>>>>> On Mon, 5 Mar 2018 22:19:14 +0000, Shawn Rappaport said: > Content-ID: <e5e4840fb1b84f429231b2ee5c389...@namprd02.prod.outlook.com> > > On 3/5/18, 2:37 PM, "Josip Deanovic" <djosip+n...@linuxpages.net> wrote: > > Josip DeanovicOn Monday 2018-03-05 22:23:08 wrote: > > On Monday 2018-03-05 14:38:07 Dimitri Maziuk wrote: > > > On 03/05/2018 02:27 PM, Josip Deanovic wrote: > > > > On Monday 2018-03-05 14:16:34 Dimitri Maziuk wrote: > > > >> That's not an error if a security op's workstation is also a backup > > > >> client. > > > > > > > > > Yes, and I would like to know if that was the case. > > > > > > > > I tend to have a blanket iptables rule allowing local subnet traffic. > > > > Our security nazis live in a separate subnet so their scans get > > > > blocked > > > > by that. If I were running portscans from inside my netblock I expect > > > > I'd get the same log entries. That's anther other option for it being > > > > legit. > > > > > > I have additional backup interfaces and completely separated backup > > > network where no other two backup clients can see or reach each other. > > > > > > Where there is no additional network card available there is a VLAN. > > > > > > But all of that is not important here. > > > What is important is the case where if you can reach bacula services > > > you could potentially break backup jobs and thus effectively produce > > > a bacula denial of service. > > > > > > If I understood correctly that's what happened to Shawn. > > > > Actually Shawn didn't say that the backup failed. > > He just said that when he manually started the backup job the next day, > > it finished successfully, without errors. > > > > Shawn, can you confirm that both backups were successfully completed? > > > > Despite seeing those errors in the log, the catalog backup appears to have > been successful. So, yes, both the scheduled and manual backup of my catalog > completed successfully. Here is what the full log looks like from March 3rd: > > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: shell command: run > BeforeJob "/etc/bacula/make_catalog_backup.pl MyCatalog" > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Start Backup JobId > 113, Job=BackupCatalog.2018-03-03_23.10.00_10 > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Error: getmsg.c:209 > Malformed message: bsock.c:819 Packet size=121984032 too big from > "client:10.32.12.18:9103". Maximum permitted 1000000. Terminating connection. > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Error: getmsg.c:209 > Malformed message: bsock.c:819 Packet size=138759248 too big from > "client:10.32.12.18:9103". Maximum permitted 1000000. Terminating connection. > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Error: getmsg.c:209 > Malformed message: bsock.c:819 Packet size=50331667 too big from > "client:10.32.12.18:9103". Maximum permitted 1000000. Terminating connection. > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Using Device > "FileChgr1-Dev2" to write. > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Error: getmsg.c:209 > Malformed message: bsock.c:819 Packet size=121984032 too big from > "client:10.32.12.18:9102". Maximum permitted 1000000. Terminating connection. > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Error: getmsg.c:209 > Malformed message: bsock.c:819 Packet size=138759248 too big from > "client:10.32.12.18:9102". Maximum permitted 1000000. Terminating connection. > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Error: getmsg.c:209 > Malformed message: bsock.c:819 Packet size=50331667 too big from > "client:10.32.12.18:9102". Maximum permitted 1000000. Terminating connection. > xbacdirector01-lv.internal.shutterfly.com-sd JobId 113: Volume "daily-0" > previously written, moving to end of data. > xbacdirector01-lv.internal.shutterfly.com-sd JobId 113: Elapsed > time=00:00:02, Transfer rate=11.07 M Bytes/second > xbacdirector01-lv.internal.shutterfly.com-sd JobId 113: Sending spooled attrs > to the Director. Despooling 225 bytes ... > xbacdirector01-lv.internal.shutterfly.com-dir JobId 113: Bacula > xbacdirector01-lv.internal.shutterfly.com-dir 9.0.6 (20Nov17): > Build OS: x86_64-pc-linux-gnu redhat (Core) > JobId: 113 > Job: BackupCatalog.2018-03-03_23.10.00_10 > Backup Level: Full > Client: "xbacdirector01-lv.internal.shutterfly.com-fd" > 9.0.6 (20Nov17) x86_64-pc-linux-gnu,redhat,(Core) > FileSet: "Catalog" 2018-02-08 23:10:00 > Pool: "Daily" (From Job resource) > Catalog: "MyCatalog" (From Client resource) > Storage: "File1" (From Pool resource) > Scheduled time: 03-Mar-2018 23:10:00 > Start time: 03-Mar-2018 23:10:03 > End time: 03-Mar-2018 23:10:05 > Elapsed time: 2 secs > Priority: 11 > FD Files Written: 1 > SD Files Written: 1 > FD Bytes Written: 22,147,958 (22.14 MB) > SD Bytes Written: 22,148,071 (22.14 MB) > Rate: 11074.0 KB/s > Software Compression: 70.7% 3.4:1 > Comm Line Compression: None > Snapshot/VSS: no > Encryption: no > Accurate: no > Volume name(s): daily-0 > Volume Session Id: 3 > Volume Session Time: 1520028953 > Last Volume Bytes: 44,350,450 (44.35 MB) > Non-fatal FD errors: 6 > SD Errors: 0 > FD termination status: OK > SD termination status: OK > Termination: Backup OK -- with warnings
These are different messages from those you reported originally (which all mentioned client:10.32.12.18:9101 with time 12:27 and 12:28). They are almost certainly caused by a port scan though, so nothing to worry about. Nevertheless, I would report these latest messages as a bug, because it looks like Bacula has erroneously associated them with JobId 113, which possibly caused the spurious "Backup OK -- with warnings". It looks like a double error: something has detected the packet size problems and reported this back to getmsg.c in a malformed way. __Martin ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
