Jump to content

My ESMC Appliance stopped replying on 443

Raster
 Share

Recommended Posts

Raster

Raster 0

Posted
Posted

I've spent the past 4 days trying to decipher what kind of malware is targetting and breaking my ESMC installation. making it completely unresponsive. restoring from backup and it worked for a few hours and dies again ... 

after combing thru logs and configs, i found that the web server also replies in port 8443 

It seems stable for the past day, in that port (the old ERA used it too) but i am not a Linux expert  and can't figure out why Apache isn't replying anymore. Is something targetting my https ports and shutting Apache down?. 

Any clues ?

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 378

Posted
  • ESET Staff
Posted

I would recommend to check apache logs for access from unknown IP addresses. Relevant logs, including access logs, are available in /var/log/tomcat.

Regarding port 8443, If I recall correctly, this is default port used by Apache, but it is not available from external environment. Port 443 is just redirection to 8443, handled by iptables service, which has to be running for it to work. Please check status of iptables via command: 

service iptables status

I would also check utilization of resources, especially RAM, which might be increased, possibly resulting in instability of application.

Link to comment
Share on other sites
Raster

Raster 0

Posted
  • Author
Posted

Oh wow, solved it in 1 try 👍

  

[root@eset ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@eset ~]#

Starting the service fixed the problem immediately, but If i understand that right Disabled means it won't start on reboot. I enabled it but vendor preset stays disabled. I hope It stays up after reboot.
  

[root@eset ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.


[root@eset ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Thu 2019-06-27 20:38:05 CEST; 11min ago
 Main PID: 49265 (code=exited, status=0/SUCCESS)

Jun 27 20:38:04 eset systemd[1]: Starting IPv4 firewall with iptables...
Jun 27 20:38:05 eset iptables.init[49265]: iptables: Applying firewall rules: [  OK  ]
Jun 27 20:38:05 eset systemd[1]: Started IPv4 firewall with iptables.


Thanks !!!!
 

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...