Einige Bugs im Server

[pixelpur]

Hallo in die Runde,

ich wurde mir der Einrichtung eines Dedicated Servers ein wenig ins kalte Wasser gestoßen und hoffe, dass Ihr mir ein wenig weiterhelfen könnt. Sowohl das Plesk Panel als auch der Apache laufen voll und stürzen nach gewisser Zeit ab. Derzeit gibt es vermehr Probleme mit dem Qmail Server, der keine Mail mehr korrekt überträgt.

Erst mal hoffentlich alle relevanten Daten:

Server //

Parallels Plesk Panel-Version 9.2.2
Betriebssystem Linux 2.6.25.18-0.2-default
CPU AuthenticAMD, Dual-Core AMD Opteron(tm) Processor 1218 HE
Durchschnittliche Auslastung 0.23; 0.17; 0.11

Nun noch die aktuellen Logfiles:

Apache Error Log

[Mon Sep 14 13:45:31 2009] [notice] mod_python: using mutex_directory /tmp
[Mon Sep 14 13:45:31 2009] [notice] mod_bw : Memory Allocated 0 bytes (each conf takes 32 bytes)
[Mon Sep 14 13:45:31 2009] [notice] mod_bw : Version 0.8 - Initialized [0 Confs]
[Mon Sep 14 13:45:32 2009] [notice] Apache/2.2.8 (Linux/SUSE) mod_ssl/2.2.8 OpenSSL/0.9.8g PHP/5.2.9 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_jk/1.2.21 mod_perl/2.0.4-dev Perl/v5.10.0 configured -- resuming normal operations
[Mon Sep 14 13:56:13 2009] [error] [client 66.249.67.181] File does not exist: /srv/www/vhosts/default/htdocs/robots.txt
[Mon Sep 14 13:56:13 2009] [error] [client 66.249.67.181] File does not exist: /srv/www/vhosts/default/htdocs/php
[Mon Sep 14 14:02:47 2009] [error] [client 66.249.67.181] File does not exist: /srv/www/vhosts/default/htdocs/php
[Mon Sep 14 14:12:05 2009] [error] [client 89.247.208.142] File does not exist: /srv/www/vhosts/default/htdocs/autodiscover
[Mon Sep 14 14:12:08 2009] [error] [client 89.247.208.142] File does not exist: /srv/www/vhosts/default/httpsdocs/autodiscover
[Mon Sep 14 14:12:08 2009] [error] [client 89.247.208.142] File does not exist: /srv/www/vhosts/default/htdocs/autodiscover

Access Log

::1 - - [14/Sep/2009:14:14:44 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:14:45 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:14:53 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:14:54 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:14:55 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:14:56 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:14:57 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:14:58 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:14:59 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"
::1 - - [14/Sep/2009:14:15:04 +0200] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"

Mod_jk.log -- Läuft komischerweise sehr voll

Mon Jul 13 10:45:43 2009] [7734:50928] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:43 2009] [7735:50928] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:43 2009] [7737:50928] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:43 2009] [7738:50928] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:43 2009] [7739:50928] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:43 2009] [7740:50928] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:43 2009] [7741:50928] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:49 2009] [7825:55024] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:49 2009] [7826:55024] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:49 2009] [7828:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:49 2009] [7829:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:49 2009] [7830:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:49 2009] [7831:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:45:49 2009] [7832:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:09 2009] [10491:38640] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:09 2009] [10492:38640] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:09 2009] [10494:38640] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:09 2009] [10495:38640] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:09 2009] [10496:38640] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:09 2009] [10497:38640] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:09 2009] [10498:38640] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:46 2009] [11757:63216] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:47 2009] [11758:63216] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:47 2009] [11760:63216] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:47 2009] [11761:63216] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:47 2009] [11762:63216] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:47 2009] [11763:63216] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:47:47 2009] [11764:63216] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:50:23 2009] [3106:55024] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:50:24 2009] [3107:55024] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:50:24 2009] [3109:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:50:24 2009] [3110:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:50:24 2009] [3111:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:50:24 2009] [3112:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 10:50:24 2009] [3113:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Mon Jul 13 15:54:52 2009] [4762:55024] [error] jk_child_init::mod_jk.c (2594): Attaching shm:/srv/www/logs/jk-runtime-status errno=2
[Tue Jul 14 09:45:37 2009] [12938:5872] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2
[Tue Jul 14 09:45:38 2009] [12939:5872] [error] init_jk::mod_jk.c (2638): Initializing shm:/srv/www/logs/jk-runtime-status errno=2

In der Last Log steht nun noch folgender Eintrag:

Ø<®Jpts/0pd9e2ab02.dip.t-dialin.net

Könnte es sein, dass ein Angriff auf diesen Server läuft? Welche Routine gäbe es, um herauszufinden welche Schwachstelle ausgenutzt wird.

