[Bastille-linux-discuss] Bastille and MySQL
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
[Bastille-linux-discuss] Bastille and MySQL
|
From: Reza R. <rez...@gm...> - 2008-03-12 15:18:28
|
Hi all. We had our web server hardened by the team at dynamicnet.net and they used bastille and psad in the process. Ever since we had bastille firewall installed and configured on my server we have been getting random MySQL connection errors. Everything runs pretty smoothly most of the time, we can carry lots of apache/mysql connections without any issues, server has plenty of free RAM and CPU is never overloaded even during peak hours. I have been told bastille firewall (iptables) is configured correctly, all ports that need to be open are open. But about twice per day we have a MySQL "disconnect" that lasts about 30-60 seconds per incident. For example we will start getting the following message via e-mail, and it will amount to 20-30 e-mails like this during the 30-60 second incident. After that, the e-mails and problems will go away, until next time. It's almost as if the port is being shut down for a brief period and then opens back up. ------- vBulletin Database Error! mysql_connect(): Can't connect to MySQL server on 'sql.datacolony.com' (4) /hsphere/local/home/site/site.com/forum/includes/class_core.php on line 274 MySQL Error : Error Number : Date : Saturday, January 26th 2008 @ 07:53:05 PM Script : http://site.com/forum/forumdisplay.php?f=69 Referrer : http://site.com/forum/showthread.php?t=17518&page=19 IP Address : 92.3.190.54 Username : Classname : vb_database ------- The server is running CentOS 4.6, PHP 4.4.7, MySQL 5.0.45. The vBulletin software has been patched to the latest version. The vBulletin people are not sure why this could be happening. Well we never believed that the firewall was causing the issue BUT it only started happening on the day the new firewall was installed. So we tried stopping the firewall for a full week and the MySQL database errors stopped happening, completely. So I'm convinced the problem is the firewall blocking MySQL connections but I can't figure out why? Also I recently setup a test script to try and connect to a separate MySQL database every minute. Every time we have an "incident" as mentioned above we get a corresponding entry in the test script: 2008-03-05 21:48:01 Connection failed. Reason: "Can't connect to MySQL server on 'sql.datacolony.com' (110)" There are no entries in the MySQL .err logs pertaining to this. Can't figure this out, any help or ideas is appreciated since the people who installed the firewall are not sure either. Thanks. Reza |
