grsec kills httpd 5 minutes after last https request
Posted: Wed Jan 31, 2007 8:57 am
Hi,
I sometimes get this behavior : last request is ssl request, and 5 minutes later, grsec kills a few httpd processes.
Example :
ssl.log:172.186.118.66 - - [03/Jan/2007:16:14:33 +0100] "GET /index.php?action=register&id_session=jc7pSIwNt91K5NAfaghT4MEuCc HTTP/1.1"
200 36522 "http://www.domain.tld/index.php" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-FR; rv:1.0.2) Gecko/20020924 AOL/7.0"
And 5 minutes later in /var/log/messages :
messages:Jan 3 16:19:34 ns2261 kernel: grsec: From 172.186.118.66: signal 11 sent to /usr/local/apache/bin/httpd[httpd:1
5475] uid/euid:99/99 gid/egid:99/99, parent /usr/local/apache/bin/httpd[httpd:2423] uid/euid:0/0 gid/egid:0/0
messages:Jan 3 16:19:34 ns2261 kernel: grsec: From 172.186.118.66: signal 11 sent to /usr/local/apache/bin/httpd[httpd:1
5475] uid/euid:99/99 gid/egid:99/99, parent /usr/local/apache/bin/httpd[httpd:2423] uid/euid:0/0 gid/egid:0/0
Any hints ?
Some version info :
Linux 2.4.28-grsec
apache 1.3.35
php 5.1.4
OpenSSL 0.9.8b
PS : the capcha image registration is a pain. And I am supposed to see colors correctly.
I sometimes get this behavior : last request is ssl request, and 5 minutes later, grsec kills a few httpd processes.
Example :
ssl.log:172.186.118.66 - - [03/Jan/2007:16:14:33 +0100] "GET /index.php?action=register&id_session=jc7pSIwNt91K5NAfaghT4MEuCc HTTP/1.1"
200 36522 "http://www.domain.tld/index.php" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-FR; rv:1.0.2) Gecko/20020924 AOL/7.0"
And 5 minutes later in /var/log/messages :
messages:Jan 3 16:19:34 ns2261 kernel: grsec: From 172.186.118.66: signal 11 sent to /usr/local/apache/bin/httpd[httpd:1
5475] uid/euid:99/99 gid/egid:99/99, parent /usr/local/apache/bin/httpd[httpd:2423] uid/euid:0/0 gid/egid:0/0
messages:Jan 3 16:19:34 ns2261 kernel: grsec: From 172.186.118.66: signal 11 sent to /usr/local/apache/bin/httpd[httpd:1
5475] uid/euid:99/99 gid/egid:99/99, parent /usr/local/apache/bin/httpd[httpd:2423] uid/euid:0/0 gid/egid:0/0
Any hints ?
Some version info :
Linux 2.4.28-grsec
apache 1.3.35
php 5.1.4
OpenSSL 0.9.8b
PS : the capcha image registration is a pain. And I am supposed to see colors correctly.