我收到了很多报告此问题的电子邮件,我希望这个问题能够自动纠正。这些进程由我的服务器运行,是更新、会话删除和其他被报告为误报的合法会话处理的结果。
以下是一份示例报告:
Time: Sat Oct 20 00:00:03 2012 -0400
PID: 20077
Account: named
Uptime: 326117 seconds
Executable:
/usr/sbin/nsd\00507d27e9\0053\00\00\00\00\00 (deleted)
The file system shows this process is running an executable file that has
been deleted. This typically happens when the original file has been replaced
by a new file when the application is updated. To prevent this being reported
again, restart the process that runs this excecutable file. See csf.conf and
the PT_DELETED text for more information about the security implications of
processes running deleted executable files.
Command Line (often faked in exploits):
/usr/sbin/nsd -c /etc/nsd/nsd.conf
Network connections by the process (if any):
udp: xx.xx.xxx.xx:53 -> 0.0.0.0:0
udp: 127.0.0.1:53 -> 0.0.0.0:0
udp: xx.xx.xxx.xx:53 -> 0.0.0.0:0
tcp: xx.xx.xxx.xx:53 -> 0.0.0.0:0
tcp: 127.0.0.1:53 -> 0.0.0.0:0
tcp: xx.xx.xxx.xx:53 -> 0.0.0.0:0
Files open by the process (if any):
/dev/null
/dev/null
/dev/null
Memory maps by the process (if any):
0045e000-00479000 r-xp 00000000 fd:00 2582025 /lib/ld-2.5.so
00479000-0047a000 r--p 0001a000 fd:00 2582025 /lib/ld-2.5.so
0047a000-0047b000 rw-p 0001b000 fd:00 2582025 /lib/ld-2.5.so
0047d000-005d5000 r-xp 00000000 fd:00 2582073 /lib/i686/nosegneg/libc-2.5.so
005d5000-005d7000 r--p 00157000 fd:00 2582073 /lib/i686/nosegneg/libc-2.5.so
005d7000-005d8000 rw-p 00159000 fd:00 2582073 /lib/i686/nosegneg/libc-2.5.so
005d8000-005db000 rw-p 005d8000 00:00 0
005dd000-005e0000 r-xp 00000000 fd:00 2582087 /lib/libdl-2.5.so
005e0000-005e1000 r--p 00002000 fd:00 2582087 /lib/libdl-2.5.so
005e1000-005e2000 rw-p 00003000 fd:00 2582087 /lib/libdl-2.5.so
0062b000-0063d000 r-xp 00000000 fd:00 2582079 /lib/libz.so.1.2.3
0063d000-0063e000 rw-p 00011000 fd:00 2582079 /lib/libz.so.1.2.3
00855000-0085f000 r-xp 00000000 fd:00 2582022 /lib/libnss_files-2.5.so
0085f000-00860000 r--p 00009000 fd:00 2582022 /lib/libnss_files-2.5.so
00860000-00861000 rw-p 0000a000 fd:00 2582022 /lib/libnss_files-2.5.so
00ac0000-00bea000 r-xp 00000000 fd:00 2582166 /lib/libcrypto.so.0.9.8e
00bea000-00bfe000 rw-p 00129000 fd:00 2582166 /lib/libcrypto.so.0.9.8e
00bfe000-00c01000 rw-p 00bfe000 00:00 0
00e68000-00e69000 r-xp 00e68000 00:00 0 [vdso]
08048000-08074000 r-xp 00000000 fd:00 927261 /usr/sbin/nsd
08074000-08079000 rw-p 0002b000 fd:00 927261 /usr/sbin/nsd
08079000-0808c000 rw-p 08079000 00:00 0
08a20000-08a67000 rw-p 08a20000 00:00 0
b7f8d000-b7ff2000 rw-p b7f8d000 00:00 0
b7ffd000-b7ffe000 rw-p b7ffd000 00:00 0
bfa6d000-bfa91000 rw-p bffda000 00:00 0 [stack]
能解决问题/etc/nsd/restart吗?kill -1 20077
答案1
/etc/nsd/restart [...] 能解决问题吗?
是的。正如您的 ConfigServer 报告脚本已经告诉您的那样
为了防止再次报告此问题,请重新启动运行该可执行文件的进程。
从安全角度来看,这也是一个可取的做法:您应用的更新可能与安全相关,除非重新启动受影响的进程,否则修复的代码不会生效。
这些进程由我的服务器运行,是更新、会话删除和其他合法会话处理的结果
会话删除和会话处理不会影响 nsd 二进制文件(希望如此,否则你的服务器就完蛋了)。名称服务器守护进程。