From: Alex Efros <powerman@powerman.asdfGroup.com>
To: supervision@list.skarnet.org
Subject: Re: runit not collecting zombies
Date: Wed, 12 Sep 2007 20:22:45 +0300 [thread overview]
Message-ID: <20070912172245.GF12043@home.power> (raw)
In-Reply-To: <Pine.LNX.4.64.0709121154120.24457@e-smith.charlieb.ott.istop.com>
Hi!
On Wed, Sep 12, 2007 at 12:02:48PM -0400, Charlie Brady wrote:
> No, I just haven't seen any evidence. I suspect you are misinterpreting the
> misbehaviour of some program started from ssh, and attributing that
> program's failures to ssh. ssh is always used to start other programs, and
> other programs can always generate zombies. There's nothing ssh can do to
I don't think it's 'other programs'. If this issue happens with
'other programs', then I'll probably see 'other programs' names in `ps`
output, while I have seen '[sshd]'. I think this is the reason for ssh zombies:
(14) auth.err: Sep 5 09:02:00 sshd[3133]: error: channel 0: chan_read_failed for istate 3
(29) auth.info: Sep 5 18:13:37 sshd[1022]: Did not receive identification string from 85.17.106.138
(3789) auth.info: Sep 6 13:27:18 sshd[5016]: Invalid user apple from 81.228.45.11
(102) auth.info: Sep 6 13:27:52 sshd[5144]: User mysql not allowed because account is locked
(576) auth.info: Sep 11 16:24:04 sshd[1210]: Address 66.236.207.196 maps to intra-works.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
(1) auth.info: Sep 11 16:39:13 sshd[1323]: User ldap not allowed because shell /dev/null is not executable
The number in a parens is amount of lines in my log similar to shown above.
This is usual enough nowadays. SSH worms trying to hack our systems.
My sshd has password authentication disabled, so I'm not worry much about
these worms... but looks like they force sshd to fork and exit very
quickly because of failed auth, and so sshd start producing unreaped
zombies at some point.
--
WBR, Alex.
next prev parent reply other threads:[~2007-09-12 17:22 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-24 23:07 Radek Podgorny
2007-05-26 10:35 ` Alex Efros
2007-05-26 10:45 ` Alex Efros
2007-05-26 12:55 ` Charlie Brady
2007-05-26 13:03 ` Alex Efros
2007-05-26 17:01 ` Paul Jarc
2007-06-02 14:55 ` Alex Efros
2007-06-03 11:10 ` Gerrit Pape
2007-06-03 14:33 ` Alex Efros
2007-06-03 16:31 ` Gerrit Pape
2007-06-11 13:11 ` Alex Efros
2007-06-18 13:45 ` Alex Efros
2007-06-19 18:13 ` Gerrit Pape
2007-06-19 19:07 ` Alex Efros
2007-06-20 16:23 ` Gerrit Pape
2007-06-20 16:57 ` Alex Efros
2007-06-20 18:35 ` Gerrit Pape
2007-06-23 4:42 ` Alex Efros
2007-06-26 9:59 ` Gerrit Pape
2007-07-07 7:16 ` Alex Efros
2007-07-07 18:13 ` Charlie Brady
2007-07-07 19:12 ` Alex Efros
2007-07-12 14:21 ` Charlie Brady
2007-07-12 14:41 ` Alex Efros
2007-07-12 14:45 ` Charlie Brady
2007-07-12 14:57 ` Alex Efros
2007-07-12 14:42 ` Charlie Brady
2007-07-12 14:43 ` Charlie Brady
2007-07-12 14:49 ` Alex Efros
2007-07-12 15:11 ` Charlie Brady
2007-07-12 15:15 ` Alex Efros
2007-07-12 15:40 ` Charlie Brady
2007-07-15 14:47 ` Alex Efros
2007-07-15 19:07 ` Alex Efros
2007-07-15 20:18 ` George Georgalis
2007-07-15 20:31 ` Paul Jarc
2007-07-15 22:35 ` George Georgalis
2007-07-15 23:06 ` Paul Jarc
