greetings, gentoo-users ...

One of my customers runs an old P3 as a mail-gateway and samba-server
(yeah, I know ...) behind his firewall ...

They simply don't want to swap hardware, they are happy ... until the
following started to happen every week or so:

The server goes offline, you can ping it OK but services like smbd,
postfix, sshd all are not reachable anymore.

I "see" the open ports with nmap from my machine ... but they are shown
as closed.

When the guy there restarts sshd on the server itself I am able to login
again without a problem. There are no bad messages in dmesg and/or
/var/log/messages.

But this seems to be related to the fact that syslog-ng also is inactive
then ... so who should log errors ... ?

--

I thought maybe the NIC has a problem?

Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL-8139/8139C/8139C+ (rev 10)

but as it doesn't lose its IP and config I think that is not the case here?

I am somehow clueless how to approach this ... any hints on how to maybe
get some logs out of these situations?

Thanks a lot in advance, Stefan

--->


# emerge --info

Portage 2.1.8.3 (default/linux/x86/10.0/server, gcc-4.1.2,
glibc-2.8_p20080602-r1, 2.6.32-gentoo-r7 i686)
================================================== ===============
System uname:
Linux-2.6.32-gentoo-r7-i686-Pentium_III_-Coppermine-with-gentoo-1.12.11.1
Timestamp of tree: Tue, 20 Apr 2010 11:30:01 +0000
app-shells/bash: 3.2_p39
dev-lang/python: 2.4.4-r9, 2.5.2-r7, 2.6.4-r1
dev-python/pycrypto: 2.1.0_beta1
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox: 1.6-r2
sys-devel/autoconf: 2.13, 2.63
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2,
1.10.2
sys-devel/binutils: 2.18-r3
sys-devel/gcc: 3.4.6-r2, 4.1.2, 4.3.2-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool: 2.2.6b
virtual/os-headers: 2.6.27-r2
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf
/etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests distlocks fixpackages news parallel-fetch
protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="de_DE.UTF-8"
LC_ALL="de_DE.UTF-8"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
--compress --force --whole-file --delete --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl apache2 berkdb bzip2 cli cracklib crypt cups cxx dri fortran
gdbm gpm iconv ipv6 mbox modules mudflap ncurses nls nptl nptlonly
openmp pam pcre perl pppd python readline reflection sasl session snmp
spl ssl sysfs tcpd truetype unicode x86 xml xorg zlib"
ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci
emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0
intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug
file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw
multi null plug rate route share shm softvol" APACHE2_MODULES="actions
alias auth_basic authn_alias authn_anon authn_dbm authn_default
authn_file authz_dbm authz_default authz_groupfile authz_host
authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir
disk_cache env expires ext_filter file_cache filter headers include info
log_config logio mem_cache mime mime_magic negotiation rewrite setenvif
speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc"
INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad
cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"
RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel
mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via
vmware voodoo"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK,
LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

additional thoughts:

Am 20.04.2010 14:01, schrieb Stefan G. Weichinger:

> I thought maybe the NIC has a problem?
>
> Ethernet controller: Realtek Semiconductor Co., Ltd.
> RTL-8139/8139C/8139C+ (rev 10)
>
> but as it doesn't lose its IP and config I think that is not the case here?

I noticed that both relevant kernel-modules were loaded as noted here:

http://www.mail-archive.com/netdev@vger.kernel.org/msg60241.html

I was able to "rmmod 8139cp" without losing network ...

This might just be a cosmetic issue, I just wanted to add that info.

Stefan


Tue Apr 20 15:30:01 2010
Return-path: <bounce-debian-user=tom=linux-archive.org@lists.debian.org>
Envelope-to: tom@linux-archive.org
Delivery-date: Tue, 20 Apr 2010 15:04:22 +0300
Received: from liszt.debian.org ([82.195.75.100]:41372)
by s2.java-tips.org with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from <bounce-debian-user=tom=linux-archive.org@lists.debian.org>)
id 1O4CBi-000656-CN
for tom@linux-archive.org; Tue, 20 Apr 2010 15:04:22 +0300
Received: from localhost (localhost [127.0.0.1])
by liszt.debian.org (Postfix) with QMQP
id D1A0B13A46B0; Tue, 20 Apr 2010 12:37:10 +0000 (UTC)
Old-Return-Path: <gpall@ccf.auth.gr>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on liszt.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-10.7 required=4.0 tests=FOURLA,LDOSUBSCRIBER,
LDO_WHITELIST,RCVD_IN_DNSWL_LOW,WEIRD_QUOTING autolearn=failed version=3.2.5
X-Original-To: lists-debian-user@liszt.debian.org
Delivered-To: lists-debian-user@liszt.debian.org
Received: from localhost (localhost [127.0.0.1])
by liszt.debian.org (Postfix) with ESMTP id 435C513A452A
for <lists-debian-user@liszt.debian.org>; Tue, 20 Apr 2010 12:37:05 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-6.504 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, LDO_WHITELIST=-5,
RCVD_IN_DNSWL_LOW=-1, WEIRD_QUOTING=1.396] autolearn=no
Received: from liszt.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id KkgwJem6A0Rc for <lists-debian-user@liszt.debian.org>;
Tue, 20 Apr 2010 12:36:57 +0000 (UTC)
X-policyd-weight: using cached result; rate: -7
Received: from hermes3.ccf.auth.gr (hermes3.ccf.auth.gr [155.207.1.69])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "AUTH Mail Servers", Issuer "AUTH Network Operations Center Certification Authority R3" (not verified))
by liszt.debian.org (Postfix) with ESMTPS id 844B113A4529
for <debian-user@lists.debian.org>; Tue, 20 Apr 2010 12:36:51 +0000 (UTC)
Received: from [155.207.112.12] (aris.ccf2.auth.gr [155.207.112.12])
(authenticated bits=0)
by hermes3.ccf.auth.gr (8.14.4/8.14.4) with ESMTP id o3KCakkl027598
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
for <debian-user@lists.debian.org>; Tue, 20 Apr 2010 15:36:47 +0300
Message-ID: <4BCD9FDE.4090804@ccf.auth.gr>
Date: Tue, 20 Apr 2010 15:36:46 +0300
From: =?UTF-8?B?zpPOuc+Oz4HOs86/z4IgzqDOrM67zrvOsc+C?=
<gpall@ccf.auth.gr>
User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090706)
MIME-Version: 1.0
To: debian-user@lists.debian.org
Subject: Re: crypt question/server hotel
References: <1271494160.4881.22.camel@localhost> <20100417100334.GA19732@osamu.debian.net>
In-Reply-To: <20100417100334.GA19732@osamu.debian.net>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms070007040804000205000504"
X-Virus-Scanned: clamav-milter 0.96 at hermes1
X-Virus-Status: Clean
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <j3UCGrz6HjF.A.uvF.2_ZzLB@liszt>
Resent-From: debian-user@lists.debian.org
X-Mailing-List: <debian-user@lists.debian.org> archive/latest/574536
X-Loop: debian-user@lists.debian.org
List-Id: <debian-user.lists.debian.org>
List-Post: <mailto:debian-user@lists.debian.org>
List-Help: <mailto:debian-user-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-user-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-user-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-user-request@lists.debian.org
Resent-Date: Tue, 20 Apr 2010 12:37:10 +0000 (UTC)

