我们在 CentOS 7 上运行 LAMP 堆栈 VPS,托管一些网站、MariaDB 数据库和相关服务。半夜时分,我们的服务器神秘地完全离线了。
当我们发现问题时,我们关闭了 VPS 的电源,服务器又恢复了 - 但当我重新登录时,我收到了 SSH 警告,提示 RSA2 指纹已更改(这似乎非常可疑)。日志解析似乎表明 eth1 连接突然停止工作:
来自 /var/log/messages 的完整日志:http://pastebin.com/Gbmitkhs
以下是服务器离线前的最后几行:
Dec 17 02:24:53 WebServer NetworkManager[487]: <warn> (eth1) firewall zone remove failed [102402]: (4) Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Dec 17 02:25:30 WebServer systemd-logind: Failed to start user slice: Connection timed out
Dec 17 02:25:31 WebServer systemd-logind: Assertion 's->user->slice' failed at src/login/logind-session.c:510, function session_start_scope(). Aborting.
Dec 17 02:25:32 WebServer systemd: systemd-logind.service: main process exited, code=killed, status=6/ABRT
Dec 17 02:25:32 WebServer systemd: Unit systemd-logind.service entered failed state.
Dec 17 02:25:33 WebServer systemd: systemd-logind.service failed.
Dec 17 02:25:34 WebServer systemd: systemd-logind.service has no holdoff time, scheduling restart
初步查看安全日志或 Apache 访问日志(除了机器人爬行活动)时,我没有发现任何可疑活动。
什么原因可能导致故障以及服务器的 RSA2 指纹随后发生变化?