Sollten weitere Logfiles gewünscht sein werde ich diese gerne posten. Würde mich wirklich freuen wenn mir jemand kurzfristig helfen kann. Einige Kunden beschweren sich bereits, Mails unregelmäßig oder gar nicht zu empfangen. Der Absender erhält jedoch keine Fehlermeldung.

 

[Arne Buchwald]

Hallo pixelpur,

so pauschal befürchte ich, dass da niemand wirklich weiterhelfen kann. Zuerst ist es erstmal wichtig zu gucken, welche Dienste auf dem Server überhaupt laufen (bzw. laufen sollen oder nicht laufen sollen). Basierend auf dem log_file-Ausschnitt ist mod_jk aktiv - habt ihr tatsächlich irgendwelche JSPs am Laufen? Wenn nein, kann das Modul schon mal deaktivert werden.

Nächste Ansatzpunkte wären sicherlich, wenn du dir mal die Prozesse ansehen würdest, die laufen:

ps auxfwww

bzw. dir mal anguckst, auf welchen Ports Programme lauschen

netstat -tlnpu

Das sind einfach Ansatzpunkte und ersetzen natürlich keine vollständige Serveranalyse (die hier in meinen Augen dringend nötig wäre).

Viele Grüße,
Arne

 

[pixelpur]

Hallo Arne,

ja sicherlich ist noch mal eine komplette Analyse von Nöten aber nun muss ich leider erst mal rausfinden, warum der Server sich so fest läuft.

