本文讲述了Linux系统中SSH连接受限且ping、telnet正常的问题,原因是审计服务auditbacklog_limit超过限制。解决方法是调整审计规则文件,将backlog_limit值从320增大到8192,然后重启auditd服务。
(1)现象和原因
Linux ssh连接不上,ping、telnet都是通的,输入dmesg -T命令或登录界面均提示audit: backlog limit exceeded。原因是audit服务在繁忙的系统中进行审计事件操作,缓冲区存在瓶颈,导致系统接近崩溃。
(2)解决办法
将backlog_limit值由320修改为8192
vim /etc/audit/rules.d/audit.rules
# This file contains the auditctl rules that are loaded
# whenever the audit daemon is started via the initscripts.
# The rules are simply the parameters that would be passed
# to auditctl.
# First rule - delete all
-D
# Increase the buffers to survive stress events.
# Make this bigger for busy systems
-b 8192
# Feel free to add below this line. See auditctl man page
重启auditd服务,service auditd restart
查看auditd服务状态,service auditd status
查看配置,auditctl -s
enabled 1
flag 1
pid 33662
rate_limit 0
backlog_limit 8192
lost 0
backlog 0
loginuid_immutable 0 unlocked
扫一扫
1223
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
