从今天中午开始,每当我输入exit或使用Control-D关闭putty窗口时,就会有许多
Linux CentOS服务器停止运行.
以前有人遇到过这种奇怪的行为吗?
我检查了服务器上的别名列表,并且没有关于halt命令的别名.
在服务器上线后,我检查了历史记录并看到了一个“注销”命令,但没有任何与Halt相关的命令.
起初,我认为它只发生在我的计算机上,但后来我意识到它发生在所有类型的退出,退出或控制d.
其中2个服务器是我们的主要iptables防火墙,所以它非常关键,非常感谢您的帮助.
@H_404_18@
是否有可能有人乱用/usr/bin/clear使其停止呼叫?
以前有人遇到过这种奇怪的行为吗?
我检查了服务器上的别名列表,并且没有关于halt命令的别名.
在服务器上线后,我检查了历史记录并看到了一个“注销”命令,但没有任何与Halt相关的命令.
起初,我认为它只发生在我的计算机上,但后来我意识到它发生在所有类型的退出,退出或控制d.
其中2个服务器是我们的主要iptables防火墙,所以它非常关键,非常感谢您的帮助.
看起来像这样,它只发生在具有活动IPTables的服务器上:
[root@srv1 bin]# ssh srv2 root@srv2's password: Last login: Sun Nov 11 17:19:41 2012 from 192.168.12.98 [root@srv2 ~]# vim /etc/crontab [root@srv2 ~]# exit logout Broadcast message from root (pts/1) (Tue Nov 13 10:44:04 2012): The system is going down for system halt NOW! Connection to srv2 closed. [root@srv1 bin]#
在我的故障排除步骤中,我遇到了命令strace,所以我打开了两个bash窗口到一个有问题的服务器,我使用了strace -p PID_of_bash.
当我在第一个shell中键入exit时它确实停止了,附加是strace输出,如果你可以查看它并告诉我你是否看到任何可疑的东西我会更感谢.
RER,0x2b0e45a8f2f0},8) = 0
rt_sigaction(SIGALRM,{0x4484f0,[HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM Xcpu XFSZ VTALRM SYS],SA_RESTORER,{0x47c450,[],8) = 0
rt_sigaction(SIGTSTP,{0x1,8) = 0
rt_sigaction(SIGTTOU,8) = 0
rt_sigaction(SIGTTIN,8) = 0
rt_sigaction(SIGWINCH,{0x448370,{0x47c410,SA_RESTORER|SA_RESTART,8) = 0
socket(PF_NETLINK,SOCK_RAW,9) = 3
sendmsg(3,{msg_name(12)={sa_family=AF_NETLINK,pid=0,groups=00000000},msg_iov(2)=[{"\25\0\0\0d\4\1\0\0\0\0\0\0\0\0\0",16},{"exit\0",5}],msg_controllen=0,msg_flags=0},0) = 21
close(3) = 0
rt_sigaction(SIGINT,{0x448700,8) = 0
write(2,"logout\n",7) = 7
write(2,"There are stopped jobs.\n",24) = 24
rt_sigprocmask(SIG_BLOCK,NULL,8) = 0
rt_sigaction(SIGINT,8) = 0
rt_sigprocmask(SIG_BLOCK,8) = 0
rt_sigprocmask(SIG_BLOCK,[INT CHLD],8) = 0
pipe([3,4]) = 0
clone(child_stack=0,flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,child_tidptr=0x2b0e45db6fe0) = 23717
setpgid(23717,23717) = 0
rt_sigprocmask(SIG_SETMASK,[CHLD],8) = 0
close(3) = 0
close(4) = 0
rt_sigprocmask(SIG_BLOCK,[CHLD TSTP TTIN TTOU],8) = 0
ioctl(255,TIOCSPGRP,[23717]) = 0
rt_sigprocmask(SIG_SETMASK,8) = 0
rt_sigprocmask(SIG_SETMASK,8) = 0
wait4(-1,[{WIFEXITED(s) && WEXITSTATUS(s) == 0}],WSTOPPED|WCONTINUED,NULL) = 23717
rt_sigprocmask(SIG_BLOCK,[20458]) = 0
rt_sigprocmask(SIG_SETMASK,SNDCTL_TMR_TIMEBASE or TCGETS,{B38400 opost isig icanon echo ...}) = 0
ioctl(255,TIOCGWINSZ,{ws_row=53,ws_col=211,ws_xpixel=0,ws_ypixel=0}) = 0
rt_sigprocmask(SIG_SETMASK,8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1,0x7fff395da984,WNOHANG|WSTOPPED|WCONTINUED,NULL) = 0
rt_sigreturn(0x11) = 0
rt_sigprocmask(SIG_BLOCK,8) = 0
rt_sigaction(SIGINT,[INT],8) = 0
ioctl(0,ws_ypixel=0}) = 0
ioctl(0,TIOCSWINSZ,{B38400 opost isig icanon echo ...}) = 0
ioctl(0,SNDCTL_TMR_STOP or TCSETSW,{B38400 opost isig -icanon -echo ...}) = 0
rt_sigprocmask(SIG_SETMASK,[INT QUIT ALRM TSTP TTIN TTOU],8) = 0
rt_sigaction(SIGTERM,8) = 0
rt_sigaction(SIGQUIT,"[root@g2-lga ~]# ",17) = 17
