Raster 0 Posted June 27, 2019 Posted June 27, 2019 I've spent the past 4 days trying to decipher what kind of malware is targetting and breaking my ESMC installation. making it completely unresponsive. restoring from backup and it worked for a few hours and dies again ... after combing thru logs and configs, i found that the web server also replies in port 8443 It seems stable for the past day, in that port (the old ERA used it too) but i am not a Linux expert and can't figure out why Apache isn't replying anymore. Is something targetting my https ports and shutting Apache down?. Any clues ?
ESET Staff MartinK 384 Posted June 27, 2019 ESET Staff Posted June 27, 2019 I would recommend to check apache logs for access from unknown IP addresses. Relevant logs, including access logs, are available in /var/log/tomcat. Regarding port 8443, If I recall correctly, this is default port used by Apache, but it is not available from external environment. Port 443 is just redirection to 8443, handled by iptables service, which has to be running for it to work. Please check status of iptables via command: service iptables status I would also check utilization of resources, especially RAM, which might be increased, possibly resulting in instability of application.
Raster 0 Posted June 27, 2019 Author Posted June 27, 2019 Oh wow, solved it in 1 try 👍 [root@eset ~]# service iptables status Redirecting to /bin/systemctl status iptables.service ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled) Active: inactive (dead) [root@eset ~]# Starting the service fixed the problem immediately, but If i understand that right Disabled means it won't start on reboot. I enabled it but vendor preset stays disabled. I hope It stays up after reboot. [root@eset ~]# systemctl enable iptables Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service. [root@eset ~]# service iptables status Redirecting to /bin/systemctl status iptables.service ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled) Active: active (exited) since Thu 2019-06-27 20:38:05 CEST; 11min ago Main PID: 49265 (code=exited, status=0/SUCCESS) Jun 27 20:38:04 eset systemd[1]: Starting IPv4 firewall with iptables... Jun 27 20:38:05 eset iptables.init[49265]: iptables: Applying firewall rules: [ OK ] Jun 27 20:38:05 eset systemd[1]: Started IPv4 firewall with iptables. Thanks !!!!
Recommended Posts