[grsec] Cracking attempt?

Marc Schiffbauer marc at schiffbauer.net
Tue Nov 15 10:45:04 EST 2011


Hi all,

last night i discovered following logs on one of my servers.

What do you think, is this a cracking attempt?

Nov 15 02:24:39 vesta kernel: PAX: execution attempt in: (null), 00000000-00000000 00000000
Nov 15 02:24:39 vesta kernel: PAX: terminating task: /usr/bin/php5-cgi(php5-cgi):11354, uid/euid: 1022/1022, PC: 00000000e8e487b0, SP: 00000000f492617c
Nov 15 02:24:39 vesta kernel: PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Nov 15 02:24:39 vesta kernel: PAX: bytes at SP-8: e9b71538e97b4f8c 00000009e97ecf85 e98d82ff00000001 f49261d000000161 0859d850e9ebc87b e98d82ffe98e8124 f49261c808552b60 00000009e985ce3d e98d82ff00000001 e98e812400000161 f49261e80859ff00
Nov 15 02:24:39 vesta kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /srv/chroots/www/usr/bin/php5-cgi[php5-cgi:11354] uid/euid:1022/1022 gid/egid:103/103, parent /srv/chroots/www/usr/bin/php5-cgi[php5-cgi:11348] uid/euid:1022/1022 gid/egid:103/103

This happened 9 times (9 different pids)

TIA
-Marc
-- 
8AAC 5F46 83B4 DB70 8317  3723 296C 6CCA 35A6 4134
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://grsecurity.net/pipermail/grsecurity/attachments/20111115/bac6e760/attachment.pgp>


More information about the grsecurity mailing list