rt_sigprocmask(SIG_BLOCK,8) = 0
read(0,"e",1) = 1
write(2,1) = 1
rt_sigprocmask(SIG_BLOCK,"x","i","t","\r",1) = 1
write(2,"\n",1) = 1
rt_sigprocmask(SIG_BLOCK,{B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_SETMASK,7) = 7
open("/root/.bash_logout",O_RDONLY) = 3
fstat(3,{st_mode=S_IFREG|0644,st_size=24,...}) = 0
read(3,"# ~/.bash_logout\n\nclear\n",24) = 24
close(3) = 0
rt_sigprocmask(SIG_BLOCK,8) = 0
stat(".",{st_mode=S_IFDIR|0750,st_size=12288,...}) = 0
stat("/usr/kerberos/sbin/clear",0x7fff395da960) = -1 ENOENT (No such file or directory)
stat("/usr/kerberos/bin/clear",0x7fff395da960) = -1 ENOENT (No such file or directory)
stat("/usr/local/sbin/clear",0x7fff395da960) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/clear",0x7fff395da960) = -1 ENOENT (No such file or directory)
stat("/sbin/clear",0x7fff395da960) = -1 ENOENT (No such file or directory)
stat("/bin/clear",0x7fff395da960) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/clear",0x7fff395da960) = -1 ENOENT (No such file or directory)
stat("/usr/bin/clear",{st_mode=S_IFREG|0755,st_size=12712,...}) = 0
access("/usr/bin/clear",X_OK) = 0
access("/usr/bin/clear",R_OK) = 0
stat("/usr/bin/clear",R_OK) = 0
rt_sigprocmask(SIG_BLOCK,child_tidptr=0x2b0e45db6fe0) = 23726
setpgid(23726,23726) = 0
rt_sigprocmask(SIG_SETMASK,[23726]) = 0
rt_sigprocmask(SIG_SETMASK,Broadcast message from root (pts/0) (Wed Nov 14 12:41:44 2012):
The system is going down for system halt NOW!
[{WIFEXITED(s) && WEXITSTATUS(s) == 0}],NULL) = 23726
rt_sigprocmask(SIG_BLOCK,0x7fff395da634,NULL) = 0
rt_sigreturn(0x11) = 0
open("/etc/bash.bash_logout",O_RDONLY) = -1 ENOENT (No such file or directory)
rt_sigprocmask(SIG_SETMASK,8) = 0
stat("/root/.bash_history",{st_mode=S_IFREG|0600,st_size=28900,...}) = 0
open("/root/.bash_history",O_WRONLY|O_APPEND) = 3
write(3,"cd /etc/profile.d/\nls\nls -alrt\ng"...,1120) = 1120
close(3) = 0
open("/root/.bash_history",O_RDONLY) = 3
fstat(3,st_size=30020,"history \nping g1-lga\nping g1-lga"...,30020) = 30020
close(3) = 0
open("/root/.bash_history",O_WRONLY|O_TRUNC) = 3
write(3,"grep \"216.18\" *\nhistory \nexit\nvi"...,27609) = 27609
close(3) = 0
kill(4294965658,SIGTERM) = 0
kill(4294965658,SIGCONT) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1,[{WIFSIGNALED(s) && WTERMSIG(s) == SIGTERM}],NULL) = 1638
wait4(-1,0x7fff395dac34,NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0x11) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1,NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0xffffffffffffffff) = 0
rt_sigprocmask(SIG_BLOCK,8) = 0
setpgid(0,20458) = -1 EPERM (Operation not permitted)
exit_group(1) = ?
Process 20458 detached
[root@g2-lga ~]#
首先要尝试的是编辑根/root/.bash_logout并删除clear命令.退出并查看会发生什么.
如果这样可以解决问题,那么您可以重新安装/usr/bin/clear
yum reinstall ncurses
在Centos 6.3系统上,我有以下md5校验和
md5sum /usr/bin/clear d9e48904e46ddc564328f81f87b34bb1 /usr/bin/clear md5sum /sbin/reboot df9499f20a77c1aacfd82e88cb25fe0f /sbin/reboot
