View previous topic :: View next topic |
Author |
Message |
Philippe23 Tux's lil' helper
Joined: 20 Dec 2006 Posts: 130 Location: Central NY
|
Posted: Thu Jun 16, 2011 2:11 pm Post subject: kernel module auto-load of net-pf-2-proto-17-type-1 ?? |
|
|
I've been getting messages like this in my logs for a little while now.
Quote: | Jun 16 09:16:06 localhost kernel: [4307269.978879] grsec: From 119.63.196.20: denied kernel module auto-load of net-pf-2-proto-17-type-1 by /usr/sbin/apache2[apache2:1407] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:14996] uid/euid:0/0 gid/egid:0/0 |
119.63.196.20 looks like it is a Baidu Search Engine Spider IP.
What would be triggering this, what exactly is apache trying to load (PF 2, PROTO 17 is UDP). Is there any danger in this? If this is just UDP and is harmless, any idea which kernel option builds this in? |
|
Back to top |
|
|
neofutur n00b
Joined: 18 Jun 2006 Posts: 21 Location: France
|
Posted: Mon Oct 27, 2014 8:57 pm Post subject: Re: kernel module auto-load of net-pf-2-proto-17-type-1 ?? |
|
|
Philippe23 wrote: | I've been getting messages like this in my logs for a little while now.
Quote: | Jun 16 09:16:06 localhost kernel: [4307269.978879] grsec: From 119.63.196.20: denied kernel module auto-load of net-pf-2-proto-17-type-1 by /usr/sbin/apache2[apache2:1407] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:14996] uid/euid:0/0 gid/egid:0/0 |
119.63.196.20 looks like it is a Baidu Search Engine Spider IP.
What would be triggering this, what exactly is apache trying to load (PF 2, PROTO 17 is UDP). Is there any danger in this? If this is just UDP and is harmless, any idea which kernel option builds this in? |
I d also be happy to get a definitive answer on this, couldnt find any way to stop apache to try to load ipv6 every 2 seconds
the answer from http://httpd.apache.org/docs/current/bind.html#ipv6
is just not working here, still getting :
Quote: | Oct 27 22:04:35 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:37 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:38 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:42 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:42 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:42 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:42 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:42 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:46 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:47 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
|
nearly one / second . . . _________________ http://bitcoin.gw.gd-http://ww7.pe-http://waisse.org |
|
Back to top |
|
|
neofutur n00b
Joined: 18 Jun 2006 Posts: 21 Location: France
|
Posted: Tue Nov 04, 2014 2:10 am Post subject: Re: kernel module auto-load of net-pf-2-proto-17-type-1 ?? |
|
|
neofutur wrote: |
the answer from http://httpd.apache.org/docs/current/bind.html#ipv6
is just not working here, still getting :
Quote: | Oct 27 22:04:35 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:46 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
Oct 27 22:04:47 x kernel: grsec: denied kernel module auto-load of ipv6 by uid 81
|
nearly one / second . . . |
since the main danger here is overloading your server with too many log messages ( and yes this is is a possible DOS/DDOS against anyone not allowing ipv6 ) concerning the war between me/grsec and silly apache , I finally edited the syslog-ng filter for grsec :
from
Code: | #filter f_grsec { message("^(\\[.*\..*\] |)grsec:.*"); }; |
to
Code: | filter f_grsec { message("^(\\[.*\..*\] |)grsec:.*") and not message(".*ipv6.*"); }; |
hopes this help , feel free to suggest a better syslog-ng filter please
I hate ignoring logs, but this one really exploded the loadavg on my server
also i m ready to try whatever apache config trick you could suggest to have this bitch stop trying to load ipv6 module ( but I already tried every answer i could find on the internet ).
( i wish apache had a use flag -ipv6 ) _________________ http://bitcoin.gw.gd-http://ww7.pe-http://waisse.org |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|