Prozesse

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         2  0.0  0.0      0     0 ?        S<   16:56   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [migration/0]
root         4  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [migration/1]
root         6  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [ksoftirqd/1]
root         7  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [events/0]
root         8  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [events/1]
root         9  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [khelper]
root        10  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kblockd/0]
root        11  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kblockd/1]
root        12  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kacpid]
root        13  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kacpi_notify]
root        14  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [cqueue]
root        15  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kseriod]
root        16  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kondemand/0]
root        17  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kondemand/1]
root        18  0.0  0.0      0     0 ?        S    16:56   0:00  \_ [pdflush]
root        19  0.0  0.0      0     0 ?        S    16:56   0:00  \_ [pdflush]
root        20  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kswapd0]
root        21  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [aio/0]
root        22  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [aio/1]
root        23  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kpsmoused]
root        63  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [ata/0]
root        64  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [ata/1]
root        65  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [ata_aux]
root        72  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [scsi_eh_0]
root        73  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [scsi_eh_1]
root        74  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [scsi_eh_2]
root        75  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [scsi_eh_3]
root       240  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [ksuspend_usbd]
root       258  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [khubd]
root       531  0.0  0.0      0     0 ?        S<   16:56   0:02  \_ [md1_raid1]
root       550  0.0  0.0      0     0 ?        S<   16:56   0:02  \_ [kjournald]
root       854  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [scsi_eh_4]
root       855  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [scsi_eh_5]
root      1129  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kauditd]
root      1148  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [kstriped]
root      1156  0.0  0.0      0     0 ?        S<   16:56   0:00  \_ [md0_raid1]
root         1  0.0  0.0    864   328 ?        Ss   16:56   0:00 init [3]
root       601  0.0  0.0  12428   716 ?        S<s  16:56   0:00 /sbin/udevd --daemon
root      1486  0.0  0.0   5916   348 ?        Ss   16:57   0:00 /sbin/resmgrd
100       1490  0.0  0.0  14728   744 ?        Ss   16:57   0:00 /bin/dbus-daemon --system
root      1568  0.0  0.0  32824  2268 ?        Ssl  16:57   0:00 /usr/sbin/console-kit-daemon
101       1665  0.0  0.0  32472  3368 ?        Ss   16:57   0:00 /usr/sbin/hald --daemon=yes
root      1737  0.0  0.0  17804  1184 ?        S    16:57   0:00  \_ hald-runner
root      1826  0.0  0.0  24056  1208 ?        S    16:57   0:00      \_ hald-addon-input: Listening on /dev/input/event2 /dev/input/event1
root      1883  0.0  0.0  24068  1196 ?        S    16:57   0:00      \_ /usr/lib64/hal/hald-addon-cpufreq
101       1903  0.0  0.0  25816  1156 ?        S    16:57   0:00      \_ /usr/lib64/hal/hald-addon-acpi
root      2363  0.0  0.0   8116   300 ?        Ss   16:57   0:00 /sbin/dhcpcd -HHH -D -K -N -t 999999 -h server -c /etc/sysconfig/network/scripts/dhcpcd-hook eth0
root      2551  0.0  0.0  19156  1000 ?        Ss   16:57   0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.init.pid
qmaild   24042  0.0  0.0  14032  1044 ?        Ss   18:55   0:00  \_ /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
qmaild   25741  0.0  0.0  14032  1052 ?        Ss   19:08   0:00  \_ /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
qmaild   25886  0.0  0.0  14032  1048 ?        Ss   19:10   0:00  \_ /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
qmaild   26390  0.0  0.0  14032  1056 ?        Ss   19:14   0:00  \_ /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
root     26401  0.0  0.0   8248   632 ?        S    19:14   0:00  |   \_ plugins/chkrcptto
qmaild   26397  0.0  0.0  14032  1056 ?        Ss   19:14   0:00  \_ /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
root     26402  0.0  0.0   8248   632 ?        S    19:14   0:00  |   \_ plugins/chkrcptto
qmaild   26403  0.0  0.0  14032  1044 ?        Ss   19:14   0:00  \_ /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
root      2565  0.0  0.0  19016  1004 ?        Ss   16:57   0:03 /sbin/syslog-ng -a /var/lib/named/dev/log
root      2583  0.0  0.0   4092   712 ?        Ss   16:57   0:00 /sbin/klogd -c 1 -x
