We have a problem on hosting servers.
Apache as mpm-itk.
Installed grsec.
It is not clear for what reason begins to display a message
- Code: Select all
grsec: bruteforce prevention initiated against uid 637, banning for 15 minutes
grsec: bruteforce prevention initiated against uid 663, banning for 15 minutes
User with the specified uid are blocked. As a consequence under these users apache stops working:
- Code: Select all
[Fri Sep 02 03:46:26 2011] [warn] (itkmpm: pid=17195 uid=0, gid=664) itk_post_perdir_config(): setuid(663): Operation not permitted
[Fri Sep 02 03:46:26 2011] [warn] Couldn't set uid/gid/priority, closing connection.
[Fri Sep 02 03:46:28 2011] [warn] (itkmpm: pid=17207 uid=0, gid=664) itk_post_perdir_config(): setuid(663): Operation not permitted
[Fri Sep 02 03:46:28 2011] [warn] Couldn't set uid/gid/priority, closing connection.
[Fri Sep 02 03:46:32 2011] [warn] (itkmpm: pid=17249 uid=0, gid=664) itk_post_perdir_config(): setuid(663): Operation not permitted
[Fri Sep 02 03:46:32 2011] [warn] Couldn't set uid/gid/priority, closing connection.
Question to developers and all who have faced this problem:
How to avoid blocking users?
What is the principle of trigger bruteforce prevention?
How to setup bruteforce prevention to decrease threshold?
How to set up the lock time for the users?