centos 6 ps aux 挂断

centos 6 ps aux 挂断

我的服务器有问题。服务器运行的是 centos 6(CloudLinux Server 版本 6.2)。 uname -a = 2.6.32-320.4.1.lve1.1.4.el6.x86_64 这是一个 kvm 客户端。主机上是 debian 6。

如果我运行命令ps aux,它会卡在随机进程上(仅显示一些进程),top命令运行正常。htop也不起作用(黑屏)。

top - 12:11:51 up 34 min,  1 user,  load average: 4.26, 6.71, 16.15
Tasks: 201 total,   7 running, 192 sleeping,   0 stopped,   2 zombie
Cpu(s):  7.9%us,  2.8%sy,  0.0%ni, 87.5%id,  1.6%wa,  0.0%hi,  0.2%si,  0.0%st
Mem:   9862044k total,  2359484k used,  7502560k free,   171720k buffers
Swap: 10485720k total,        0k used, 10485720k free,  1336872k cached

服务器有一个 Intel(R) Xeon(R) CPU E5606 @ 2.13GHz,

free -m

             total       used       free     shared    buffers     cached
Mem:          9630       2336       7293          0        170       1324
-/+ buffers/cache:        841       8789
Swap:        10239          0      10239

php -v

PHP 5.3.19 (cli) (built: Nov 28 2012 10:03:07)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
    with the ionCube PHP Loader v4.2.2, Copyright (c) 2002-2012, by ionCube Ltd., and
    with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies
    with Suhosin v0.9.33, Copyright (c) 2007-2012, by SektionEins GmbH

mysql 服务器版本:5.1.63-cll

php -i

disable_functions => apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_e
xec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, openlog, passthru, php
_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_set
sid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_de
code, xmlrpc_server_create, putenv, show_source,mail => apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval,
 exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore,
inject_code, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, pos
ix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exe
c, syslog, system, xmlrpc_entity_decode, xmlrpc_server_create, putenv, show_source,mail
...
suhosin.executor.disable_eval => Off => Off
suhosin.executor.eval.blacklist => include,include_once,require,require_once,curl_init,fpassthru,base64_encode,base64_decode,mail,exec,system,proc_open,leak,
syslog,pfsockopen,shell_exec,ini_restore,symlink,stream_socket_server,proc_nice,popen,proc_get_status,dl, pcntl_exec, pcntl_fork, pcntl_signal,pcntl_waitpid,
 pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled,pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, socket_accept,socket_bind, socket_connect, socket_cr
eate, socket_create_listen,socket_create_pair,link,register_shutdown_function,register_tick_function,gzinflate => include,include_once,require,require_once,c
url_init,fpassthru,base64_encode,base64_decode,mail,exec,system,proc_open,leak,syslog,pfsockopen,shell_exec,ini_restore,symlink,stream_socket_server,proc_nic
e,popen,proc_get_status,dl, pcntl_exec, pcntl_fork, pcntl_signal,pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled,pcntl_wifstopped, pcntl
_wstopsig, pcntl_wtermsig, socket_accept,socket_bind, socket_connect, socket_create, socket_create_listen,socket_create_pair,link,register_shutdown_function,
register_tick_function,gzinflate

有时我无法终止 httpd 进程。我kill -9 PID甚至运行了几次,但什么也没发生。php 通过 suphp 运行。我从某处了解到它可能是木马。我运行它strace ps aux,它停止了

open("/proc/216456/cmdline", O_RDONLY)  = 5
read(5,

如果我重新启动服务器,问题就消失了,但过了一段时间它又回来了.. :(

谢谢。

答案1

问题出在审计上:backlog limit exceeded/etc/audit/audit.rules设置了-b3209216,问题就解决了。感谢大家的帮助 :)

答案2

您是否远程访问系统?您是否通过 SSH 连接?

这几乎像是您所在位置和服务器位置之间的某个地方出现了碎片数据包/MTU 问题。我见过这些情况下的文本输出问题。

为了确保问题不在您这边,您可以从其他位置连接到服务器吗?

基于 Debian 的主机系统运行如何?响应速度快吗?除此之外ps aux,系统运行良好吗?

如果您怀疑存在妥协,请运行一些此处注明的步骤检查系统健康状况并验证已安装的软件包。

还:我该如何处理受到感染的服务器?

相关内容