Hi All
Astaro's IPS module has started to crash, showing the following in the kernel log
rpm -qa | grep -i ips shows the following:
IPS logs always shows the following pattern before restarting the process:
Any insights will be helpful,
Regards,
Victor
Astaro's IPS module has started to crash, showing the following in the kernel log
Code:
2013:02:06-14:09:01 asg01 kernel: [1197473.518554] snort_inline[10674]: segfault at 0 ip 00000000f6bd97da sp 00000000ff93b6d0 error 4 in libsf_smtp_preproc.so.0.0.0[f6bd4000+10000]Code:
u2d-ips-7-304
ipset-6.0-1.1.g6186c62
ep-chroot-ipsec-8.30-7.gd7cd84f
chroot-ipsec-8.30-22.ga57c8e5Code:
2013:01:28-16:20:23 asg01 snort[2852]: S5: Session exceeded configured max bytes to queue 1048576 using 1049510 bytes (server queue). [Mail Server IP] 48523 --> [some random IP] 25 (0) : LWstate 0x9 LWFlags 0x406007
2013:01:28-16:20:28 asg01 snort[2852]: S5: Session exceeded configured max bytes to queue 1048576 using 1049152 bytes (server queue). [Mail Server IP] 21258 --> [some random IP] 25 (0) : LWstate 0x9 LWFlags 0x406007
2013:01:28-16:21:05 asg01 snort[2852]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="" reason="(smtp) Attempted command buffer overflow: more than 512 chars" group="0" srcip="Mail Server IP" dstip="some random destination" proto="6" srcport="19782" dstport="25" sid="0" class="Attempted Administrator Privilege Gain" priority="1" generator="124" msgid="1"Regards,
Victor