root      2621  0.0  0.0  21560   888 ?        S    16:57   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd -maxprocs=40 -maxperip=4 -pid=/var/run/imapd.pid -nodnslookup -noidentlookup 143 /usr/sbin/imaplogin /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
root      2625  0.0  0.0  13968  1144 ?        S    16:57   0:00 /usr/sbin/courierlogger imapd
root      2631  0.0  0.0  62120  1296 ?        Ss   16:57   0:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid
root     26158  0.0  0.0  97772  3672 ?        Ss   19:12   0:00  \_ sshd: root@pts/0
root     26354  0.7  0.0  23880  2972 pts/0    Ss   19:14   0:00      \_ -bash
root     26406  0.0  0.0  13104  1120 pts/0    R+   19:14   0:00          \_ ps auxfwww
root      2657  0.0  0.0  21560   888 ?        S    16:57   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd-ssl -maxprocs=40 -maxperip=4 -pid=/var/run/imapd-ssl.pid -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
root      5733  0.0  0.0  14156  1956 ?        S    17:06   0:00  \_ /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
popuser   5734  0.0  0.0  20768  1628 ?        S    17:06   0:00  |   \_ /usr/bin/imapd Maildir
root      5959  0.0  0.0  14156  1956 ?        S    17:08   0:00  \_ /usr/bin/couriertls -server -tcpd /usr/sbin/imaplogin /usr/lib/courier-imap/authlib/authpsa /usr/bin/imapd Maildir
popuser   5960  0.0  0.0  20768  1616 ?        S    17:08   0:00      \_ /usr/bin/imapd Maildir
root      2661  0.0  0.0  13968  1152 ?        S    16:57   0:00 /usr/sbin/courierlogger imapd-ssl
root      2670  0.0  0.0  21560   888 ?        S    16:57   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d -maxprocs=40 -maxperip=4 -pid=/var/run/pop3d.pid -nodnslookup -noidentlookup 110 /usr/sbin/pop3login /usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir
root      2676  0.0  0.0  13968  1144 ?        S    16:57   0:00 /usr/sbin/courierlogger pop3d
root      2694  0.0  0.0  21560   880 ?        S    16:57   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d-ssl -maxprocs=40 -maxperip=4 -pid=/var/run/pop3d-ssl.pid -nodnslookup -noidentlookup 995 /usr/bin/couriertls -server -tcpd /usr/sbin/pop3login /usr/lib/courier-imap/authlib/authpsa /usr/bin/pop3d Maildir
root      2702  0.0  0.0  13836   972 ?        S    16:57   0:00 /usr/sbin/courierlogger pop3d-ssl
1000      2745  0.0  0.0  46920  3376 ?        S    16:57   0:02 /usr/sbin/sw-cp-serverd -f /etc/sw-cp-server/config
sso       2746  0.0  0.0 131324  8084 ?        Ss   16:57   0:00  \_ /usr/bin/sw-engine-cgi
sso       2784  0.0  0.0 131324  3156 ?        S    16:57   0:00  |   \_ /usr/bin/sw-engine-cgi
sso       2788  0.0  0.0 131324  3156 ?        S    16:57   0:00  |   \_ /usr/bin/sw-engine-cgi
sso       2748  0.0  0.0 131324  8088 ?        Ss   16:57   0:00  \_ /usr/bin/sw-engine-cgi
sso       2785  0.0  0.0 131324  3160 ?        S    16:57   0:00  |   \_ /usr/bin/sw-engine-cgi
sso       2786  0.0  0.0 131324  3160 ?        S    16:57   0:00  |   \_ /usr/bin/sw-engine-cgi
sso       2753  0.0  0.0 131324  8088 ?        Ss   16:57   0:00  \_ /usr/bin/sw-engine-cgi
sso       2783  0.0  0.0 131324  3160 ?        S    16:57   0:00  |   \_ /usr/bin/sw-engine-cgi
sso       2787  0.0  0.0 131324  3160 ?        S    16:57   0:00  |   \_ /usr/bin/sw-engine-cgi
sso       2757  0.0  0.0 131324  8084 ?        Ss   16:57   0:00  \_ /usr/bin/sw-engine-cgi
sso       2782  0.0  0.1 134908 15204 ?        S    16:57   0:00      \_ /usr/bin/sw-engine-cgi
sso       2790  0.0  0.1 132348 10400 ?        S    16:57   0:00      \_ /usr/bin/sw-engine-cgi
ntp       2855  0.0  0.0  29600  1556 ?        Ss   16:57   0:00 /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -i /var/lib/ntp -c /etc/ntp.conf
root      2863  0.0  0.0  20620   840 ?        Ss   16:57   0:00 /usr/sbin/cron
named     2919  0.0  0.1  72828 11876 ?        Ssl  16:57   0:00 /usr/sbin/named -t /var/lib/named -u named
root      2955  0.0  0.0  13308  1536 ?        S    16:57   0:00 /bin/sh /usr/bin/mysqld_safe --mysqld=mysqld --user=mysql --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --datadir=/var/lib/mysql
mysql     3005  0.4  0.3 212284 28508 ?        Sl   16:57   0:34  \_ /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/lib/mysql/mysqld.pid --skip-external-locking --port=3306 --socket=/var/lib/mysql/mysql.sock
postgres  3066  0.0  0.0 105412  4500 ?        Ss   16:57   0:02 /usr/bin/postmaster -D /var/lib/pgsql/data
postgres  3102  0.0  0.0  67048  1192 ?        Ss   16:57   0:00  \_ postgres: logger process
postgres  3104  0.0  0.0 105412  1584 ?        Ss   16:57   0:00  \_ postgres: writer process
postgres  3105  0.0  0.0 105412  1340 ?        Ss   16:57   0:00  \_ postgres: wal writer process
postgres  3106  0.0  0.0 105520  1668 ?        Ss   16:57   0:00  \_ postgres: autovacuum launcher process
postgres  3107  0.0  0.0  67044  1332 ?        Ss   16:57   0:00  \_ postgres: stats collector process
root      3131  0.0  0.5 106916 46432 ?        Ss   16:57   0:02 /usr/sbin/spamd --username=popuser --daemonize --nouser-config --helper-home-dir=/var/qmail --max-children 5 --create-prefs --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
popuser   3140  0.6  0.6 115180 54568 ?        S    16:57   0:53  \_ spamd child                                                                                                                                                                          
