Menu
▾
▴
Re: [Sshguard-users] Fwd: sshguard using 100% CPU
|
From: Sebastian H. <seb...@gm...> - 2009-03-09 07:33:03
|
Hi,
seems to work quite well - thanks.
br,
Sebastian
Am Samstag 07 März 2009 18:04:32 schrieb Mij:
> Hi Sebastian
>
> thanks for reporting. Can you give a try to the version currently in
> the SVN?
>
> On Mar 2, 2009, at 16:24 , Sebastian Held wrote:
> > further investigation shows a problem in blacklist_load():
> >
> > # cat /var/log/sshguard.fifo | valgrind --tool=memcheck /usr/local/
> > sbin/sshguard
> > ==9364== Memcheck, a memory error detector.
> > ==9364== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et
> > al.
> > ==9364== Using LibVEX rev 1732, a library for dynamic binary
> > translation.
> > ==9364== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
> > ==9364== Using valgrind-3.2.3, a dynamic binary instrumentation
> > framework.
> > ==9364== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et
> > al.
> > ==9364== For more details, rerun with: -v
> > ==9364==
> > ==9364== Syscall param open(filename) points to unaddressable byte(s)
> > ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> > ==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
> > ==9364== by 0x804D6D5: blacklist_lookup_address
> > (sshguard_blacklist.c:199)
> > ==9364== by 0x804BAD9: report_address (sshguard.c:368)
> > ==9364== by 0x804C415: main (sshguard.c:240)
> > ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> > ==9364==
> > ==9364== Syscall param open(filename) points to unaddressable byte(s)
> > ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> > ==9364== by 0x804D6A3: blacklist_load (sshguard_blacklist.c:151)
> > ==9364== by 0x804D78C: blacklist_add (sshguard_blacklist.c:173)
> > ==9364== by 0x804BC28: report_address (sshguard.c:372)
> > ==9364== by 0x804C415: main (sshguard.c:240)
> > ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> > ==9364==
> > ==9364== Syscall param open(filename) points to unaddressable byte(s)
> > ==9364== at 0x40007F2: (within /lib/ld-2.6.1.so)
> > ==9364== by 0x804D7C7: blacklist_add (sshguard_blacklist.c:182)
> > ==9364== by 0x804BC28: report_address (sshguard.c:372)
> > ==9364== by 0x804C415: main (sshguard.c:240)
> > ==9364== Address 0x0 is not stack'd, malloc'd or (recently) free'd
> >
> > But currently sshguard is not yet running at 100%... It's idle as it
> > should.
> >
> >
> >
> >
> > ---------- Weitergeleitete Nachricht ----------
> >
> > Betreff: sshguard using 100% CPU
> > Datum: Montag 02 März 2009
> > Von: Sebastian Held <seb...@gm...>
> > An: ssh...@li...
> >
> > Hello,
> >
> > sshguard (svn rev. 74 + mod, but same issue is found in pristine rev
> > 74) is started like this:
> > cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard -w
> > 192.168.90.86 -w 192.168.90.52 >&/dev/null &
> >
> > After a short time (around an hour) CPU utilization increases to 100%.
> > A core dump is attached. There was only one sshguard process running.
> >
> > Stacktrace:
> > # gdb /usr/local/sbin/sshguard core.23814
> > GNU gdb 6.6.50.20070726-cvs
> > Copyright (C) 2007 Free Software Foundation, Inc.
> > GDB is free software, covered by the GNU General Public License, and
> > you are
> > welcome to change it and/or distribute copies of it under certain
> > conditions.
> > Type "show copying" to see the conditions.
> > There is absolutely no warranty for GDB. Type "show warranty" for
> > details.
> > This GDB was configured as "i586-suse-linux"...
> > Using host libthread_db library "/lib/libthread_db.so.1".
> > Core was generated by `/usr/local/sbin/sshguard'.
> > #0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
> > 431 for (pos = 0; pos < list_size(& hell); ) {
> > (gdb) bt full
> > #0 0x0804b7dc in pardonBlocked (par=0x0) at sshguard.c:431
> > now = 1235994775
> > tmpel = (attacker_t *) 0x8060128
> > ret = 0
> > pos = 0
> > #1 0xb7fc9192 in ?? ()
> > No symbol table info available.
> > #2 0x00000000 in ?? ()
> > No symbol table info available.
> > (gdb) p *tmpel
> > $2 = {attack = {address = {value =
> > "62.109.4.89\00041\000\blvps92-51-146-81 sshd[23934]: ", kind = 4},
> > service = 400}, whenfirst = 1235994599, whenlast = 1235994603,
> > pardontime = 0, numhits = 4}
> > (gdb)
> >
> >
> >
> > br,
> > Sebastian
> >
> > -------------------------------------------------------
> >
> > -------------------------------------------------------------------------
> >----- Open Source Business Conference (OSBC), March 24-25, 2009, San
> > Francisco, CA
> > -OSBC tackles the biggest issue in open source: Open Sourcing the
> > Enterprise
> > -Strategies to boost innovation and cut costs with open source
> > participation
> > -Receive a $600 discount off the registration fee with the source
> > code: SFAD
> > http://p.sf.net/sfu/XcvMzF8H
> > _______________________________________________
> > Sshguard-users mailing list
> > Ssh...@li...
> > https://lists.sourceforge.net/lists/listinfo/sshguard-users
>
> ---------------------------------------------------------------------------
>--- Open Source Business Conference (OSBC), March 24-25, 2009, San
> Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing
> the Enterprise -Strategies to boost innovation and cut costs with open
> source participation -Receive a $600 discount off the registration fee with
> the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
