> On Feb 22, 2016, at 3:58 PM, Reco <recovery...@gmail.com> wrote:
>
> First one is 'ls -ald /var/cache'.
root@log:~# ls -ald /var/cache
drwxr-xr-x 14 root root 4096 Oct 12 2013 /var/cache
> Second one is 'sudo -u touch /var/cache/bind/slaves/1'.
sudo: unknown user: touch
sudo: unable to initialize policy plugin
(Should there have been a "bind" after the '-u'? I just tried that, and it
returns an empty line.)
> 'su -l bind -c "touch /var/cache/bind/slaves/1"' should do it too since
> you have an interactive login shell for bind.
That one replies with an empty line. BIND's shell is still BASH (I thought I'd
deleted that long ago).
If I do 'su -l bind -c "touch /var/cache/bind/slaves/1" ; echo $?', it prints
'0'.
> Third one (hey, you never know) is 'ls -ald /'.
drwxr-xr-x 25 root root 4096 Jun 6 2014 /
...
Wait a minute. I just took a look at today's DNS log with 'cat /var/log/daemon
| egrep permission' and I see at the bottom:
Feb 22 02:15:07 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied
Feb 22 02:23:31 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-jpxayKBERz: open: permission denied
Feb 22 02:29:31 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-KvIK8XPZRW: open: permission denied
That says to me that the problem stopped around 2AM last night, no? I think
that's about the time I rebooted the server -- I don't remember why. If that's
true, something got well of natural causes, and I apologize tremendously for
the noise.
The 2 PIDs could very well be because I had 2 BINDs running for a while trying
to figure this out -- one as user bind, and one as root. There's a command in
my history file to kill 20061.
'logwatch --range today' prints (about the DNS dumps):
dumping master file: /var/cache/bind/slaves/tmp-18yeqdeUo7: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-5cVqqTAnb6: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-5n3f6qn0Cj: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-7OngiRhduG: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-8m09QHZPqR: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-93yzSn2HVG: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-KQi00ADskK: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-KnYb1BM7ho: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-KvIK8XPZRW: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-Mvis5kMjqB: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-NB1hVFYTQ3: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-RbEDOfprSt: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-Tr7TNyn2pB: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-X7frzE1EHg: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-fHVyGM1SqQ: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-fSPdEwQTGO: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-h28gNDyR7n: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-jpxayKBERz: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-n99ZL1tdSc: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-pPGgsIYF9T: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-qbxXuXSlvZ: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-ucvOB7hKDt: open:
permission denied: 1 Time(s)
dumping master file: /var/cache/bind/slaves/tmp-yhcq7G3STF: open:
permission denied: 1 Time(s)
The day isn't over yet, but compared to the last few days, that does seem like
a pretty small number of failed dumps.
'cat /var/log/daemon.log | egrep '^Feb 22.*tmp-' | sort -k9' (sorted on
filename to match logwatch's sorting it's lines) prints:
Feb 22 01:57:18 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-18yeqdeUo7: open: permission denied
Feb 22 00:14:54 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-5cVqqTAnb6: open: permission denied
Feb 22 00:25:48 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: permission denied
Feb 22 02:15:07 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied
Feb 22 00:51:46 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-8m09QHZPqR: open: permission denied
Feb 22 01:24:08 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-93yzSn2HVG: open: permission denied
Feb 22 01:42:43 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-fHVyGM1SqQ: open: permission denied
Feb 22 00:57:44 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-fSPdEwQTGO: open: permission denied
Feb 22 01:31:03 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-h28gNDyR7n: open: permission denied
Feb 22 02:23:31 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-jpxayKBERz: open: permission denied
Feb 22 01:48:41 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-KnYb1BM7ho: open: permission denied
Feb 22 01:17:57 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-KQi00ADskK: open: permission denied
Feb 22 02:29:31 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-KvIK8XPZRW: open: permission denied
Feb 22 00:14:26 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-Mvis5kMjqB: open: permission denied
Feb 22 00:38:07 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-n99ZL1tdSc: open: permission denied
Feb 22 01:37:22 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-NB1hVFYTQ3: open: permission denied
Feb 22 02:01:07 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-pPGgsIYF9T: open: permission denied
Feb 22 00:29:50 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-qbxXuXSlvZ: open: permission denied
Feb 22 02:10:34 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-RbEDOfprSt: open: permission denied
Feb 22 01:06:38 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-Tr7TNyn2pB: open: permission denied
Feb 22 01:11:35 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-ucvOB7hKDt: open: permission denied
Feb 22 00:02:30 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-X7frzE1EHg: open: permission denied
Feb 22 00:43:19 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-yhcq7G3STF: open: permission denied
I think the file names are identical. The first and last are, anyway, and wc -l
says they have the same number of lines (24).
And without the sort (effectively sorted on time):
Feb 22 00:02:30 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-X7frzE1EHg: open: permission denied
Feb 22 00:14:26 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-Mvis5kMjqB: open: permission denied
Feb 22 00:14:54 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-5cVqqTAnb6: open: permission denied
Feb 22 00:25:48 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: permission denied
Feb 22 00:29:50 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-qbxXuXSlvZ: open: permission denied
Feb 22 00:38:07 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-n99ZL1tdSc: open: permission denied
Feb 22 00:43:19 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-yhcq7G3STF: open: permission denied
Feb 22 00:51:46 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-8m09QHZPqR: open: permission denied
Feb 22 00:57:44 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-fSPdEwQTGO: open: permission denied
Feb 22 01:06:38 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-Tr7TNyn2pB: open: permission denied
Feb 22 01:11:35 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-ucvOB7hKDt: open: permission denied
Feb 22 01:17:57 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-KQi00ADskK: open: permission denied
Feb 22 01:24:08 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-93yzSn2HVG: open: permission denied
Feb 22 01:31:03 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-h28gNDyR7n: open: permission denied
Feb 22 01:37:22 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-NB1hVFYTQ3: open: permission denied
Feb 22 01:42:43 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-fHVyGM1SqQ: open: permission denied
Feb 22 01:48:41 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-KnYb1BM7ho: open: permission denied
Feb 22 01:57:18 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-18yeqdeUo7: open: permission denied
Feb 22 02:01:07 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-pPGgsIYF9T: open: permission denied
Feb 22 02:10:34 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-RbEDOfprSt: open: permission denied
Feb 22 02:15:07 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied
Feb 22 02:23:31 log named[20061]: dumping master file:
/var/cache/bind/slaves/tmp-jpxayKBERz: open: permission denied
Feb 22 02:29:31 log named[20117]: dumping master file:
/var/cache/bind/slaves/tmp-KvIK8XPZRW: open: permission denied
Am I right? That the problem stopped at 2:30 last night?
If I am, I have a bigger problem: WTF is going on in my server?
And where/why is BIND writing all those files? I don't see any below
/var/cache/bind. And why is BIND trying to dump a master file into the slaves
directory?
--
Glenn English