popuser   3141  0.1  0.6 114312 53692 ?        S    16:57   0:11  \_ spamd child                                                                                                                                                                          
qmails    3180  0.0  0.0   3880   584 ?        S    16:57   0:00 qmail-send
qmaill    3181  0.0  0.0   3824   568 ?        S    16:57   0:00  \_ splogger qmail
root      3182  0.0  0.0   3864   480 ?        S    16:57   0:00  \_ qmail-lspawn | /usr/bin/deliverquota ./Maildir
qmailr    3183  0.0  0.0   3860   484 ?        S    16:57   0:00  \_ qmail-rspawn
qmailq    3184  0.0  0.0   3820   432 ?        S    16:57   0:00  \_ qmail-clean
root      3351  0.0  0.5 399972 44156 ?        Ss   16:57   0:05 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun    3362  0.0  0.4 398188 33900 ?        S    16:57   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   23815  0.0  0.5 406492 44284 ?        S    18:53   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   23892  0.0  0.4 400312 39596 ?        S    18:54   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   24296  0.0  0.5 404588 44040 ?        S    18:57   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   24763  0.0  0.4 400416 38908 ?        S    19:00   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   25720  0.0  0.5 403252 42304 ?        S    19:08   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   25758  0.0  0.4 400344 38916 ?        S    19:08   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26136  0.0  0.4 399972 36928 ?        S    19:12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26137  0.0  0.4 399972 36924 ?        S    19:12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26139  0.0  0.4 399972 36952 ?        S    19:12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26140  0.0  0.4 399972 36944 ?        S    19:12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26143  0.0  0.4 399972 36852 ?        S    19:12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26294  0.0  0.4 399972 36912 ?        S    19:13   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26310  0.0  0.4 399972 36212 ?        S    19:13   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26312  0.0  0.4 399972 36212 ?        S    19:13   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26313  0.0  0.4 399972 36216 ?        S    19:13   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26318  0.0  0.4 399972 36216 ?        S    19:13   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26319  0.0  0.4 399972 36216 ?        S    19:13   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26320  0.0  0.4 399972 36216 ?        S    19:13   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
wwwrun   26321  0.0  0.4 399972 36216 ?        S    19:13   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
drweb     3542  0.0  0.3  35220 31604 ?        Ss   16:57   0:04 drwebd.real
drweb     5033  0.0  0.3  35476 31132 ?        S    17:03   0:00  \_ drwebd.real
drweb     5034  0.0  0.3  35220 30872 ?        S    17:03   0:00  \_ drwebd.real
drweb     5035  0.0  0.3  35220 30864 ?        S    17:03   0:00  \_ drwebd.real
drweb     5036  0.0  0.3  35220 30876 ?        S    17:03   0:00  \_ drwebd.real
drweb     5037  0.0  0.3  35476 31152 ?        S    17:03   0:00  \_ drwebd.real
drweb     5038  0.0  0.3  35220 30452 ?        S    17:03   0:00  \_ drwebd.real
drweb     5039  0.0  0.3  35476 31144 ?        S    17:03   0:00  \_ drwebd.real
drweb     5040  0.0  0.3  35220 30872 ?        S    17:03   0:00  \_ drwebd.real
drweb     5041  0.0  0.3  35504 31180 ?        S    17:03   0:00  \_ drwebd.real
drweb     5042  0.0  0.3  35220 30828 ?        S    17:03   0:00  \_ drwebd.real
drweb     5043  0.0  0.3  35220 30452 ?        S    17:03   0:00  \_ drwebd.real
drweb     5044  0.0  0.3  35476 31152 ?        S    17:03   0:00  \_ drwebd.real
drweb     5045  0.0  0.3  35220 30872 ?        S    17:03   0:00  \_ drwebd.real
drweb     5046  0.0  0.3  35220 30260 ?        S    17:03   0:00  \_ drwebd.real
drweb     5047  0.0  0.3  35220 30832 ?        S    17:03   0:00  \_ drwebd.real
drweb     5048  0.0  0.3  35220 30260 ?        S    17:03   0:00  \_ drwebd.real
root      3590  0.0  0.0   3984   648 ?        Ss   16:57   0:00 /sbin/mdadm -F /dev/md0 /dev/md1 -d 60 -m root@localhost -s -c /etc/mdadm.conf
root      3602  0.0  0.0  12516   868 tty1     Ss+  16:57   0:00 /sbin/mingetty --noclear tty1
root      3603  0.0  0.0   3828   596 ttyS0    Ss+  16:57   0:00 /sbin/agetty -L 57600 ttyS0 vt102

Laufenden Programme

Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0   1500   0  252661      0      0      0  334384      0      0      0 BMRU
lo    16436   0   19169      0      0      0   19169      0      0      0 LRU

Solltest du noch eine ruhige Minute finden wäre ich sehr dankbar.

 

[pixelpur]

So heute hängt der Server mal wieder und folgendes erhalte ich in der Top Ausgabe

top - 09:13:17 up 16:16, 1 user, load average: 727.14, 707.89, 667.49
Tasks: 2340 total, 6 running, 2334 sleeping, 0 stopped, 0 zombie
Cpu(s): 3.1%us, 20.9%sy, 0.0%ni, 75.4%id, 0.5%wa, 0.1%hi, 0.1%si, 0.0%st
Mem: 8165544k total, 1768520k used, 6397024k free, 72496k buffers
Swap: 2104496k total, 9704k used, 2094792k free, 234564k cached

Der Wert scheint mir doch ein wenig zu hoch.