Здравствуйте, коллеги!
Сегодня один из серверов (freebsd 8.4-RELEASE-p21) ночью был перегружен
пользователем cnupm.
На первый взгляд это связано с аудитом. Потому что:
grep cnupm /var/log/messages
Feb 3 07:19:00 mail cnupm: audit warning: expired
/var/audit/20150203010119.20150203041900
Feb 3 07:19:00 mail cnupm: audit warning: closefile
/var/audit/20150203010119.20150203041900
Feb 3 10:00:15 mail cnupm: audit warning: expired
/var/audit/20150203041900.20150203070015
Feb 3 10:00:15 mail cnupm: audit warning: closefile
/var/audit/20150203041900.20150203070015
Feb 3 11:42:06 mail cnupm: audit warning: expired
/var/audit/20150203070015.20150203084206
Feb 3 11:42:06 mail cnupm: audit warning: closefile
/var/audit/20150203070015.20150203084206
Feb 3 13:31:33 mail cnupm: audit warning: expired
/var/audit/20150203084206.20150203103133
Feb 3 13:31:33 mail cnupm: audit warning: closefile
/var/audit/20150203084206.20150203103133
Feb 3 15:31:31 mail cnupm: audit warning: expired
/var/audit/20150203103133.20150203123131
Feb 3 15:31:31 mail cnupm: audit warning: closefile
/var/audit/20150203103133.20150203123131
Feb 3 17:41:19 mail cnupm: audit warning: expired
/var/audit/20150203123131.20150203144119
Feb 3 17:41:19 mail cnupm: audit warning: closefile
/var/audit/20150203123131.20150203144119
Feb 3 21:08:11 mail cnupm: audit warning: closefile
/var/audit/20150203144119.20150203180811
Feb 3 21:08:11 mail cnupm: audit warning: expired
/var/audit/20150203144119.20150203180811
Feb 4 00:00:49 mail cnupm: audit warning: expired
/var/audit/20150203180811.20150203210049
Feb 4 00:00:49 mail cnupm: audit warning: closefile
/var/audit/20150203180811.20150203210049
Feb 4 00:04:33 mail cnupm: audit warning: expired
/var/audit/20150203210049.20150203210433
Feb 4 00:04:33 mail cnupm: audit warning: closefile
/var/audit/20150203210049.20150203210433
Feb 4 00:08:23 mail cnupm: audit warning: expired
/var/audit/20150203210433.20150203210823
Feb 4 00:08:23 mail cnupm: audit warning: closefile
/var/audit/20150203210433.20150203210823
Feb 4 00:17:55 mail shutdown: reboot by cnupm:
и
ls -l /var/audit/
total 1009440
-r--r----- 1 root audit 59002793 15 янв 23:24
20150115184717.20150115202455.gz
-rw------- 1 root audit 786432 4 фев 00:18
20150203210823.20150203211840.gz
-r--r----- 1 root audit 973278050 4 фев 12:37
20150204083500.not_terminated
lrwxr-xr-x 1 root audit 40 4 фев 11:35 current ->
/var/audit/20150204083500.not_terminated
т.е. время перегрузки и время последней ротации лога аудита сопадают.
Зачем сервер то перегружать?)
--
--------------------------------------------------
Евгений Бунцев
