Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: disk full

  1. #11
    Join Date
    Jun 2009
    Location
    Timisoara, Romania
    Posts
    190

    Default Re: disk full

    Thanks!Now everything seems to be OK.

  2. #12
    brassy NNTP User

    Default Re: disk full

    ionpetrache wrote:
    > Thanks a lot for the information!


    welcome...looks like someone is knocking at your door...probably a
    cracker in china or some other place....i'm not qualified to help you
    sort out exactly what is going on....it could be anything from a
    harmless annoyance to a full fledged crack..

    ok, i helped you find the problem, someone else has to help you FIX
    it....sure you can just turn off firewall logging....but, then you
    loose all chances of fixing a hole in the ****, if there is one!

    and, as for log rotate--mine wasn't set tight enough either...but, i
    sure don't remember what i did to fix that...sorry..

    you can start with

    Code:
    man logrotate
    in a terminal..
    and, search the forum <http://forums.opensuse.org/search.php> for
    nuggets of gold....and ask questions as/when you run into trouble..

    but, to get your machine back to nearer normal you could temporarily
    turn off firewall logging while you figure out a logrotate scheme
    which does what needs to happen..

    good luck....and, AB you are still invited to step back in..

    --
    brassy

  3. #13
    Join Date
    Jun 2008
    Location
    /dev/belgium
    Posts
    1,946

    Default Re: disk full

    Quote Originally Posted by brassy View Post

    ok, i helped you find the problem, someone else has to help you FIX
    it....sure you can just turn off firewall logging....but, then you
    loose all chances of fixing a hole in the ****, if there is one!
    the amount of firewall logging is adjustable. If one wants, he can turn on logging only for critical stuff and disable all others

  4. #14
    Join Date
    Jun 2009
    Location
    Timisoara, Romania
    Posts
    190

    Default Re: disk full

    My firewall was set to log all the traffic so I think that was the problem

    Quote Originally Posted by microchip8 View Post
    the amount of firewall logging is adjustable. If one wants, he can turn on logging only for critical stuff and disable all others

  5. #15

    Default Re: disk full

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    brassy - You don't give yourself enough credit. :-)

    ionpetrache - Good work (and brassy) finding the issue. Why didn't
    logrotate take care of it? I'm guessing it is only set to rotate once per
    period of time or when a certain size is reached. logrotate does not run
    every second so if it is set to run daily (like mine is) and that is set
    to only rotate when a certain size is reached, then the excessive size
    (per an attack, for example) could have been generated between rotations.
    For example on my SLED 11 box I have the following in
    /etc/logrotate.d/syslog which defines when various logs are rotated:

    /var/log/warn /var/log/messages /var/log/allmessages
    /var/log/localmessages /var/log/firewall /var/log/acpid
    /var/log/NetworkManager {
    compress
    dateext
    maxage 365
    rotate 99
    missingok
    notifempty
    size +4096k
    create 640 root root
    sharedscripts
    postrotate
    /etc/init.d/syslog reload
    endscript
    }

    As logrotate is called daily I could have a full day for somebody to
    attack my box. Advice on what to do here can vary. First, if you're
    interested, look for patterns after you truncate /var/log/firewall for
    anything worthwhile. Second, turn down logging unless you plan to use it
    from time to time as you have likely already done. Third, your root
    partition is fourteen gigabytes. That should be plenty for most
    situations, but you may want to give more, or partition off /var in the
    future, so filling variable spaces (like logs) does not impact your entire
    system as adversely. Fourth, you could setup logrotate to run more often
    to catch randomness like this.

    Fifth, and possibly most-importantly, if your box is on a public network
    directly accessible then stop that now. Most of the time there is no
    reason to expose a non-server to the Internet directly. I can't imagine
    this would happen if you were behind a router at home or at work normally.

    Good luck.





    ionpetrache wrote:
    > My firewall was set to log all the traffic so I think that was the
    > problem
    >
    > microchip8;2012748 Wrote:
    >> the amount of firewall logging is adjustable. If one wants, he can turn
    >> on logging only for critical stuff and disable all others

    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iQIcBAEBAgAGBQJKXeZDAAoJEF+XTK08PnB5gkIP/izG41ChJkO8fs7yJEAigNwG
    ZDfAEKbsiSyKrBAGRG+kOOOz356kYrDic7c2yjkfriRXxk+AdTDX/dfefsTCrgr1
    QqeYUd2OCverymTyephdT4tVEdinhjVxrGFmIWBbYTaXxlFeaxxgBXVApE48GZzC
    ARKq9yBN6fxo60vGePANPmLqHSycMPOeem7glRpKoWvLmB9YD8tcCDascmH2kqBB
    zYd6cq6Pr0wHbVHwX/+i/mymZ5l2MuhGPCjeElH/mOklGtrtp9URnlvZ1jqOto6X
    EySB7P7C2ChYteg+y0ac0mSDuM2X1RV5LpJbNsvIhZZRgKboOHc1y3vCLQCjZKbR
    B3bka0LgxviDKXTownSQwkT3pl3jjrKjEC9Ogss+cXBcE0yzqC4aBxNXwxk2WsWt
    biHWgyFSh+aV3h1scHq24TNo59xVfCONsL/gltf51+BQiQ6Bvt1VCa7ZZtJjCeTJ
    ov+NmXkpj/9sRbvIQQNm+FfW1XnDBng+tMpfwQwa4QN1dJ4BAXASCMe0chBJ1XpR
    URvahuCF3+a2VNIS7gQnAYlpYSHcv0kLQLhRS7pIo/Jfqvoof7z3cZMWfalNjsbH
    DviG0icX58kmkuUrvXHMUCkEr5D7gTA6bcyoa+lij1JPK5aOr+tbfhjut7jqwVQj
    fwwPWTwNXzRoNzmHueiE
    =H90J
    -----END PGP SIGNATURE-----

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •