I could not connect to my web-page so I logged in to the server
just to find appache was simply not running. I started checking
logs and the only thing which I find suspicious are these messages
in /var/log/apache2/error_log :
-----------------
6 times:
[Thu Aug 26 13:59:16 2010] [alert] (11)Resource temporarily unavailable:
setuid: unable to change to uid: 81
[Thu Aug 26 13:59:16 2010] [alert] Child 20303 returned a Fatal error...
Apache is exiting!
~30 times:
[Thu Aug 26 13:59:16 2010] [emerg] (43)Identifier removed: couldn't grab
the accept mutex
~50 times:
[Thu Aug 26 13:59:16 2010] [emerg] (22)Invalid argument: couldn't grab
the accept mutex
[Thu Aug 26 13:59:42 2010] [emerg] (22)Invalid argument: couldn't
release the accept mutex
-----------------
Except for that, only common scannings for phpMyAdmin, myadmin, pma,
mysql, scripts, etc. Nothing more. Any ideas why apache died?
Apart from that, nothing seems to be damaged. I started apache
as usuall, database is consistent, web-site is up & running.
But naturally, I do not want to see this happen again...
BTW, the system is stable amd64, with apache 2.2.15:
USE="ssl -debug -doc -ldap (-selinux) -static -suexec -threads"
APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon
authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache cgi
cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter
file_cache filter headers include info log_config logio mem_cache mime
mime_magic negotiation rewrite setenvif speling status unique_id userdir
usertrack vhost_alias -asis -auth_digest -authn_dbd -cern_meta
-charset_lite -dbd -dumpio -ident -imagemap -log_forensic -proxy
-proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http
-substitute -version" APACHE2_MPMS="-event -itk -peruser -prefork -worker"
Jarry
--
__________________________________________________ _____________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
08-27-2010, 05:23 PM
Kyle Bader
Apache crashed, what could be the reason?
> Except for that, only common scannings for phpMyAdmin, myadmin, pma,
> mysql, scripts, etc. Nothing more. Any ideas why apache died?
I noticed you have mod_dav & mod_cache and are running 2.2.15, perhaps
it's this?
You may be right! But what can I do? There is not even masked
version 2.2.16 in portage, despite the fact it has been released
by apache-foundation on 2010-07-25 (together with description
of vulnerability found in 2.2.15). There has already been bug
opened in gentoo-bugzila on 2010-07-28...
BTW in the meantime my apache crashed again the same way, after
not a single day uptime! Something I have never seen before,
actually my apache has been running without any problem since
the last update. And now this! Quite unpleasant, for such
a critical server-software...
Jarry
--
__________________________________________________ _____________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.
08-28-2010, 03:42 PM
"Arttu V."
Apache crashed, what could be the reason?
On 8/27/10, Jarry <mr.jarry@gmail.com> wrote:
> On 27. 8. 2010 19:23, Kyle Bader wrote:
>
>> I noticed you have mod_dav& mod_cache and are running 2.2.15, perhaps
>> it's this?
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452
>
> You may be right! But what can I do? There is not even masked
> version 2.2.16 in portage, despite the fact it has been released
> by apache-foundation on 2010-07-25 (together with description
> of vulnerability found in 2.2.15). There has already been bug
> opened in gentoo-bugzila on 2010-07-28...
>
> BTW in the meantime my apache crashed again the same way, after
> not a single day uptime! Something I have never seen before,
> actually my apache has been running without any problem since
> the last update. And now this! Quite unpleasant, for such
> a critical server-software...
From apache.org:
"This crash would only be a denial of service if using the worker MPM."
Can you try with another MPM?
Btw, AFAICT, Gentoo apache herd is currently down to one (or fewer) dev(s). :-/
--
Arttu V. -- Running Gentoo is like running with scissors
Apache crashed, what could be the reason?
