Received: (at submit) by bugs.debian.org; 6 Mar 2001 11:08:21 +0000 From jfernandez@sgi.es Tue Mar 06 05:08:21 2001 Return-path: Received: from caronte.gmv.es (caronte) [::ffff:195.235.177.2] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 14aFKG-0005MT-00; Tue, 06 Mar 2001 05:08:20 -0600 Received: by caronte; id MAA05987; Tue, 6 Mar 2001 12:06:50 +0100 (MET) Received: from pegaso.sgi.es(192.168.18.16) by caronte.gmv.es via smap (V5.5) id xma005962; Tue, 6 Mar 01 12:06:22 +0100 Received: from sgi.es (pcjfsp.sgi.es [192.168.18.207]) by sgi.es (8.9.1b+Sun/8.9.1) with ESMTP id MAA14358 for ; Tue, 6 Mar 2001 12:08:58 +0100 (MET) Sender: jfsp@sgi.es Message-ID: <3AA4C671.27C0585B@sgi.es> Date: Tue, 06 Mar 2001 12:13:53 +0100 From: Javier Fernandez-Sanguino =?iso-8859-1?Q?Pe=F1a?= Organization: SGI GMV X-Mailer: Mozilla 4.75 [es] (X11; U; Linux 2.2.17 i686) X-Accept-Language: es, en MIME-Version: 1.0 To: bugs@debian.org Subject: Severed client/server connection when logs are rotated Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Delivered-To: submit@bugs.debian.org Delivered-To: bugs@debian.org Package: nessusd Version: 1.0.6-1 Severity: normal Please be warned, this is unstable's nessusd, compiled in a potato system. However, the problem described could appear in other setups (IMHO in any testing/unstable system). I do frequent scans on multiple hosts (around 10) and I've recently had a lot of problems with scanners being "frozen" after a day of being run. I figured this might be a problem with the nessus server but, alas, I think I have found the problem (but not tested it thoroughly, BTW). Taking a look at my /var/log/nessus/messages files, the scanners seem to run perfectly *until* the log file is rotated. I checked the /etc/logrotate.d/nessusd file and it kills the server in order to move the logs. If a scan is being run at that time then the client cannot communicate with the server (even if it's still running since a SIGHUP was sent), the scanning processes are held and no longer answer and, in order to continue the scans, the server must be restarted and the client must re-login with it. This is my guess of the problem's I've had currently, since it seems it is not a problem of the nessus server itself (I have not seen anyone with a similar in the nessus mailing list), but it is of the Debian package. As evidence of the problem :) I left a scanner running a whole weekend, starting friday, and all went well until friday night, the last output in the message file (friday's) is: [Sat Mar 3 00:38:10 2001][7557] Caught HUP signal - reconfiguring nessusd The following days the message files just have:; [Sat Mar 3 00:38:10 2001][7557] started by uid 0 [Sat Mar 3 00:38:18 2001][7557] closing logfile [Sat Mar 3 00:38:18 2001][7557] started by uid 0 [Sun Mar 4 00:38:15 2001][7557] Caught HUP signal - reconfiguring nessusd [Sun Mar 4 00:38:15 2001][7557] closing logfile When I arrived Monday, the nessus client looked like it could keep on with the tests, but was frozen (not frozen in the sense that it does not acknowledge window movements and keystrokes, but the tests do not proceed on). Could you please confirm this issue and send a note to the mailing list? My quick fix is to just rotate files monthly, and put a note on the README.Debian file regarding this, Could you please send this fix to testing too? Otherwise users of Debian 2.3 might get the impression that the problem is with the nessus server and this will become a FAQ of the nessus-users mailing list :) Thanxs Javi -- System Information Debian Release: 2.2 Kernel Version: Linux pcjfsp 2.2.17 #1 SMP Thu Sep 7 09:30:51 CEST 2000 i686 unknown Versions of the packages nessusd depends on: ii libc6 2.1.97-1 GNU C Library: Shared libraries and Timezone ii libgmp2 2.0.2-6 Multiprecision arithmetic library ii libnasl1 1.0.6-1 Nessus Attack Scripting Language, shared lib ii libnessus1 1.0.6-1 Nessus shared libraries ii libpcap0 0.4a6-3 System interface for user-level packet captu ii libwrap0 7.6-4 Wietse Venema's TCP wrappers library ii nessus-plugins 1.0.6-1 Nessus plugins ii zlib1g 1.1.3-5 compression library - runtime ^^^ (Provides virtual package libz1)