This is a cryptographically signed message in MIME format.

--------------ms070007040804000205000504
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Osamu Aoki wrote:
> Hi,
>
> On Sat, Apr 17, 2010 at 10:49:20AM +0200, Jozsi Vadkan wrote:
>
>> I want to put my server in a "server hotel".
>>
>> But: I don't trust my "server hotel owner".
>>
>> What can I do?
>>
>
> I am no expert on this issue but this is my common sense.
>
> Do not use such untrusted servers for the sensitive data.
>
> You can put measures to remote break-in etc. But whoever have local
> hysical access can get tou your data on the system.
>
> (I do not quite understand what kind of server arrangement ...
> virtualized or rack moiunted dedicated server... either way, it is the
> same thing.)
>
>
>> I can crypt my partition/hdd's that contains the data. Ok.
>> But: then my operating system will not be encrypted. Not Ok.
>>
>
> Well, once booted, and if they have some kind of hardware access before
> you boot into your system, you are doomed. Because they can have
> backdoor access.
>
>
>> If I crypt my operating system too, then when a reboot comes,
>> I have to type a password to decrypt. But my server will be at
>> a "server hotel" I can't directly use a keyboard [no service cpu].
>>
>
> All these methods protect against casual break-in but if system is run
> under some super-server like xen etc., your security measure stopps
> there.
>
>
>> What can I do [on technical side] to ensure a little more security
>> to my server [e.g: crypt my partition/slice/whatever, that has the
>> operating system, but without the "type password" ""problem""]
>>
>
> If they have monitoring system pre-installed, ... even with this
> protection is no good.
>
>
>> Thank you for any tips/help.
>>
>
> Keep sensitive data where you have full trust. The remote untrusted
> servers are good for web gateway only. But even for that, you should
> have some trust to them.
>
> Osamu
>
>
>

you may be interested in this:


Unlocking a LUKS encrypted root partition via ssh

http://www.debian-administration.org/articles/579


--------------ms070007040804000205000504
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCS qGSIb3DQEHAQAAoIIhHjCC
CAswggbzoAMCAQICBQEAAAARMA0GCSqGSIb3DQEBBQUAMIGVMQ swCQYDVQQGEwJHUjFEMEIG
A1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIE luc3RpdHV0aW9ucyBDZXJ0
LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbW ljIGFuZCBSZXNlYXJjaCBJ
bnN0aXR1dGlvbnMgUm9vdENBIDIwMDYwHhcNMDkwMjE4MTEzOT A5WhcNMTcwMjE2MTEzOTA5
WjCBnjELMAkGA1UEBhMCR1IxLTArBgNVBAoTJEFyaXN0b3RsZS BVbml2ZXJzaXR5IG9mIFRo
ZXNzYWxvbmlraTE7MDkGA1UEAxMyQXJpc3RvdGxlIFVuaXZlcn NpdHkgb2YgVGhlc3NhbG9u
aWtpIENlbnRyYWwgQ0EgUjIxIzAhBgkqhkiG9w0BCQEWFHBraW FkbWluQGNjZi5hdXRoLmdy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymcX6u ssFCSCQe80wltOvHEQWwQp
SVqqy3i9CcjyogzeF7IRQEjMQghyvMwDteFJEpr4e9CDrWd6sp N6lmtDuh3/6iiRpfiRHUf5
zXqmR/7qf6ykpKPyuu/xbqwqoQOOLIHomRtE2EiC3XxcdaAjhDrwYrf7Yfh6Kv6PEUw8f Vwx
GYl47itXxFdiT2kW01K+IUKTbWdkQmPuz2FK4imfbbKyDpl8vW 6a6w3Tv38HyTCNlxLh0uad
V+jsV9ZxdvvX1BWoVer/CjQdgWVwl9IX0wiN8ydDpyv3jMDd2xtMID0tUBbR3hUrezCy9S S5
QalstDWhF9JNTacGuvq2tpllTQIDAQABo4IEVTCCBFEwDwYDVR 0TAQH/BAUwAwEB/zALBgNV
HQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB0GA1UdDgQWBB QYbmzt1V97ykSHIJYF2nkO
/mstPjAfBgNVHREEGDAWgRRwa2lhZG1pbkBjY2YuYXV0aC5ncjA XBgNVHRIEEDAOgQxjYUBo
YXJpY2EuZ3IwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybH YxLmhhcmljYS5nci9IYXJp
Y2FSb290Q0EyMDA2L2NybHYxLmRlci5jcmwwIwYJYIZIAYb4Qg EEBBYWFG5zX3Jldm9rZV9x
dWVyeS5waHA/MDYGCWCGSAGG+EIBAgQpFidodHRwOi8vY3JsdjEuaGFyaWNhLm dyL0hhcmlj
YVJvb3RDQTIwMDYwRwYJYIZIAYb4QgEIBDoWOGh0dHA6Ly93d3 cuaGFyaWNhLmdyL2RvY3Vt
ZW50cy9IYXJpY2FSb290Q0EyMDA2L0NQUy5odG1sMIGaBglghk gBhvhCAQ0EgYwWgYlUaGlz
IGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gR3JlZWsgbGF3cy BhbmQgb3VyIENQUy4gVGhp
cyBDZXJ0aWZpY2F0ZSBtdXN0IG9ubHkgYmUgdXNlZCBmb3IgYW NhZGVtaWMsIHJlc2VhcmNo
IG9yIGVkdWNhdGlvbmFsIHB1cnBvc2VzLjCBwgYDVR0jBIG6MI G3gBS4ju9E3e77Dxz/oWSX
qpKot3CoGKGBm6SBmDCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBA oTO0hlbGxlbmljIEFjYWRl
bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQX V0aG9yaXR5MUAwPgYDVQQD
EzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdG l0dXRpb25zIFJvb3RDQSAy
MDA2ggEAMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaH R0cDovL29jc3AuaGFyaWNh
LmdyMIIBQAYDVR0gBIIBNzCCATMwggEvBgwrBgEEAYHPEQEAAQ AwggEdMDMGCCsGAQUFBwIB
FidodHRwOi8vd3d3LmhhcmljYS5nci9kb2N1bWVudHMvQ1BTLm h0bWwwgeUGCCsGAQUFBwIC
MIHYMEoWQ0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaC BJbnN0aXR1dGlvbnMgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBiVRoaXMgY2VydG lmaWNhdGUgaXMgc3ViamVj
dCB0byBHcmVlayBsYXdzIGFuZCBvdXIgQ1BTLiBUaGlzIENlcn RpZmljYXRlIG11c3Qgb25s
