Re: [Bastille-linux-discuss] Bastille and MySQL
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
Re: [Bastille-linux-discuss] Bastille and MySQL
|
From: Michael R. <mb...@ci...> - 2008-05-15 15:40:41
|
On Mar 12, 2008, Reza Rizvi wrote: > Hi all. Hi Reza - > We had our web server hardened by the team at dynamicnet.net and they > used bastille and psad in the process. > > Ever since we had bastille firewall installed and configured on my > server we have been getting random MySQL connection errors. > > Everything runs pretty smoothly most of the time, we can carry lots of > apache/mysql connections without any issues, server has plenty of free > RAM and CPU is never overloaded even during peak hours. I have been > told bastille firewall (iptables) is configured correctly, all ports > that need to be open are open. > > But about twice per day we have a MySQL "disconnect" that lasts about > 30-60 seconds per incident. For example we will start getting the > following message via e-mail, and it will amount to 20-30 e-mails like > this during the 30-60 second incident. After that, the e-mails and > problems will go away, until next time. It's almost as if the port is > being shut down for a brief period and then opens back up. Do you have the ENABLE_AUTO_IDS variable set to "Y" in the /etc/psad/psad.conf file? Thanks, -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > ------- > vBulletin Database Error! > mysql_connect(): Can't connect to MySQL server on 'sql.datacolony.com' (4) > /hsphere/local/home/site/site.com/forum/includes/class_core.php on line 274 > MySQL Error : > Error Number : > Date : Saturday, January 26th 2008 @ 07:53:05 PM > Script : http://site.com/forum/forumdisplay.php?f=69 > Referrer : http://site.com/forum/showthread.php?t=17518&page=19 > IP Address : 92.3.190.54 > Username : > Classname : vb_database > ------- > > The server is running CentOS 4.6, PHP 4.4.7, MySQL 5.0.45. The > vBulletin software has been patched to the latest version. The > vBulletin people are not sure why this could be happening. > > Well we never believed that the firewall was causing the issue BUT it > only started happening on the day the new firewall was installed. So > we tried stopping the firewall for a full week and the MySQL database > errors stopped happening, completely. So I'm convinced the problem is > the firewall blocking MySQL connections but I can't figure out why? > > Also I recently setup a test script to try and connect to a separate > MySQL database every minute. Every time we have an "incident" as > mentioned above we get a corresponding entry in the test script: > 2008-03-05 21:48:01 Connection failed. Reason: "Can't connect to > MySQL server on 'sql.datacolony.com' (110)" > > There are no entries in the MySQL .err logs pertaining to this. Can't > figure this out, any help or ideas is appreciated since the people who > installed the firewall are not sure either. > > Thanks. > Reza > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > bastille-linux-discuss mailing list > bas...@li... > https://lists.sourceforge.net/lists/listinfo/bastille-linux-discuss |
