Menu
▾
▴
Re: [Sshguard-users] sshguard go to 100% cpu
|
From: Mij <mi...@bi...> - 2009-02-01 19:30:29
|
On Jan 20, 2009, at 9:43 , Michel wrote: > Le samedi 17 janvier 2009, Mij a écrit : >> If so, do they have the same parent and status? You can >> derive this answer with this command: >> >> ps axjh | grep -E 'sshguard|syslog' >> > > dedi2# ps axjh | grep -E 'sshguard|syslog' > root 426 1 426 426 0 Ss ?? 3:30.50 /usr/sbin/ > syslogd -a 88.191.206.196 -a 88.191.206.197 -a 88.191.206.198 > root 746 1 746 746 0 SsJ ?? 1:07.35 /usr/sbin/ > syslogd -s > root 1302 1 1302 1302 0 IsJ ?? 1:03.50 /usr/sbin/ > syslogd -s > root 78143 1 74878 74878 0 R ?? 1358:09.42 /usr/ > local/sbin/sshguard -w 82.225.216.24 -w 82.241.2.81 -a 3 -p 600 -s > 1800 > root 82313 1 82313 82313 0 IsJ ?? 0:15.04 /usr/sbin/ > syslogd -s > root 88115 426 88115 88115 0 Ss ?? 0:00.10 /usr/local/ > sbin/sshguard -w 82.225.216.24 -w 82.241.2.81 -a 3 -p 600 -s 1800 > root 95765 95761 95764 95758 2 R+ p1 0:00.00 grep -E > sshguard|syslog I see several instances of syslogd as well. I'm no jail expert, but as the "further" ones operate in secure my intuition is that they are raised for the jails. Sshguard is not designed to run in multiple instances, but technically, even after reviewing the code, I don't see a reason for the looping. The problem is interesting. When you kill the program, the OS should dump a core file somewhere (use "locate sshguard.core"): can you send it to me? That would be even more valuable if you can 1) use the current SVN version mkdir sshguard && cd sshguard svn co https://sshguard.svn.sourceforge.net/svnroot/sshguard/ ./ 2) compile with debug symbols and send the core of that version. ./configure --with-firewall=pf --enable-debug=yes make cp sshguard /usr/local/bin (do NOT use make install, which strips debug symbols) michele >> As a further curiosity: if you signal the "looped" instance with >> TSTP, >> does it remain looping? >> kill -s TSTP <pid_looped> >> after this command, do you see anything in the log like "Got STOP >> signal, suspending activity." ? >> >> > kill -s TSTP 78143 > and it remain looping ! > > and nothing in messages nor in debug : > > Jan 20 09:17:56 dedi2 sshguard[88115]: Run command "/sbin/pfctl - > Tadd -t sshguard $SSHG_ADDR": exited 0. > Jan 20 09:31:04 dedi2 sshguard[88115]: Setting environment: > SSHG_ADDR=85.25.73.69;SSHG_ADDRKIND=4;SSHG_SERVICE=100. > Jan 20 09:31:04 dedi2 sshguard[88115]: Run command "/sbin/pfctl - > Tdel -t sshguard $SSHG_ADDR": exited 0. > > only a kill -9 78143 stop the loop ... > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
