Core Dump Files – Linux Core Dump Files, core.xxx files quararantined

Home Forums BulletProof Security Pro Core Dump Files – Linux Core Dump Files, core.xxx files quararantined

This topic contains 4 replies, has 2 voices, and was last updated by  AITpro Admin 2 years, 3 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #22661

    AITpro Admin
    Keymaster

    core.xxx files are being quarantined.  Linux Core Dump files are being dumped/created into the the document root folder of a hosting account and being quarantined by AutoRestore|Quarantine.  Linux Core Dump files are used for debugging and may indicate that a serious problem is occurring that needs to be fixed or depending on how the Linux server is configured the Core Dump files may just be configured as a “regular” “normal” routine/event.

    Linux Core Dump File References:
    https://linux.die.net/man/5/core
    https://stackoverflow.com/questions/775872/why-are-core-dump-files-generated
    https://en.wikipedia.org/wiki/Core_dump#Core_dump_files

    Linux Core Dump File Solution:  Have your web host change the folder location where linux core dump files are created.
    https://stackoverflow.com/questions/16048101/changing-location-of-core-dump

    Yes, it is. You can change /proc/sys/kernel/core_pattern to define the pathname used to generate the corefile. For more, see man core

    example:

    echo '/tmp/core_%e.%p' | sudo tee /proc/sys/kernel/core_pattern
    

    would cause all future core dumps to be generated in /tmp and be named core_[program].[pid]

    Screenshot:
    linux core dump files quarantine

    #28301

    Paul
    Participant

    This is what i,m getting at time of quarantine of above

    [403 GET Request: February 25, 2016 7:17 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 92.50.213.169
    Host Name: 92.50.213.169
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 109.203.113.174
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/events-manager/em-actions.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.700.3 Safari/534.24
    #28303

    AITpro Admin
    Keymaster

    @ Paul – please explain whatever problem is occurring in more detail.  ie is a file being quarantined?  If so, is the file being repeatedly quarantined?  What is the name of the file?  Please post any other details about what the problem is exactly so that will assist me to troubleshoot whatever the problem is.

    #28307

    Paul
    Participant

    The files core.338798, core.338276 and many other core files keep getting quarantined, the log above coincided with them being quarantined

    #28315

    AITpro Admin
    Keymaster

    Ok I understand now.  The core dump file problem is the root problem that you will need to contact your host about to get fixed.  You can send this forum link to your host as a reference so that they understand exactly what the issue/problem is.  A secondary problem that may or may not be occurring is that the /events-manager/em-actions.php has a coding mistake in it, which may be triggering the core dump file problem.  Or it may just be a random coincidence that the Security Log entry is being logged around the same time the core dump file problem occurrs.  Once again the root problem is the core dump file problem that you will need to contact your host about to get that issue/problem fixed.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.