Eu tenho rodado um website de um servidor do CentOS 5 por aproximadamente 1 ano. Tudo estava bem até que eu notei problemas estranhos de inatividade no meu servidor. Eu apenas dei uma olhada nos gráficos do System e vi que a memória do sistema estava maximizada e o serviço do Apache ficou offline.
Eu tenho recebido esse tipo de tempo de inatividade até agora, mas não sei qual poderia ser o problema.
Eu tenho alguns arquivos de log, onde eu encontrei algumas coisas estranhas, mas não sei se é relevante ou não.
Quando o servidor está inativo, recebo este log em var/log/httpd/ssl_error_log
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Oct 31 *** 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Eu também notei que ontem, meu var/log/secure registrou alguma ação de outro ip que não o meu ou o servidor.
Oct 30 *** server1 pure-ftpd: (?@***) [INFO] New connection from ***
Oct 30 *** server1 pure-ftpd: (?@***) [INFO] Anonymous user logged in
Oct 30 *** server1 pure-ftpd: (ftp@***) [ERROR] Can't open that file: Permission denied
Oct 30 *** server1 pure-ftpd: (ftp@***) [ERROR] Can't open that file: Permission denied
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to public: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to incoming: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to incoming: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to _vti_pvt: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Can't change directory to upload: No such file or directory
Oct 30 *** server1 pure-ftpd: (ftp@***) [INFO] Logout.
Isso significa que alguém invadiu meu sistema?
Alguém pode sugerir o que poderia ser esse problema e como posso resolvê-lo? Eu posso postar mais logs se você precisar apenas especificar qual deles!
O log de erros mostra o seguinte quando ocorreu o tempo de inatividade:
[Thu Oct 31 *** 2013] [error] server reached MaxClients setting, consider raising the MaxClients setting
[Thu Oct 31 *** 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 31 *** 2013] [warn] RSA server certificate wildcard CommonName (CN) '*.lxlabs.com' does NOT match server name!?
[Thu Oct 31 *** 2013] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Thu Oct 31 *** 2013] [notice] ModSecurity: APR compiled version="1.2.7"; loaded version="1.3.12"
[Thu Oct 31 *** 2013] [warn] ModSecurity: Loaded APR do not match with compiled!
[Thu Oct 31 *** 2013] [notice] ModSecurity: PCRE compiled version="6.6 "; loaded version="8.02 2010-03-19"
[Thu Oct 31 *** 2013] [warn] ModSecurity: Loaded PCRE do not match with compiled!
[Thu Oct 31 *** 2013] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Thu Oct 31 *** 2013] [notice] ModSecurity: LIBXML compiled version="2.6.26"
[Thu Oct 31 *** 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Oct 31 *** 2013] [notice] Digest: done
[Thu Oct 31 *** 2013] [warn] RSA server certificate wildcard CommonName (CN) '*.lxlabs.com' does NOT match server name!?
[Thu Oct 31 *** 2013] [notice] Apache/2.2.22 (Unix) DAV/2 PHP/5.2.17 mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Thu Oct 31 *** 2013] [notice] caught SIGTERM, shutting down
[Thu Oct 31 *** 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 31 *** 2013] [warn] RSA server certificate wildcard CommonName (CN) '*.lxlabs.com' does NOT match server name!?
[Thu Oct 31 *** 2013] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Thu Oct 31 *** 2013] [notice] ModSecurity: APR compiled version="1.2.7"; loaded version="1.3.12"
[Thu Oct 31 *** 2013] [warn] ModSecurity: Loaded APR do not match with compiled!
[Thu Oct 31 *** 2013] [notice] ModSecurity: PCRE compiled version="6.6 "; loaded version="8.02 2010-03-19"
[Thu Oct 31 *** 2013] [warn] ModSecurity: Loaded PCRE do not match with compiled!
[Thu Oct 31 *** 2013] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Thu Oct 31 *** 2013] [notice] ModSecurity: LIBXML compiled version="2.6.26"
[Thu Oct 31 *** 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Oct 31 *** 2013] [notice] Digest: done
[Thu Oct 31 *** 2013] [warn] RSA server certificate wildcard CommonName (CN) '*.lxlabs.com' does NOT match server name!?
[Thu Oct 31 *** 2013] [notice] Apache/2.2.22 (Unix) DAV/2 PHP/5.2.17 mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
Tags ftp apache-2.2 server-crashes