Bug 190528 - httpd being knocked silly by logrotate HUP attack
httpd being knocked silly by logrotate HUP attack
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: httpd (Show other bugs)
4.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Joe Orton
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-03 05:57 EDT by Nigel Metheringham
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-03 07:41:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nigel Metheringham 2006-05-03 05:57:05 EDT
Description of problem:

httpd with mod_perl sometimes goes faulty overnight - mod_perl handled
requests are met with errors - error log contains
  failed to resolve handler `Apache::Registry':
   Can't locate Apache/Registry.pm in @INC

This appears to be related to the server being HUPed - in particular
when it is HUPed several times in succession.

The logrotate script /etc/logrotate.d/httpd
causes a HUP to be sent for each log file rotated, which is excessive.

I have modified this script to only send one restart request, and changed that
to a graceful restart:-

  /var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    lastaction
        /sbin/service httpd graceful >/dev/null 2>&1 || true
    endscript
  }

which seems better.  There is still an issue as to why the mod_perl component is
going wonky, however this looks like it will assuage the problem.

This should also apply to Fedora - same problem has been seen on FC3 although
less frequently.

Version:  httpd-2.0.52-19
Comment 1 Joe Orton 2006-05-03 06:06:04 EDT
Thanks for the report.

The "sharedscripts" option in the logrotate config is defined to make the
"postrotate" action only run once, not per-log, so it should effectively be the
same as the lastaction script.  If this is not happening that it sounds like a
logrotate issue.  Do you have an error_log snapshot which shows the multiple HUPs?
Comment 2 Nigel Metheringham 2006-05-03 06:40:33 EDT
Looks like a misdiagnosis from my point of view here...

The problem is intermittant and I have jumped to a conclusion as to the cause. 
Looking back at the logs I am not seeing multiple restart attempts.  So it looks
like this is hitting me at some point after the server is started, apparently
related to HUPs (I can bring on the mod_perl problem by HUPing the server a few
times).

Suggest closing this as "reporter is an idiot" and if I can get a definite bug
as to why the server is going strange on me I'll open a more accurate bug.
Comment 3 Joe Orton 2006-05-03 07:41:34 EDT
OK, thanks.  Marking as "WORKSFORME" for the time being, please do open a new
bug if you get new information

Note You need to log in before you can comment on or make changes to this bug.