View previous topic :: View next topic |
Author |
Message |
vivi131313 Tux's lil' helper
Joined: 11 May 2004 Posts: 108 Location: Folsom, CA
|
Posted: Fri Mar 25, 2011 3:30 am Post subject: [SOLVED]swatch/tail "/bin/tail: inotify resouces exhaus |
|
|
EDIT: Updating the file mentioned by Ant P in /proc/sys/fs/inotify/ things seems to be running.
After watching some Chinese and Philippino IP's try to brute force my root password through my open ssh port, I decided I needed to tighten up the security on my gentoo server(Don't want someone messing up my minecraft server ).
I started with a swatch/iptables tutorial that I found in the gentoo wiki. After learning a bit more about both of these tools and examining some other tuturials, I got a working setup running early this morning, which has already successfully blocked 2 IP addresses.
Anyway, on to the problem I'm hitting.
The original tutorial was using the code below for /etc/init.d/swatch(Found here http://en.gentoo-wiki.com/wiki/Swatch)
Code: |
#!/sbin/runscript
# maat'092007
depend() {
use net
}
start() {
ebegin "Starting swatch"
start-stop-daemon --start --make-pidfile --pidfile /var/run/swatch.pid --background --exec /usr/bin/swatch -- --config-file=/etc/swatch.conf --pid-file=/var/run/swatch.pid
eend $?
}
stop() {
ebegin "Stopping swatch"
start-stop-daemon --stop --name perl5.8.8 --user root
start-stop-daemon --stop --pidfile /var/run/swatch.pid --user root
eend $?
}
|
but it wasn't working particularly well, especially when killing the process. Swatch was successfully loading though.
After that I found this tutorial(http://www.gentoo-wiki.info/SSH/Swatch)
Code: |
#!/sbin/runscript
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
opts="${opts} reload"
depend() {
after logger
}
start() {
ebegin "Starting Swatch"
if [ ! -d ${SWATCH_SCRIPTDIR} ]; then
mkdir ${SWATCH_SCRIPTDIR}
fi
swatch --script-dir=${SWATCH_SCRIPTDIR} \
--tail-file=${SWATCH_TAILFILE} \
--config-file=/etc/swatch.conf \
--pid-file=/var/run/swatch.pid \
--tail-args="${SWATCH_TAILARGS}" \
--daemon \
>> /var/log/swatch.log \
2>> /var/log/swatch-err.log
eend $?
}
stop() {
ebegin "Stopping Swatch"
kill `cat /var/run/swatch.pid`
eend $?
}
restart() {
svc_stop
sleep 2
svc_start
}
reload() {
# Doesn't work !!! The signal must be sent to the monitor process, not to the script itself !
kill -HUP `cat /var/run/swatch.pid`
} |
I tweaked this slightly to get to my final setup:
/etc/init.d/swatch
Code: |
#!/sbin/runscript
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
depend() {
use net
after logger
}
start() {
ebegin "Starting Swatch"
if [ ! -d ${SWATCH_SCRIPTDIR} ]; then
mkdir ${SWATCH_SCRIPTDIR}
fi
swatch --script-dir=${SWATCH_SCRIPTDIR} \
--tail-file=${SWATCH_TAILFILE} \
--config-file=/etc/swatch/swatch.conf \
--pid-file=/var/run/swatch.pid \
--tail-args="${SWATCH_TAILARGS}" \
--daemon \
>> /var/log/swatch.log \
2>> /var/log/swatch-err.log
eend $?
}
stop() {
ebegin "Stopping Swatch"
kill `cat /var/run/swatch.pid`
eend $?
}
restart() {
svc_stop
sleep 2
svc_start
}
|
For reference here is my /etc/conf.d/swatch:
Code: |
# Config file for /etc/init.d/swatch
# Location for temporary script generation
SWATCH_SCRIPTDIR="/var/tmp/swatch"
# File to monitor
SWATCH_TAILFILE="/var/log/messages"
# Tail arguments
SWATCH_TAILARGS="--follow=name -n 0"
|
So finally, when I run /etc/init.d/swatch start, it seems to start correctly, but the output in the log file is this:
Quote: |
/bin/tail: inotify resources exhausted
/bin/tail: inotify cannot be used, reverting to polling |
Once I saw this I decided to try to "tailf /var/log/messages", which dumped the last dozen lines of the log and then dumped the same messages as above.
Anyone familiar with this type of situation?
Thanks in advance.
TJ _________________ Now I make the stuff you get pissed off at.
Last edited by vivi131313 on Sun Mar 27, 2011 3:20 am; edited 2 times in total |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Mar 26, 2011 1:46 am Post subject: |
|
|
Run ssh on a non-default port. The number of login attempts I've seen in 7-8 years is zero. |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Sat Mar 26, 2011 1:57 am Post subject: |
|
|
or go with SSH keys, deny interactive logon
number of login attempts I've cared about in 7-8 years is 0^2 _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
vivi131313 Tux's lil' helper
Joined: 11 May 2004 Posts: 108 Location: Folsom, CA
|
Posted: Sat Mar 26, 2011 6:12 am Post subject: |
|
|
yes, I know either of those options would work, but now that I'm trying this method, I want to see it functional.
The whole tail inotify message just seems weird. _________________ Now I make the stuff you get pissed off at. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Mar 26, 2011 3:45 pm Post subject: |
|
|
Increase the values in /proc/sys/fs/inotify/ . |
|
Back to top |
|
|
vivi131313 Tux's lil' helper
Joined: 11 May 2004 Posts: 108 Location: Folsom, CA
|
Posted: Sun Mar 27, 2011 3:18 am Post subject: |
|
|
Weird stuff:
Code: | user@sompname ~ $ grep [0-9] /proc/sys/fs/inotify/*
/proc/sys/fs/inotify/max_queued_events:16384
/proc/sys/fs/inotify/max_user_instances:128
/proc/sys/fs/inotify/max_user_watches:8192 |
I tried writing to these files(just adding a 0 to each to see if it would fix the issue) and received an error writing to each file.
But after closing vim and reopening the files they had the updates.
tailf on /var/log/messages confirmed the issue was fixed.
I then tried singling out one of these as the variable I needed to adjust, but even after changing the numbers back, the tail still worked.
Then I rebooted, same issue came back. This time only complaining about simultaneous watches.
So I updated max_user_watched ad now I'm rebooting to see if the fix holds.
Well seems to be running at least, I guess I'll see if any new IP's are adding to my iptables.
Thanks! _________________ Now I make the stuff you get pissed off at. |
|
Back to top |
|
|
|