On 29 Sep 2008 at 18:21, Alex Efros wrote: > Is my question too complex and nobody know the answer (or even guesses), > or it's too stupid and everybody wait until I try google (I've tried it > already, without success)?
maybe it's because of what you said: > I've no idea why grsec complain in logs about it. at this point it's clear that you didn't quite read the description of GRKERNSEC_RESLOG which is what you've apparently enabled. in short, grsec is doing what you asked it to do: log various resource overstep events. why those events occured is another question and each case needs its own investigation. for example overstepping the default 8MB stack limit by 180MB sounds like a memory corruption problem or something trying to pass an inordinate amount of data on the stack (say, in the environment). whether that was because of e.g., a bug in a script on your server or an exploit attempt is hard to tell after the fact. also the AS limit overstep is a known issue, qmail tries to be smart and fails to estimate its own memory needs.
