Menu
▾
▴
Re: [Sshguard-users] Fwd: sshguard using 100% CPU
|
From: Mij <mi...@bi...> - 2009-03-07 17:04:57
|
Hi Sebastian
thanks for reporting. Can you give a try to the version currently in
the SVN?
On Mar 2, 2009, at 16:24 , Sebastian Held wrote:
> further investigation shows a problem in blacklist_load():
>
> # cat /var/log/sshguard.fifo | valgrind --tool=memcheck /usr/local/
> sbin/sshguard
> ==9364== Memcheck, a memory error detector.
> ==9364== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et
> al.
> ==9364== Using LibVEX rev 1732, a library for dynamic binary
> translation.
> ==9364== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
> ==9364== Using valgrind-3.2.3, a dynamic binary instrumentation
> framework.
> ==9364== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et
> al.
> ==9364== For more details, rerun with: -v
> ==9364==
> ==9364== Syscall param open(filename) points to unaddressable byte(s)
> ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> ==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
> ==9364== by 0x804D6D5: blacklist_lookup_address
> (sshguard_blacklist.c:199)
> ==9364== by 0x804BAD9: report_address (sshguard.c:368)
> ==9364== by 0x804C415: main (sshguard.c:240)
> ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==9364==
> ==9364== Syscall param open(filename) points to unaddressable byte(s)
> ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> ==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
> ==9364== by 0x804D78C: blacklist_add (sshguard_blacklist.c:173)
> ==9364== by 0x804BC28: report_address (sshguard.c:372)
> ==9364== by 0x804C415: main (sshguard.c:240)
> ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==9364==
> ==9364== Syscall param open(filename) points to unaddressable byte(s)
> ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> ==9364== by 0x804D7C7: blacklist_add (sshguard_blacklist.c:182)
> ==9364== by 0x804BC28: report_address (sshguard.c:372)
> ==9364== by 0x804C415: main (sshguard.c:240)
> ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
>
> But currently sshguard is not yet running at 100%... It's idle as it
> should.
>
>
>
>
> ---------- Weitergeleitete Nachricht ----------
>
> Betreff: sshguard using 100% CPU
> Datum: Montag 02 März 2009
> Von: Sebastian Held <seb...@gm...>
> An: ssh...@li...
>
> Hello,
>
> sshguard (svn rev. 74 + mod, but same issue is found in pristine rev
> 74) is started like this:
> cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard -w
> 192.168.90.86 -w 192.168.90.52 >&/dev/null &
>
> After a short time (around an hour) CPU utilization increases to 100%.
> A core dump is attached. There was only one sshguard process running.
>
> Stacktrace:
> # gdb /usr/local/sbin/sshguard core.23814
> GNU gdb 6.6.50.20070726-cvs
> Copyright (C) 2007 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and
> you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for
> details.
> This GDB was configured as "i586-suse-linux"...
> Using host libthread_db library "/lib/libthread_db.so.1".
> Core was generated by `/usr/local/sbin/sshguard'.
> #0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
> 431 for (pos = 0; pos < list_size(& hell); ) {
> (gdb) bt full
> #0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
> now = 1235994775
> tmpel = (attacker_t *) 0x8060128
> ret = 0
> pos = 0
> #1 0xb7fc9192 in ?? ()
> No symbol table info available.
> #2 0x00000000 in ?? ()
> No symbol table info available.
> (gdb) p *tmpel
> $2 = {attack = {address = {value =
> "62.109.4.89\00041\000\blvps92-51-146-81 sshd[23934]: ", kind = 4},
> service = 400}, whenfirst = 1235994599, whenlast = 1235994603,
> pardontime = 0, numhits = 4}
> (gdb)
>
>
>
> br,
> Sebastian
>
> -------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San
> Francisco, CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the
> Enterprise
> -Strategies to boost innovation and cut costs with open source
> participation
> -Receive a $600 discount off the registration fee with the source
> code: SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
