Core Dump Files – Linux Core Dump Files, core.xxx files quararantined

Home Forums BulletProof Security Pro Core Dump Files – Linux Core Dump Files, core.xxx files quararantined

Tagged: , , , ,

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • May 13, 2015 at 7:24 am #22661
    AITpro Admin
    Keymaster

    core.xxx files are being quarantined.  Linux Core Dump files are being dumped/created into the the document root folder of a hosting account and being quarantined by AutoRestore|Quarantine.  Linux Core Dump files are used for debugging and may indicate that a serious problem is occurring that needs to be fixed or depending on how the Linux server is configured the Core Dump files may just be configured as a “regular” “normal” routine/event.

    Linux Core Dump File References:
    https://linux.die.net/man/5/core
    https://stackoverflow.com/questions/775872/why-are-core-dump-files-generated
    https://en.wikipedia.org/wiki/Core_dump#Core_dump_files

    Linux Core Dump File Solution:  Have your web host change the folder location where linux core dump files are created.
    https://stackoverflow.com/questions/16048101/changing-location-of-core-dump

    Yes, it is. You can change /proc/sys/kernel/core_pattern to define the pathname used to generate the corefile. For more, see man core

    example:

    echo '/tmp/core_%e.%p' | sudo tee /proc/sys/kernel/core_pattern

    would cause all future core dumps to be generated in /tmp and be named core_[program].[pid]

    Screenshot:
    linux core dump files quarantine

    February 25, 2016 at 12:02 pm #28301
    Paul
    Participant

    This is what i,m getting at time of quarantine of above

    [403 GET Request: February 25, 2016 7:17 pm]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 92.50.213.169
Host Name: 92.50.213.169
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 109.203.113.174
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/events-manager/em-actions.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.700.3 Safari/534.24
    February 25, 2016 at 1:05 pm #28303
    AITpro Admin
    Keymaster

    @ Paul – please explain whatever problem is occurring in more detail.  ie is a file being quarantined?  If so, is the file being repeatedly quarantined?  What is the name of the file?  Please post any other details about what the problem is exactly so that will assist me to troubleshoot whatever the problem is.

    February 26, 2016 at 1:13 am #28307
    Paul
    Participant

    The files core.338798, core.338276 and many other core files keep getting quarantined, the log above coincided with them being quarantined

    February 26, 2016 at 8:42 am #28315
    AITpro Admin
    Keymaster

    Ok I understand now.  The core dump file problem is the root problem that you will need to contact your host about to get fixed.  You can send this forum link to your host as a reference so that they understand exactly what the issue/problem is.  A secondary problem that may or may not be occurring is that the /events-manager/em-actions.php has a coding mistake in it, which may be triggering the core dump file problem.  Or it may just be a random coincidence that the Security Log entry is being logged around the same time the core dump file problem occurrs.  Once again the root problem is the core dump file problem that you will need to contact your host about to get that issue/problem fixed.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.