2007-07-15 23:23 ` Charlie Brady
2007-07-16 0:09 ` Alex Efros
2007-07-16 2:11 ` Charlie Brady
2007-09-12 12:53 ` Radek Podgorny
[not found] ` <47939.::ffff:77.75.72.5.1189601606.squirrel@mail.podgorny.cz>
2007-09-12 13:55 ` Charlie Brady
2007-09-12 14:35 ` Alex Efros
2007-09-12 14:55 ` Charlie Brady
2007-09-12 15:00 ` Alex Efros
2007-09-12 16:02 ` Charlie Brady
2007-09-12 16:10 ` Radek Podgorny
2007-09-12 17:22 ` Alex Efros [this message]
2007-09-12 17:40 ` Charlie Brady
2007-09-12 18:18 ` Alex Efros
2007-09-12 19:07 ` Charlie Brady
2007-09-12 19:13 ` Alex Efros
2007-09-12 19:18 ` Charlie Brady
2007-09-12 19:30 ` Alex Efros
2007-09-12 19:37 ` Charlie Brady
2007-09-15 13:36 ` Alex Efros
2007-09-15 13:57 ` Alex Efros
2007-09-15 15:20 ` Charlie Brady
2007-09-15 15:28 ` Alex Efros
2007-09-15 15:47 ` Charlie Brady
2007-09-15 16:02 ` Alex Efros
2007-09-15 15:49 ` Charlie Brady
2007-09-15 15:55 ` Alex Efros
2007-09-15 16:02 ` Charlie Brady
2007-09-15 15:36 ` Alex Efros
2007-09-15 15:58 ` Charlie Brady
2007-09-15 14:03 ` Alex Efros
2007-09-17 7:56 ` Gerrit Pape
2007-09-17 9:07 ` Radek Podgorny
2007-09-17 11:59 ` Alex Efros
2007-09-18 8:14 ` Gerrit Pape
2007-09-18 11:33 ` Alex Efros
2007-09-18 11:45 ` Laurent Bercot
2011-02-15 13:12 ` [LONG] " Laurent Bercot
2011-02-15 15:00 ` Alex Efros
2011-02-15 15:22 ` Laurent Bercot
2007-09-12 16:04 ` Radek Podgorny
[not found] ` <35517.::ffff:77.75.72.5.1189613042.squirrel@mail.podgorny.cz>
2007-09-12 17:04 ` Alex Efros
2007-09-12 19:38 ` Mike Buland
2007-09-12 20:28 ` Alex Efros
2007-09-12 20:38 ` Alex Efros
2007-09-13 1:05 ` Mike Buland
2007-09-13 8:58 ` Radek Podgorny
[not found] ` <50411.::ffff:77.75.72.5.1189673890.squirrel@mail.podgorny.cz>
2007-09-13 10:57 ` Alex Efros
2007-09-13 12:06 ` Alex Efros
2007-09-13 14:31 ` Radek Podgorny
[not found] ` <51910.::ffff:77.75.72.5.1189693860.squirrel@mail.podgorny.cz>
2007-09-13 14:51 ` Alex Efros
2007-07-16 2:24 ` George Georgalis
2007-07-01 8:43 ` Radek Podgorny
2007-07-02 8:28 ` Gerrit Pape
2007-07-02 11:23 ` Radek Podgorny
2007-07-02 12:14 ` Gerrit Pape
2007-07-02 12:42 ` Radek Podgorny
2007-07-07 4:54 ` Alex Efros
2007-06-20 19:57 ` Charlie Brady
2008-02-25 7:25 ` Alex Efros
2008-02-25 14:57 ` Charlie Brady
2008-02-25 15:23 ` Radek Podgorny
[not found] ` <59012.::ffff:77.75.72.226.1203952988.squirrel@mail.podgorny.cz>
2008-02-25 15:26 ` George Georgalis
2008-02-25 15:32 ` Charlie Brady
2008-02-25 16:17 ` Alex Efros
2008-02-25 17:20 ` Mike Buland
2008-02-25 15:27 ` Radek Podgorny
[not found] ` <34616.::ffff:77.75.72.226.1203953244.squirrel@mail.podgorny.cz>
2008-02-25 16:15 ` Alex Efros
2008-02-27 8:19 ` Bernhard Graf
2008-02-27 8:36 ` Alex Efros
2008-02-27 8:58 ` Bernhard Graf
[not found] ` <F694D808C0BB4890A12C565F68B9A691@home.internal>
2008-02-25 16:24 ` rehan khan
2008-02-25 16:27 ` Charlie Brady
[not found] ` <54B6D6D6D32D4DB685F8CA9A836076D7@home.internal>
2008-02-25 17:11 ` rehan khan
2008-02-25 19:13 ` Charlie Brady
2008-10-21 21:46 ` Alex Efros
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070912172245.GF12043@home.power \
--to=powerman@powerman.asdfgroup.com \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).