I'm running FW-1 4.1 SP1 on AIX. We're trying to start using Partially Automatic Client Authentication for HTTP and HTTPS traffic. After testing this for 15-20 minutes, logging on the firewall seemed to stop and some new processes were spawned:
# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Jun 07 - 1:38 /etc/init
root 2682 1 0 Jun 07 - 0:00 /usr/lib/errdemon
root 2874 1 0 Jun 07 - 0:00 /usr/sbin/srcmstr
root 3208 1 0 Jun 07 - 0:54 /usr/sbin/cron
root 3390 1 0 Jun 07 - 128:17 /usr/sbin/syncd 60
root 3734 1 0 Aug 18 0 0:00 /usr/sbin/getty /dev/console
root 3936 1 0 Aug 18 - 18:01 fwm
root 4672 4954 0 22:39:09 - 0:00 funcchain au_auth 2 1 resolver_
root 4954 9784 0 22:39:09 - 0:00 funcchain au_auth 1 0 resolver_
root 5184 2874 0 Jun 07 - 0:00 /usr/sbin/portmap
root 5420 2874 0 Jun 07 - 0:00 /usr/sbin/inetd
root 5678 2874 0 Jun 07 - 3:08 /usr/sbin/named
root 5936 2874 0 Jun 07 - 41:53 /usr/sbin/xntpd
root 6196 1 0 Jun 07 - 0:00 /usr/sbin/uprintfd
root 6452 2874 0 Jun 07 - 0:04 /usr/sbin/qdaemon
root 6714 2874 0 Jun 07 - 0:00 /usr/sbin/writesrv
root 6968 1 0 Jun 07 - 1:54 /usr/bin/AIXPowerMgtDaemon
root 7766 7998 0 Jun 07 - 12:11 /usr/lpp/adsm/bin/dsmstat 39321
root 7998 1 0 Jun 07 - 40:45 /usr/lpp/adsm/bin/dsmc sched -p
root 8256 1 0 Jun 07 - 0:00 /usr/lpp/diagnostics/bin/diagd
root 8456 9626 0 23:09:18 pts/0 0:00 -ksh
root 8862 3936 0 23:15:38 - 0:00 /usr/lpp/CPfw1-41/bin/fwm 8 -lo
root 9030 2874 0 Jun 12 - 0:14 /usr/sbin/syslogd
root 9626 5420 0 23:09:18 - 0:00 telnetd -a
root 9784 1 0 Aug 18 - 235:26 fwd
root 10204 9784 0 22:34:42 - 0:08 in.ahttpd 80
root 10830 8456 3 23:18:10 pts/0 0:00 ps -ef
root 11108 1 0 Jun 20 - 1684:20 alertd -A -l
root 11302 9784 0 Aug 18 - 58:44 alertd -A -l
root 11990 11108 46 0:00 <defunct>
root 12170 9784 0 Aug 18 - 45:34 isakmpd
root 12398 9784 0 20:08:49 - 0:04 in.atelnetd 23
root 12668 11302 32 0:00 <defunct>
root 12850 9784 0 Aug 31 - 26:45 in.aftpd 21
The processes are the "funcchain" processes. A lookup at checkpoint found a possible cause:
---------------------------------
Solution: funcchain process turns to Zombie and hangs the HTTP security server (10022.0.1908062.2483196)
Upgrade to FireWall-1 4.0 SP6
Problem Description
funcchain process turns to Zombie and hangs the HTTP security server
HTTP security server hangs
HTTP security server stops logging
Problem Environment:
FireWall-1 4.0 SP5
HP-UX 10.20
BG000517
Cause of this problem:
When a process dies, the system send a SIGCHLD signal to inform the father process about this event. The child process stays in a zombie state until the father intercepts this signal. In this case, the in.ahttpd process did not try to intercept this signal from its child - funcchain - which stays in zombie state and causes the HTTP security server hang.
---------------------------------
Well, all that is fine and dandy, but the solution is unacceptable because I don't want to upgrade FW-1 4.1 SP1 to FW-1 4.0 SP6. I had enough trouble getting a 4.1 license! ;-)
Anybody got any ideas? I already checked PhoneBoy's site and found no answer. Could this be an AIX problem? Checkpoint's site didn't even mention AIX in the problem environment.
I really don't want this to fail when we roll it out but the pressure from above is beginning to squash me!
Thanks in advance,
Paul Mills
Data Security Analyst
CCSA, CCSE
//AMERICREDIT CORPORATION
[EMAIL PROTECTED]
#42: It works the way the Wang did, what's the problem?
