| 21:50.06 | stickster | jsmith: Can you give me a normal user account there that I can try? |
| 21:50.20 | jsmith | No... but I can give you root access :-) |
| 21:50.27 | jsmith | Actually, I may have found the problem... |
| 21:50.36 | jsmith | /var/log/messages is filling up with SCSI errors |
| 21:50.37 | jsmith | :-( |
| 21:50.41 | stickster | Oh my gosh. |
| 21:50.46 | stickster | That's not good. |
| 21:51.05 | stickster | Well, now you know why the box was up and dying on you |
| 21:51.11 | plarsen_work | ouch! |
| 21:51.12 | jsmith | Nope... wanna poke around on it? |
| 21:51.18 | stickster | sure |
| 21:51.36 | stickster | How shall we do this? Shall I send you my SSH pubkey? |
| 21:51.45 | jsmith | [root@www log]# cat /proc/mdstat |
| 21:51.45 | jsmith | Personalities : [raid0] [raid1] |
| 21:51.45 | jsmith | md1 : active raid1 hdb2[1] hda2[0] |
| 21:51.45 | jsmith | <PROTECTED> |
| 21:51.45 | jsmith | <PROTECTED> |
| 21:51.46 | jsmith | md2 : active raid1 hdb3[1] hda3[0] |
| 21:51.48 | jsmith | <PROTECTED> |
| 21:51.50 | jsmith | <PROTECTED> |
| 21:51.52 | jsmith | md3 : active raid0 hdb5[1] hda5[0] |
| 21:51.54 | jsmith | <PROTECTED> |
| 21:51.56 | jsmith | <PROTECTED> |
| 21:51.58 | jsmith | md0 : active raid1 hdb1[1] hda1[0] |
| 21:52.00 | jsmith | <PROTECTED> |
| 21:52.02 | jsmith | stickster: Sure! |
| 21:52.06 | jsmith | Hmmmn... mdstat looks better than it did last week |
| 21:52.12 | stickster | Yeah, not so hairy there |
| 21:52.59 | stickster | OK, pubkey bombs away |
| 21:58.02 | stickster | jsmith: Just let me know where/when. |
| 21:58.33 | jsmith | stickster: Now, root@www.jaredsmith.net |
| 22:01.27 | stickster | jsmith: Yeah, weird... so um... what was /dev/sda? |
| 22:02.13 | jsmith | Oh... let's see... |
| 22:02.15 | jsmith | Uh... |
| 22:02.20 | jsmith | Yuck... |
| 22:02.27 | stickster | 'cause I see only IDE devices now! |
| 22:02.29 | jsmith | That was the RAID array for a friend of mine |
| 22:02.33 | stickster | Ahh |
| 22:02.34 | jsmith | His website, etc. |
| 22:02.43 | jsmith | One of the drives failed last week |
| 22:02.51 | jsmith | Looks like the other must have died today :-( |
| 22:03.11 | stickster | ouch |
| 22:03.42 | jsmith | Well, for various definitions of "died" |
| 22:03.49 | stickster | heh |
| 22:04.58 | stickster | I'm making a normal user acct for me just for now |
| 22:07.18 | plarsen_work | jsmith: are you running smartd ? |
| 22:07.32 | jsmith | plarsen_work: Probably not |
| 22:07.36 | jsmith | stickster: That's cool... |
| 22:07.51 | jsmith | stickster: So, I'm not sure the SCSI problem would explain the FTP thing, if it were sda |
| 22:07.58 | stickster | right |
| 22:08.07 | stickster | Yeah, problem persists for me |
| 22:12.14 | stickster | jsmith: selinux=disabled! shame! |
| 22:12.15 | stickster | :-D |
| 22:13.16 | jsmith | stickster: Yes, I know... this server's had a long life |
| 22:13.26 | jsmith | stickster: Back from when I didn't know jack about selinux |
| 22:19.55 | jsmith | No problem... be back in a few |
| 23:04.58 | plarsen_work | stickster: I think it would explain it .. when you issue a command it tries to log, and if there's a SCSI/IO error it'll kill the process = disconnect |
| 23:06.33 | jsmith | I'm not getting the SCSI/IO errors anymore, as the RAID array is totally dead now |
| 23:43.31 | stickster | plarsen: Well, the sda drive isn't really being used by vsftpd, and since the problem persists, I'm guessing that ain't it ;-) |