I installed ASL yesterday after a successful hack on my server - I've went through all the steps to get it installed and now have 1 moderate and 1 low vulnerability.
Everything was operating fine until a few minute ago when the server completely stopped responding.
I could not log in via SSH, view websites, use emails or even ping.
I used my remote console to reset the power and reboot.
After inspecting /var/log/messages, i can see that the server was doing things while it was unresponsive:
Code: Select all
Nov 24 18:27:43 xxx xinetd[3079]: EXIT: ftp status=0 pid=16002 duration=52(sec)
Nov 24 18:28:59 xxx clamd[19629]: stream(127.0.0.1@1027): ASL.MalwareBlacklist.rbcmail.ru.UNOFFICIAL FOUND
Nov 24 18:29:08 xxx kernel: nf_conntrack: table full, dropping packet.
Nov 24 18:30:01 xxx psmon[16118]: Forking background daemon, process 16119.
Nov 24 18:30:01 xxx psmon[16119]: Forking second background daemon, process 16121.
Nov 24 18:31:00 xxx kernel: nf_conntrack: table full, dropping packet.
Nov 24 18:31:07 xxx postfix/smtpd[16131]: sql_sqlite3 plugin: no result found
Nov 24 18:32:13 xxx kernel: nf_conntrack: table full, dropping packet.
Nov 24 18:33:21 xxx syslogd 1.4.1: restart.
What concerns me is this new log entry that i've never seen before:
Code: Select all
kernel: nf_conntrack: table full, dropping packet.
Thanks
p.s. The sql_sqlite log is one i've seen for months - I tried to get rid of it, but couldn't figure out how