我们正在CentOS 7上运行一个LAMP堆栈VPS,它托pipe着一些网站,MariaDB数据库和相关的服务。 在深夜,我们的服务器神秘地完全离线。
当我们发现这个问题时,我们重新启动了VPS,服务器恢复正常了 – 但是我收到了一个SSH警告,告诉我RSA2指纹在重新login时发生了变化(这看起来非常可疑)。 日志parsing似乎表明,eth1连接突然停止工作:
完整日志从/ var / log / messages: http : //pastebin.com/Gbmitkhs
以下是服务器脱机之前的最后几行:
Dec 17 02:24:53 WebServer NetworkManager[487]: <warn> (eth1) firewall zone remove failed [102402]: (4) Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Dec 17 02:25:30 WebServer systemd-logind: Failed to start user slice: Connection timed out Dec 17 02:25:31 WebServer systemd-logind: Assertion 's->user->slice' failed at src/login/logind-session.c:510, function session_start_scope(). Aborting. Dec 17 02:25:32 WebServer systemd: systemd-logind.service: main process exited, code=killed, status=6/ABRT Dec 17 02:25:32 WebServer systemd: Unit systemd-logind.service entered failed state. Dec 17 02:25:33 WebServer systemd: systemd-logind.service failed. Dec 17 02:25:34 WebServer systemd: systemd-logind.service has no holdoff time, scheduling restart 在初步查看安全日志或Apache访问日志(除了僵尸程序爬行活动)之前,我没有注意到任何可疑活动。
什么可能导致失败,并随后更改服务器的RSA2指纹?