eSBiZSB1c2VkIGZvciBhY2FkZW1pYywgcmVzZWFyY2ggb3IgZW R1Y2F0aW9uYWwgcHVycG9z
ZXMuMA0GCSqGSIb3DQEBBQUAA4IBAQAbK+ZXLqS+WkzrInBy5d eMBNjH9JJ4m9+rQ5IACPPv
hxW0uOLHJEW039yR0tibmLN4i2RFmVvujsoW8ec4qLf1Z4b2jO JHB3lAXKXz0bh5UGp8Bl4a
CWA8m0G2SctcZB0WiKO8TQ88LlhIsY5sYxjsKdPuJBSg9ap5kG rPFOed7igsuBEWQS/3/qGs
ubvQq+Mgt2COUCtRfdzvPA9s9+h0eGRQmkrgaYOLS8G7XuJLBb 9lDkLKe8i8pwrUThKBWjsZ
knyYikPM6w+lWsXkWBMNtRBO/FFq42prfLOtrZi0nnpREkBqP3VS2C6e17PREEr7TguCJQLw
T2UWXEn2OPSsMIIIJzCCBw+gAwIBAgIFAwAAAAUwDQYJKoZIhv cNAQEFBQAwgZ4xCzAJBgNV
BAYTAkdSMS0wKwYDVQQKEyRBcmlzdG90bGUgVW5pdmVyc2l0eS BvZiBUaGVzc2Fsb25pa2kx
OzA5BgNVBAMTMkFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZX NzYWxvbmlraSBDZW50cmFs
IENBIFIyMSMwIQYJKoZIhvcNAQkBFhRwa2lhZG1pbkBjY2YuYX V0aC5ncjAeFw0wOTA1MjAx
MjI2MDBaFw0xMzA1MTkxMjI2MDBaMIHQMQswCQYDVQQGEwJHUj EtMCsGA1UEChMkQXJpc3Rv
dGxlIFVuaXZlcnNpdHkgb2YgVGhlc3NhbG9uaWtpMSkwJwYDVQ QLEyBDZW50cmFsIENvbW11
bmljYXRpb24gRmFjaWxpdGllczFCMEAGA1UEAxM5QVVUSCBOZX R3b3JrIE9wZXJhdGlvbnMg
Q2VudGVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFIzMSMwIQ YJKoZIhvcNAQkBFhRwa2lh
ZG1pbkBjY2YuYXV0aC5ncjCCASIwDQYJKoZIhvcNAQEBBQADgg EPADCCAQoCggEBANA3ZSQs
ZqfOymWVAqntzbz68zN/lQiWkjurjCDXITK/oNT0kK/OF8kuHUEYTsPRqBiJxT81o3G2J3/G
sa7DhOsusEJb5+1WAxubmo+fZ/xEgQIyAt+fKP/Oc5WcSv1hnLuoeg10wRlW4J6jobc3/1pL
L4pRXv1UlQiLbVvvb3SDcrDtAeboML7poJ5b801NNM9l+L2fux VG7NwArqkdLnQAg2Sz3haa
8dvI29yP0WDDqlF1Yg4ZCIQ03TPTNxviybRMvPzIQ6OUA/1M5AmyLEFPGgIwdlFG6Tc/jFVI
+UCLRcsefdy4GMihUTXOZxZRU1wo5RmeQ5XUgV2SuzCNEcECAw EAAaOCBDYwggQyMA8GA1Ud
EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwI ABzAdBgNVHQ4EFgQU
UhdFbxbXkAqAbXl73mG+9LFPOd8wHwYDVR0RBBgwFoEUcGtpYW RtaW5AY2NmLmF1dGguZ3Iw
HwYDVR0SBBgwFoEUcGtpYWRtaW5AY2NmLmF1dGguZ3IwRwYDVR 0fBEAwPjA8oDqgOIY2aHR0
cDovL2NybHYxLnBraS5hdXRoLmdyL0F1dGhDZW50cmFsQ0FSMi 9jcmx2MS5kZXIuY3JsMCMG
CWCGSAGG+EIBBAQWFhRuc19yZXZva2VfcXVlcnkucGhwPzA3Bg lghkgBhvhCAQIEKhYoaHR0
cDovL2NybHYxLnBraS5hdXRoLmdyL0F1dGhDZW50cmFsQ0FSMj A4BglghkgBhvhCAQgEKxYp
aHR0cDovL3d3dy5wa2kuYXV0aC5nci9kb2N1bWVudHMvQ1BTLm h0bWwwgZoGCWCGSAGG+EIB
DQSBjBaBiVRoaXMgY2VydGlmaWNhdGUgaXMgc3ViamVjdCB0by BHcmVlayBsYXdzIGFuZCBv
dXIgQ1BTLiBUaGlzIENlcnRpZmljYXRlIG11c3Qgb25seSBiZS B1c2VkIGZvciBhY2FkZW1p
YywgcmVzZWFyY2ggb3IgZWR1Y2F0aW9uYWwgcHVycG9zZXMuMI HGBgNVHSMEgb4wgbuAFBhu
bO3VX3vKRIcglgXaeQ7+ay0+oYGbpIGYMIGVMQswCQYDVQQGEw JHUjFEMEIGA1UEChM7SGVs
bGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW 9ucyBDZXJ0LiBBdXRob3Jp
dHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZX NlYXJjaCBJbnN0aXR1dGlv
bnMgUm9vdENBIDIwMDaCBQEAAAARMDMGCCsGAQUFBwEBBCcwJT AjBggrBgEFBQcwAYYXaHR0
cDovL29jc3AucGtpLmF1dGguZ3IwggEgBgNVHSAEggEXMIIBEz CCAQ8GCysGAQQBvB0CAAIE
MIH/MDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnBraS5hdXRoLmdyL2 RvY3VtZW50cy9DUFMu
cGhwMIHGBggrBgEFBQcCAjCBuTArFiRBcmlzdG90bGUgVW5pdm Vyc2l0eSBvZiBUaGVzc2Fs
b25pa2kwAwIBARqBiVRoaXMgY2VydGlmaWNhdGUgaXMgc3Viam VjdCB0byBHcmVlayBsYXdz
IGFuZCBvdXIgQ1BTLiBUaGlzIENlcnRpZmljYXRlIG11c3Qgb2 5seSBiZSB1c2VkIGZvciBh
Y2FkZW1pYywgcmVzZWFyY2ggb3IgZWR1Y2F0aW9uYWwgcHVycG 9zZXMuMA0GCSqGSIb3DQEB
BQUAA4IBAQDIQPsLpSF6c45SXeARSjqvOIsGDuu6f1sGpxK0rF FjdEe8Gd4MPUXxVrfAaZgD
O2QGO9KQw4DvftE/GgOcZSFNcfIH5NqnKrSqmTrJatqHiPP/FUtqnCvM0yNBeyxdg/3rQTGT
e/dFqQ7UEg3QG4oiX5MdkFvvCYI46jFmZZC298Fm2IVHgqXEKbRK pUk3sUyV9bQZObGKfVMi
+vXsvNEbUSQhKaUaOg1hzOTp8WVguL4afMza4Y1bUZw4/7985A3tNnlw4HvEDTPVyyfroCWt
Sv/P8iTp208hZrGPuojL0AQYu8ry+eyLcOQFePi0SgGkAibdEqYQL dT1ZZhWthjCMIIIbjCC
B1agAwIBAgIFBAAAAC4wDQYJKoZIhvcNAQEFBQAwgdAxCzAJBg NVBAYTAkdSMS0wKwYDVQQK
EyRBcmlzdG90bGUgVW5pdmVyc2l0eSBvZiBUaGVzc2Fsb25pa2 kxKTAnBgNVBAsTIENlbnRy
YWwgQ29tbXVuaWNhdGlvbiBGYWNpbGl0aWVzMUIwQAYDVQQDEz lBVVRIIE5ldHdvcmsgT3Bl
cmF0aW9ucyBDZW50ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdH kgUjMxIzAhBgkqhkiG9w0B
CQEWFHBraWFkbWluQGNjZi5hdXRoLmdyMB4XDTA5MTExNjAwMD AwMFoXDTEwMTExNjIzNTk1
OVowgd8xCzAJBgNVBAYTAkdSMS0wKwYDVQQKEyRBcmlzdG90bG UgVW5pdmVyc2l0eSBvZiBU
aGVzc2Fsb25pa2kxIjAgBgNVBAsTGU5ldHdvcmsgT3BlcmF0aW 9ucyBDZW50ZXIxQTA/BgNV
BAsTOENsYXNzIEIgLSBQcml2YXRlIEtleSBjcmVhdGVkIGFuZC BzdG9yZWQgaW4gc29mdHdh
cmUgQ1NQMRgwFgYDVQQDEw9HZW9yZ2lvcyBQYWxsYXMxIDAeBg kqhkiG9w0BCQEWEWdwYWxs
QGNjZi5hdXRoLmdyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ KBgQCsvnmDQVLmXNeYqXYT
aIBcQU0e4pbX10wEeIWgw/Lx/mL6f5jAdxp7w6qImQmJTCzZbean+M0tda8AU0WRerzjnoWu
H/VWRMGMVmGuPvulYrPP/zZo7KbPs73KrK9h/P/+Vr31dv3DWHMs/+Z89lIdsIECmJgNfOX8
ZbVb1EX+lQIDAQABo4IEwDCCBLwwDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBaAw
DgYDVR0PAQH/BAQDAgXgMEkGA1UdJQRCMEAGCCsGAQUFBwMCBggrBgEFBQcDBA YKKwYBBAGC
NwoDBAYIKwYBBQUHAwMGCCsGAQUFBwMIBgorBgEEAYI3FAICMC kGCSsGAQQBgjcUAgQcHhoA
UwBtAGEAcgB0AGMAYQByAGQAVQBzAGUAcjAdBgNVHQ4EFgQU08 dF6BfjRrCUXm2LPmWlo0lF
UEMwgc8GA1UdIwSBxzCBxIAUUhdFbxbXkAqAbXl73mG+9LFPOd +hgaSkgaEwgZ4xCzAJBgNV
BAYTAkdSMS0wKwYDVQQKEyRBcmlzdG90bGUgVW5pdmVyc2l0eS BvZiBUaGVzc2Fsb25pa2kx
OzA5BgNVBAMTMkFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZX NzYWxvbmlraSBDZW50cmFs
IENBIFIyMSMwIQYJKoZIhvcNAQkBFhRwa2lhZG1pbkBjY2YuYX V0aC5ncoIFAwAAAAUwHwYD
VR0SBBgwFoEUcGtpYWRtaW5AY2NmLmF1dGguZ3IwMwYIKwYBBQ UHAQEEJzAlMCMGCCsGAQUF
BzABhhdodHRwOi8vb2NzcC5wa2kuYXV0aC5ncjBDBgNVHR8EPD A6MDigNqA0hjJodHRwOi8v
Y3JsdjEucGtpLmF1dGguZ3IvQXV0aE5vY0NBUjMvY3JsdjEuZG VyLmNybDCBmgYJYIZIAYb4
QgENBIGMFoGJVGhpcyBjZXJ0aWZpY2F0ZSBpcyBzdWJqZWN0IH RvIEdyZWVrIGxhd3MgYW5k
IG91ciBDUFMuIFRoaXMgQ2VydGlmaWNhdGUgbXVzdCBvbmx5IG JlIHVzZWQgZm9yIGFjYWRl
bWljLCByZXNlYXJjaCBvciBlZHVjYXRpb25hbCBwdXJwb3Nlcy 4wMwYJYIZIAYb4QgECBCYW
JGh0dHA6Ly9jcmx2MS5wa2kuYXV0aC5nci9BdXRoTm9jQ0FSMz AjBglghkgBhvhCAQQEFhYU
bnNfcmV2b2tlX3F1ZXJ5LnBocD8wNwYJYIZIAYb4QgEIBCoWKG h0dHA6Ly93d3cucGtpLmF1
