[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]



David Yates Buckley,
Unit9 Ltd.

At 02:54 PM 9/20/01 +1200, you wrote:
>After installing portsentry it was logging an attack every second if not
>more...
>
>
><snip previous post>
>I then went to root and viewed the dead.letter and it's of course 10Mb in
>size and all it shows is 10Mb of the following:-
>
>Sep 19 15:48:11 ns portsentry[19597]: attackalert: Host: 208.155.xx.xx is
>already blocked. Ignoring
>Sep 19 15:48:11 ns portsentry[19597]: attackalert: Connect from host:
>e0.br3.xxxxxxx.com/208.155.xx.xx to UDP port: 69
>
>The xxx is the company from whom we lease the servers from.
>
>I then started getting emails from admin like...
>
>Subject: Cron <root@ns> /usr/local/etc/logcheck.sh
>
>Message exceeds maximum fixed size (10485760)
>/root/dead.letter... Saved message in /root/dead.letter
>
>I then got an email from admin stating...
>
>is getting very close to full.  This is very dangerous for the server
>and can cause unexpected errors to occur.  You either need to move some
>files to another storage device and delete them from the Cobalt server
>or delete them altogether.  Consult the documentation for help adding
>storage to your Cobalt server.
>
>Total disk space:  726.04 MB
>Free disk space:  45.03 MB
>Percent Used:  93 %
>
>Now I've quickly jumped into the server and noticed the following:-
>
>/root   -   dead.letter is 41Mb
>/var/log/messages   -   25Mb  < --- growing as I type this
>/var/log/xferlog   -  25Mb < ----- growing as I type this
>
>
>I need to know before the server goes tits up how do I kill the logs and get
>them back to what they were before portsentry started. I've renamed the file
>portsentry to portsentry.old for now to see if that stops the quick
>generation of log files and dead.letter. Can I delete dead/letter from /root
>
>Regards from Auckland
>
>Chae
>
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>