blockcipher
12-28-2004, 01:25 PM
Good Morning everyone,
Okay here is my story :)
I had The Planet update the kernel on one of my TC boxes (I have them do them all btw). Now, when I reboot the machine to get the new kernel, my box would not come up. This is what they replied with.
This server will boot up to apf and then hang. From that point on it spams the console with martian header errors. Have you changed anything recently on this server?
I haven't made any changes to the server since the PHP security update.
Has anyone had any issues with this kernel and APF version 0.9.4? So now I'm booted back into my old kernel to keep the box up.
Any comments or suggestions? Thanks everyone for your time!
blockcipher
12-28-2004, 01:29 PM
I'm sorry, I'm running RHE.
1. What do the server logs suggest happened during bootup? ( you may have to review the messages log file for this )
2. Do you have the latest APF ? Do you have any other rfx scripts installed? ie. BFD and or AntiDos ? If so, check your ad/ad.rules file ( it may need cleaning out ) and your deny_hosts.rules file as well.
AFMichael
12-28-2004, 01:31 PM
Have you tried going in and disabling APF and see if it fully reboots?
blockcipher
12-28-2004, 02:08 PM
boot.log looks good. In 'messages' I see.
Dec 27 20:02:18 titan kernel: martian source 0.0.0.240 from 0.0.0.240, on dev eth0
Dec 27 20:02:18 titan kernel: ll header: ff:ff:ff:ff:ff:ff:00:30:48:29:8a:1c:08:06
Dec 27 20:02:23 titan kernel: NET: 5 messages suppressed.
Dec 27 20:02:23 titan kernel: martian source 0.0.0.240 from 0.0.0.240, on dev eth0
Dec 27 20:02:23 titan kernel: ll header: ff:ff:ff:ff:ff:ff:00:30:48:29:8a:1c:08:06
Dec 27 20:02:28 titan kernel: NET: 5 messages suppressed.
Dec 27 20:02:28 titan kernel: martian source 0.0.0.240 from 0.0.0.240, on dev eth0
Dec 27 20:02:28 titan kernel: ll header: ff:ff:ff:ff:ff:ff:00:30:48:29:8a:1c:08:06
Dec 27 20:02:33 titan kernel: NET: 5 messages suppressed.
Dec 27 20:02:33 titan kernel: martian source 0.0.0.240 from 0.0.0.240, on dev eth0
Dec 27 20:02:33 titan kernel: ll header: ff:ff:ff:ff:ff:ff:00:30:48:29:8a:1c:08:06
Dec 27 20:02:38 titan kernel: NET: 5 messages suppressed.
Dec 27 20:02:38 titan kernel: martian source 0.0.0.240 from 0.0.0.240, on dev eth0
Dec 27 20:02:38 titan kernel: ll header: ff:ff:ff:ff:ff:ff:00:30:48:29:8a:1c:08:06
Dec 27 20:02:43 titan kernel: NET: 5 messages suppressed.
Dec 27 20:02:43 titan kernel: martian source 0.0.0.240 from 0.0.0.240, on dev eth0
Dec 27 20:02:43 titan kernel: ll header: ff:ff:ff:ff:ff:ff:00:30:48:29:8a:1c:08:06
Not alot to where they said it was flooding the screen, but they are in there.
Keep in mind eth0 is my TC management ethernet port, not used on the outside (which I have setup in my apf as a trusted network interface).
As for the APF version, my conf.apf shows APF 0.9.4. And I just went to the APF site and it shows APF 0.9.4-7 so I will check that out as well.
Thanks!
Have you tried going in and disabling APF and see if it fully reboots?
I didn't have a chance to play with it to much, because I was already down for like 30min. So I'm trying to get some suggestions from you guys before I start playing :)
I'll try that too.
cat /etc/apf/VERSION should show you the exact version you are on. You might just need to upgrade and re-tweak the configuration. If you disable apf at startup, does the server start up fine ?
blockcipher
12-28-2004, 02:20 PM
Doing cat shows
version: 0.9.4-3
So I should really upgrade. And I will try disabling it at reboot as well.
Thanks guys for the suggestions so far!
Perhaps this might also be of assistance: http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2003-05/0001.html