dGguZ3IvZG9jdW1lbnRzL0NQUy5waHAwggEgBgNVHSAEggEXMI IBEzCCAQ8GCysGAQQBvB0C
AAIEMIH/MDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnBraS5hdXRoLmdyL2 RvY3VtZW50cy9D
UFMucGhwMIHGBggrBgEFBQcCAjCBuTArFiRBcmlzdG90bGUgVW 5pdmVyc2l0eSBvZiBUaGVz
c2Fsb25pa2kwAwIBARqBiVRoaXMgY2VydGlmaWNhdGUgaXMgc3 ViamVjdCB0byBHcmVlayBs
YXdzIGFuZCBvdXIgQ1BTLiBUaGlzIENlcnRpZmljYXRlIG11c3 Qgb25seSBiZSB1c2VkIGZv
ciBhY2FkZW1pYywgcmVzZWFyY2ggb3IgZWR1Y2F0aW9uYWwgcH VycG9zZXMuMDMGA1UdEQQs
MCqgKAYKKwYBBAGCNxQCA6AaDBhncGFsbEBwY2xhYnMuaXRjLm F1dGguZ3IwDQYJKoZIhvcN
AQEFBQADggEBAG5IT1DgdhKGY7JeGLdjKpnIvMrXfdZTTbKP2C ry3hOE5CEmmhuVWJ1nk9V2
5H9gW3+1nyvRW1ZKz/Av/pbWsPRLfWq8Wg7JCk0RSsS+y0M8lya/XkKDaENLiZE3CxfLZLKj
CkY7F8QBnzpznI0brx0r6SFVx6xGJsVLTsrncv97kKRrxkjYWE aYj2dXZX3PFuAHouWOMUG6
YswoCkbEIArqc6e0eyyCXwcjDj7fXeyhyiX8St7kzJLxzOdp8W RzGu4+8B23Wud2XbyRaFrq
8v7Gyskic4eTSKEmGAdVtLDfwHt/rXpgNEh3uNpx6ipWLl0CM2NlCiC0Zxz4ep+zSU0wgghu
MIIHVqADAgECAgUEAAAALjANBgkqhkiG9w0BAQUFADCB0DELMA kGA1UEBhMCR1IxLTArBgNV
BAoTJEFyaXN0b3RsZSBVbml2ZXJzaXR5IG9mIFRoZXNzYWxvbm lraTEpMCcGA1UECxMgQ2Vu
dHJhbCBDb21tdW5pY2F0aW9uIEZhY2lsaXRpZXMxQjBABgNVBA MTOUFVVEggTmV0d29yayBP
cGVyYXRpb25zIENlbnRlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcm l0eSBSMzEjMCEGCSqGSIb3
DQEJARYUcGtpYWRtaW5AY2NmLmF1dGguZ3IwHhcNMDkxMTE2MD AwMDAwWhcNMTAxMTE2MjM1
OTU5WjCB3zELMAkGA1UEBhMCR1IxLTArBgNVBAoTJEFyaXN0b3 RsZSBVbml2ZXJzaXR5IG9m
IFRoZXNzYWxvbmlraTEiMCAGA1UECxMZTmV0d29yayBPcGVyYX Rpb25zIENlbnRlcjFBMD8G
A1UECxM4Q2xhc3MgQiAtIFByaXZhdGUgS2V5IGNyZWF0ZWQgYW 5kIHN0b3JlZCBpbiBzb2Z0
d2FyZSBDU1AxGDAWBgNVBAMTD0dlb3JnaW9zIFBhbGxhczEgMB 4GCSqGSIb3DQEJARYRZ3Bh
bGxAY2NmLmF1dGguZ3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMI GJAoGBAKy+eYNBUuZc15ip
dhNogFxBTR7iltfXTAR4haDD8vH+Yvp/mMB3GnvDqoiZCYlMLNlt5qf4zS11rwBTRZF6vOOe
ha4f9VZEwYxWYa4++6Vis8//Nmjsps+zvcqsr2H8//5WvfV2/cNYcyz/5nz2Uh2wgQKYmA18
5fxltVvURf6VAgMBAAGjggTAMIIEvDAMBgNVHRMBAf8EAjAAMB EGCWCGSAGG+EIBAQQEAwIF
oDAOBgNVHQ8BAf8EBAMCBeAwSQYDVR0lBEIwQAYIKwYBBQUHAw IGCCsGAQUFBwMEBgorBgEE
AYI3CgMEBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcUAg IwKQYJKwYBBAGCNxQCBBwe
GgBTAG0AYQByAHQAYwBhAHIAZABVAHMAZQByMB0GA1UdDgQWBB TTx0XoF+NGsJRebYs+ZaWj
SUVQQzCBzwYDVR0jBIHHMIHEgBRSF0VvFteQCoBteXveYb70sU 8536GBpKSBoTCBnjELMAkG
A1UEBhMCR1IxLTArBgNVBAoTJEFyaXN0b3RsZSBVbml2ZXJzaX R5IG9mIFRoZXNzYWxvbmlr
aTE7MDkGA1UEAxMyQXJpc3RvdGxlIFVuaXZlcnNpdHkgb2YgVG hlc3NhbG9uaWtpIENlbnRy
YWwgQ0EgUjIxIzAhBgkqhkiG9w0BCQEWFHBraWFkbWluQGNjZi 5hdXRoLmdyggUDAAAABTAf
BgNVHRIEGDAWgRRwa2lhZG1pbkBjY2YuYXV0aC5ncjAzBggrBg EFBQcBAQQnMCUwIwYIKwYB
BQUHMAGGF2h0dHA6Ly9vY3NwLnBraS5hdXRoLmdyMEMGA1UdHw Q8MDowOKA2oDSGMmh0dHA6
Ly9jcmx2MS5wa2kuYXV0aC5nci9BdXRoTm9jQ0FSMy9jcmx2MS 5kZXIuY3JsMIGaBglghkgB
hvhCAQ0EgYwWgYlUaGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3 QgdG8gR3JlZWsgbGF3cyBh
bmQgb3VyIENQUy4gVGhpcyBDZXJ0aWZpY2F0ZSBtdXN0IG9ubH kgYmUgdXNlZCBmb3IgYWNh
ZGVtaWMsIHJlc2VhcmNoIG9yIGVkdWNhdGlvbmFsIHB1cnBvc2 VzLjAzBglghkgBhvhCAQIE
JhYkaHR0cDovL2NybHYxLnBraS5hdXRoLmdyL0F1dGhOb2NDQV IzMCMGCWCGSAGG+EIBBAQW
FhRuc19yZXZva2VfcXVlcnkucGhwPzA3BglghkgBhvhCAQgEKh YoaHR0cDovL3d3dy5wa2ku
YXV0aC5nci9kb2N1bWVudHMvQ1BTLnBocDCCASAGA1UdIASCAR cwggETMIIBDwYLKwYBBAG8
HQIAAgQwgf8wNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucGtpLm F1dGguZ3IvZG9jdW1lbnRz
L0NQUy5waHAwgcYGCCsGAQUFBwICMIG5MCsWJEFyaXN0b3RsZS BVbml2ZXJzaXR5IG9mIFRo
ZXNzYWxvbmlraTADAgEBGoGJVGhpcyBjZXJ0aWZpY2F0ZSBpcy BzdWJqZWN0IHRvIEdyZWVr
IGxhd3MgYW5kIG91ciBDUFMuIFRoaXMgQ2VydGlmaWNhdGUgbX VzdCBvbmx5IGJlIHVzZWQg
Zm9yIGFjYWRlbWljLCByZXNlYXJjaCBvciBlZHVjYXRpb25hbC BwdXJwb3Nlcy4wMwYDVR0R
BCwwKqAoBgorBgEEAYI3FAIDoBoMGGdwYWxsQHBjbGFicy5pdG MuYXV0aC5ncjANBgkqhkiG
9w0BAQUFAAOCAQEAbkhPUOB2EoZjsl4Yt2Mqmci8ytd91lNNso/YKvLeE4TkISaaG5VYnWeT
1Xbkf2Bbf7WfK9FbVkrP8C/+ltaw9Et9arxaDskKTRFKxL7LQzyXJr9eQoNoQ0uJkTcLF8tk
sqMKRjsXxAGfOnOcjRuvHSvpIVXHrEYmxUtOyudy/3uQpGvGSNhYRpiPZ1dlfc8W4Aei5Y4x
QbpizCgKRsQgCupzp7R7LIJfByMOPt9d7KHKJfxK3uTMkvHM52 nxZHMa7j7wHbda53ZdvJFo
Wury/sbKySJzh5NIoSYYB1W0sN/Ae3+temA0SHe42nHqKlYuXQIzY2UKILRnHPh6n7NJTTGC
BCEwggQdAgEBMIHaMIHQMQswCQYDVQQGEwJHUjEtMCsGA1UECh MkQXJpc3RvdGxlIFVuaXZl
cnNpdHkgb2YgVGhlc3NhbG9uaWtpMSkwJwYDVQQLEyBDZW50cm FsIENvbW11bmljYXRpb24g
RmFjaWxpdGllczFCMEAGA1UEAxM5QVVUSCBOZXR3b3JrIE9wZX JhdGlvbnMgQ2VudGVyIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5IFIzMSMwIQYJKoZIhvcNAQ kBFhRwa2lhZG1pbkBjY2Yu
YXV0aC5ncgIFBAAAAC4wCQYFKw4DAhoFAKCCApwwGAYJKoZIhv cNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMTAwNDIwMTIzNjQ2WjAjBgkqhk iG9w0BCQQxFgQUV9xi76rT
hRFQ8lsFin84xWTxhn8wXwYJKoZIhvcNAQkPMVIwUDALBglghk gBZQMEAQIwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBS sOAwIHMA0GCCqGSIb3DQMC
AgEoMIHrBgkrBgEEAYI3EAQxgd0wgdowgdAxCzAJBgNVBAYTAk dSMS0wKwYDVQQKEyRBcmlz
dG90bGUgVW5pdmVyc2l0eSBvZiBUaGVzc2Fsb25pa2kxKTAnBg NVBAsTIENlbnRyYWwgQ29t
bXVuaWNhdGlvbiBGYWNpbGl0aWVzMUIwQAYDVQQDEzlBVVRIIE 5ldHdvcmsgT3BlcmF0aW9u
cyBDZW50ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUjMxIz AhBgkqhkiG9w0BCQEWFHBr
aWFkbWluQGNjZi5hdXRoLmdyAgUEAAAALjCB7QYLKoZIhvcNAQ kQAgsxgd2ggdowgdAxCzAJ
BgNVBAYTAkdSMS0wKwYDVQQKEyRBcmlzdG90bGUgVW5pdmVyc2 l0eSBvZiBUaGVzc2Fsb25p
a2kxKTAnBgNVBAsTIENlbnRyYWwgQ29tbXVuaWNhdGlvbiBGYW NpbGl0aWVzMUIwQAYDVQQD
EzlBVVRIIE5ldHdvcmsgT3BlcmF0aW9ucyBDZW50ZXIgQ2VydG lmaWNhdGlvbiBBdXRob3Jp
dHkgUjMxIzAhBgkqhkiG9w0BCQEWFHBraWFkbWluQGNjZi5hdX RoLmdyAgUEAAAALjANBgkq
hkiG9w0BAQEFAASBgEtwMTVANA3XwgFZHrU9jqjK6XhUDPWwzu 8i8avfq445+QRWnz5QijAd
Yl63Wk4s2v7/hVGEdKS6RHeUzGfZQzDCtQKEPDOmRzWzGeq13i8xAHxmD9qFMl zymlLH7+Kf
5SDj6ps6KB8EddTG3ANWeDVxDeYKUrImEbgqKhrRHarWAAAAAA AA
--------------ms070007040804000205000504--


