我有一个新安装的CentOS 7服务器,运行Apache httpd 2.4.6,我刚刚注意到它的审计日志变得太快了,有很多这样的条目:
type=ANOM_ABEND msg=audit(06/02/15 15:44:09.341:906003) : auid=unset uid=apache gid=apache ses=unset subj=system_u:system_r:httpd_t:s0 pid=44258 comm=httpd reason="memory violation" sig=SIGSEGV 将debugging器附加到一个随机的apachesubprocess,并等待它崩溃给出:
Program received signal SIGSEGV, Segmentation fault. 0x00007f8433bf47f8 in main_arena () from /lib64/libc.so.6 (gdb) backtrace #0 0x00007f8433bf47f8 in main_arena () from /lib64/libc.so.6 #1 0x00007f8428e4de43 in ssl_hook_Access () from /etc/httpd/modules/mod_ssl.so #2 0x00007f8435370490 in ap_run_access_checker () #3 0x00007f8435372d75 in ap_process_request_internal () #4 0x00007f843538dbe0 in ap_internal_redirect () #5 0x00007f843538e074 in ap_process_async_request () #6 0x00007f843538e404 in ap_process_request () #7 0x00007f843538adb2 in ap_process_http_connection () #8 0x00007f8435382e30 in ap_run_process_connection () #9 0x00007f842acdc7ef in child_main () from /etc/httpd/modules/mod_mpm_prefork.so #10 0x00007f842acdca26 in make_child () from /etc/httpd/modules/mod_mpm_prefork.so #11 0x00007f842acdd6be in prefork_run () from /etc/httpd/modules/mod_mpm_prefork.so #12 0x00007f84353600fe in ap_run_mpm () #13 0x00007f8435359726 in main ()
这似乎是由mod_ssl引起的。 看看httpd日志,我可以关联来自不同日志文件的以下事件:
[Fri Feb 06 15:44:09.343116 2015] [ssl:error] [pid 44258] [client XXX39:29260] AH02225: Re-negotiation request failed [Fri Feb 06 15:44:09.343167 2015] [ssl:error] [pid 44258] SSL Library Error: error:14080152:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
和:
[Fri Feb 06 15:44:10.147381 2015] [core:notice] [pid 2689] AH00052: child pid 44258 exit signal Segmentation fault (11)
所以,一方面,我不希望在Apache httpd中允许不安全的SSL重新协商。 但是我每秒都会得到一两个这样的错误,这些错误转化为apache日志中的3行日志,审计日志中的1行以及apachesubprocess崩溃。
是否有可能防止这些进程崩溃? 只是因为不安全的遗留重新谈判是不允许的,这是否意味着它需要segfault? 任何想法来改善这种情况?
PS:软件版本: