Re: [Bastille-linux-discuss] Bastille and MySQL
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
Re: [Bastille-linux-discuss] Bastille and MySQL
|
From: Albert E. W. <ae...@AB...> - 2008-05-15 19:26:24
|
I actually was working with Reza. I got the Bastille and PSAD re-configured for them. The problem is that they had SOO Many new additions to the Kernel modules, that I suspect that one of the tools which dynamicnet.net installed is misbehaving. Without getting into the details, if Reza would like to get back in touch with me, I'd be happy to continue the process. Best Regards, Michael Rash wrote: > On Mar 12, 2008, Reza Rizvi wrote: > > >> Hi all. >> > > Hi Reza - > > >> We had our web server hardened by the team at dynamicnet.net and they >> used bastille and psad in the process. >> >> Ever since we had bastille firewall installed and configured on my >> server we have been getting random MySQL connection errors. >> >> Everything runs pretty smoothly most of the time, we can carry lots of >> apache/mysql connections without any issues, server has plenty of free >> RAM and CPU is never overloaded even during peak hours. I have been >> told bastille firewall (iptables) is configured correctly, all ports >> that need to be open are open. >> >> But about twice per day we have a MySQL "disconnect" that lasts about >> 30-60 seconds per incident. For example we will start getting the >> following message via e-mail, and it will amount to 20-30 e-mails like >> this during the 30-60 second incident. After that, the e-mails and >> problems will go away, until next time. It's almost as if the port is >> being shut down for a brief period and then opens back up. >> > > Do you have the ENABLE_AUTO_IDS variable set to "Y" in the > /etc/psad/psad.conf file? > > Thanks, > > -- > Michael Rash > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > > >> ------- >> vBulletin Database Error! >> mysql_connect(): Can't connect to MySQL server on 'sql.datacolony.com' (4) >> /hsphere/local/home/site/site.com/forum/includes/class_core.php on line 274 >> MySQL Error : >> Error Number : >> Date : Saturday, January 26th 2008 @ 07:53:05 PM >> Script : http://site.com/forum/forumdisplay.php?f=69 >> Referrer : http://site.com/forum/showthread.php?t=17518&page=19 >> IP Address : 92.3.190.54 >> Username : >> Classname : vb_database >> ------- >> >> The server is running CentOS 4.6, PHP 4.4.7, MySQL 5.0.45. The >> vBulletin software has been patched to the latest version. The >> vBulletin people are not sure why this could be happening. >> >> Well we never believed that the firewall was causing the issue BUT it >> only started happening on the day the new firewall was installed. So >> we tried stopping the firewall for a full week and the MySQL database >> errors stopped happening, completely. So I'm convinced the problem is >> the firewall blocking MySQL connections but I can't figure out why? >> >> Also I recently setup a test script to try and connect to a separate >> MySQL database every minute. Every time we have an "incident" as >> mentioned above we get a corresponding entry in the test script: >> 2008-03-05 21:48:01 Connection failed. Reason: "Can't connect to >> MySQL server on 'sql.datacolony.com' (110)" >> >> There are no entries in the MySQL .err logs pertaining to this. Can't >> figure this out, any help or ideas is appreciated since the people who >> installed the firewall are not sure either. >> >> Thanks. >> Reza >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> bastille-linux-discuss mailing list >> bas...@li... >> https://lists.sourceforge.net/lists/listinfo/bastille-linux-discuss >> > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > bastille-linux-discuss mailing list > bas...@li... > https://lists.sourceforge.net/lists/listinfo/bastille-linux-discuss > > -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ------------------------------------------------------------------------ ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email, Internet and Security Consultants SPAMZapper <http://www.Spam-Zapper.com> - No-JunkMail.com <http://www.No-JunkMail.com> - *True Spam Elimination*. |
