發現公司內一部主機(ip:172.18.60.39)對外的連線每小時超過了6000多次, log如下:
1 2012-02-14 09:28:23 warning violation 3 172.18.60.39 61.140.3.66 2160/udp 0 0
針對該主機依次作以下處理(然後觀察log是否有異常):
1. 停止到外部抓取RMB匯率的job (有
異常
).
2. shutdown oracle 資料庫 (有
異常
).
3. reboot linux (有
異常
).
4. kill Program name 為 java 的 pid (無
異常
).
判斷為Program name 為 java 的進程導致出現此異常問題, 該進程信息如下:
# netstat -pln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:705 0.0.0.0:* LISTEN 4763/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 4743/portmap tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 8904/xinetd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 4948/cupsd tcp 0 0 :::3052 :::* LISTEN 9151/java tcp 0 0 :::6547 :::* LISTEN 9151/java tcp 0 0 :::22 :::* LISTEN 8889/sshd udp 0 0 0.0.0.0:177 0.0.0.0:* 9254/gdm-binary udp 0 0 0.0.0.0:699 0.0.0.0:* 4763/rpc.statd udp 0 0 0.0.0.0:702 0.0.0.0:* 4763/rpc.statd udp 0 0 0.0.0.0:111 0.0.0.0:* 4743/portmap udp 0 0 0.0.0.0:631 0.0.0.0:* 4948/cupsd udp 0 0 :::9010 :::* 9151/java udp 0 0 :::3052 :::* 9151/java udp 0 0 :::2160 :::* 9151/java Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 8650 4917/acpid /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 14458 9014/cannaserver /var/run/.iroha_unix/IROHA unix 2 [ ACC ] STREAM LISTENING 14462 9002/htt_server /var/run/iiim/.iiimp-unix/9010 unix 2 [ ACC ] STREAM LISTENING 14705 9103/dbus-daemon-1 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 14628 9065/xfs /tmp/.font-unix/fs7100 unix 2 [ ACC ] STREAM LISTENING 16869 9254/gdm-binary /tmp/.gdm_socket unix 2 [ ACC ] STREAM LISTENING 16964 10002/X /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 14203 8914/gpm /dev/gpmctl # ps aux|grep java root 7997 0.0 0.0 4944 644 pts/1 S+ 10:57 0:00 grep java root 9151 0.0 1.5 719136 32504 ? Sl Feb13 0:12 /opt/APC/PowerChute/jre/jre150_13/bin/java -Xrs -cp ./lib/jetty-6.0.0.jar:./lib/jetty-util-6.0.0.jar:./lib/servlet-api-2.5-6.0.0.jar:./lib/m11.jar:./lib/collections.jar:./lib/jsdk.jar:./comp/ds.jar:./comp/AAOL.jar:./comp/CommandFileRunner.jar:./comp/EventLogger.jar:./comp/Notifier.jar:./comp/Omaha.jar:./comp/PowerSourceAggregator.jar:./comp/PSAggregator.jar:./comp/RunTimeVerifier.jar:./comp/Shutdowner.jar:./comp/StdPowerSource.jar:./comp/ps/StdPowerSource.jar:./comp/shutdownerlets/OSshutdownerlet.jar:./comp/PacketRepeater.jar:./comp/WebServer.jar: com.apcc.m11.arch.application.Application