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/4BCD9FDE.4090804@ccf.auth.gr

On 20 Apr 2010, at 13:01, Stefan G. Weichinger wrote:

...
One of my customers runs an old P3 as a mail-gateway and samba-server
(yeah, I know ...) behind his firewall ...

They simply don't want to swap hardware, they are happy ... until the
following started to happen every week or so:


You emphasise how old the hardware is, but this really isn't a
problem. As you say, one increasingly fears the death of a system
which is getting so old, but I have two systems nearly as old running
for years without hardware problems.


The questions I must ask are:

- How uptodate is the Gentoo software?
- Do you run updates regularly?
- Did you run any shortly before this started occurring?
- Have you run revdep-rebuild and stuff?
- Does the system have sufficient swap?

Stroller.

On Tuesday 20 April 2010 13:01:52 Stefan G. Weichinger wrote:
> greetings, gentoo-users ...
>
> One of my customers runs an old P3 as a mail-gateway and samba-server
> (yeah, I know ...) behind his firewall ...
>
> They simply don't want to swap hardware, they are happy ... until the
> following started to happen every week or so:
>
> The server goes offline, you can ping it OK but services like smbd,
> postfix, sshd all are not reachable anymore.
>
> I "see" the open ports with nmap from my machine ... but they are shown
> as closed.
>
> When the guy there restarts sshd on the server itself I am able to login
> again without a problem. There are no bad messages in dmesg and/or
> /var/log/messages.
>
> But this seems to be related to the fact that syslog-ng also is inactive
> then ... so who should log errors ... ?
>
> --
>
> I thought maybe the NIC has a problem?
>
> Ethernet controller: Realtek Semiconductor Co., Ltd.
> RTL-8139/8139C/8139C+ (rev 10)
>
> but as it doesn't lose its IP and config I think that is not the case here?

Have you looked at dmesg in case there is something there that the kernel's
spewed out? Also, you haven't run out of space? df -h

--
Regards,
Mick

Am 21.04.2010 00:07, schrieb Stroller:

> You emphasise how old the hardware is, but this really isn't a
> problem. As you say, one increasingly fears the death of a system
> which is getting so old, but I have two systems nearly as old running
> for years without hardware problems.

Yes, it does what it should do.

It's just that it gets more probable to have some strange and hidden
defects *maybe*.

But it would show other symptoms then, I assume.

> The questions I must ask are:
>
> - How uptodate is the Gentoo software? - Do you run updates
> regularly? - Did you run any shortly before this started occurring? -
> Have you run revdep-rebuild and stuff? - Does the system have
> sufficient swap?

swap should be OK:

# free -m
total used free shared buffers cached
Mem: 501 484 17 0 16 241
-/+ buffers/cache: 226 275
Swap: 494 288 205

OK, a bit more RAM wouldn't hurt here.
But I am compiling stuff right now.

-

ad updates:

I was rather defensive there, I have to admit ..
Just like "never touch a running system" ...

I updated the relevant pkgs like postfix, samba, clamav ... but there
are around 60 pkgs to update today.

Stuff like glibc, udev, pam .... I will apply them now step by step ...

revdep-rebuild was OK before, I had checked that after the last updates
a few days ago.

My first idea was to upgrade the kernel to maybe catch some relevant
fixes, that was about a week ago.

There was no specific update triggering this, in fact I hadn't touched
that box for weeks when the responsible man called me to tell me about
the new problems ...

Stefan

On 21 Apr 2010, at 08:28, Stefan G. Weichinger wrote:

... Does the system have sufficient swap?


swap should be OK:

# free -m
total used free shared buffers
cached
Mem: 501 484 17 0 16
241

-/+ buffers/cache: 226 275
Swap: 494 288 205

OK, a bit more RAM wouldn't hurt here.
But I am compiling stuff right now.


I would add more.

Services mysteriously dying, surely that could be because the kernel
is killing them off due to an out-of-memory condition?


Maybe you have changed to a different compiler version in the past,
and this creates larger binaries?


That seems a bit tenuous, I don't know, but you can use a swapfile on
Linux (i.e. you can add to the current swap without having to create
an additional partition), and I doubt if it is hard to set up.



ad updates:

I was rather defensive there, I have to admit ..
Just like "never touch a running system" ...


I seem to get into more trouble when I'm cautious with updates than I
do when I just let 'em rip as often as possible. More frequent updates
means fewer updates.


Stroller.

Am 21.04.2010 09:18, schrieb Mick:

> Have you looked at dmesg in case there is something there that the kernel's
> spewed out? Also, you haven't run out of space? df -h

checked both before even posting here:

nothing stinky in "dmesg", "df -h" shows enough free space on the
partitions.

Thanks, S

Am 21.04.2010 11:09, schrieb Stroller:

>> OK, a bit more RAM wouldn't hurt here.
>> But I am compiling stuff right now.
>
> I would add more.
>
> Services mysteriously dying, surely that could be because the kernel is
> killing them off due to an out-of-memory condition?

Shouldn't the kernel *swap* then ?

I suggested adding RAM there, sure ...

> Maybe you have changed to a different compiler version in the past, and
> this creates larger binaries?

current version of gcc: 4.3.2-r3 (04:13:52 18.04.2009)

So it is about one year old, no changes since then. The symptoms only
started some week ago or two ...

I rather wonder about that f-secure scanner "fsav" ... I had to manually
fiddle it onto the system and it takes quite much ram and cpu.

But it is installed since june 2009 as well.

> I seem to get into more trouble when I'm cautious with updates than I do
> when I just let 'em rip as often as possible. More frequent updates
> means fewer updates.

I have to find some sweet spot here. I have quite many servers out there
at customers sites ... noone so far pays me for regularly emerging world
there ... this has to change, you are right ;-)

Stefan

On Thursday 22 April 2010 17:31:33 Stefan G. Weichinger wrote:
> Am 21.04.2010 11:09, schrieb Stroller:
> >> OK, a bit more RAM wouldn't hurt here.
> >> But I am compiling stuff right now.
> >
> > I would add more.
> >
> > Services mysteriously dying, surely that could be because the kernel is
> > killing them off due to an out-of-memory condition?
>
> Shouldn't the kernel *swap* then ?

No, the OOM killer kicks in when the kernel has no more virtual memory,
including swap. Either way, more RAM is the answer. Or fidn the app with the
memory leak if you are unlucky enough to have one of those running around.

[snip]

--
alan dot mckinnon at gmail dot com

Am 22.04.2010 17:50, schrieb Alan McKinnon:

>> Shouldn't the kernel *swap* then ?
>
> No, the OOM killer kicks in when the kernel has no more virtual memory,
> including swap. Either way, more RAM is the answer. Or fidn the app with the
> memory leak if you are unlucky enough to have one of those running around.

The added swapfile with one GB won't help here for a start?

S