在檢查Linux的日志文件時,發現大量 avahi-daemon[3733]: Invalid query packet錯誤(不同服務器對應的數字有所不同)
Aug 3 07:00:01 hostname auditd[3143]: Audit daemon rotating log files
Aug 3 08:02:39 hostname avahi-daemon[3733]: Invalid query packet.
Aug 3 08:03:19 hostname last message repeated 7 times
Aug 3 08:29:24 hostname avahi-daemon[3733]: Invalid query packet.
Aug 3 08:32:34 hostname last message repeated 9 times
Aug 3 08:35:19 hostname last message repeated 9 times
Aug 3 08:44:45 hostname last message repeated 9 times
Aug 3 08:45:50 hostname last message repeated 9 times
Aug 3 08:47:05 hostname last message repeated 34 times
Aug 3 08:48:06 hostname last message repeated 14 times
Aug 3 09:18:35 hostname avahi-daemon[3733]: Invalid query packet.
Aug 3 09:49:22 hostname last message repeated 8 times
Aug 3 10:04:32 hostname last message repeated 11 times
Aug 3 11:52:49 hostname last message repeated 8 times
Aug 3 11:55:38 hostname last message repeated 8 times
Aug 3 13:13:15 hostname last message repeated 8 times
Aug 3 13:18:26 hostname last message repeated 8 times
Aug 3 13:50:10 hostname last message repeated 7 times
Aug 3 13:58:21 hostname last message repeated 24 times
Aug 3 14:29:48 hostname last message repeated 20 times
Aug 3 14:35:45 hostname last message repeated 8 times
Aug 3 14:36:49 hostname last message repeated 14 times
Aug 3 14:48:23 hostname last message repeated 9 times
Aug 3 16:02:28 hostname last message repeated 6 times
Aug 3 16:03:30 hostname last message repeated 10 times
Aug 3 16:06:30 hostname last message repeated 14 times
Aug 3 16:20:00 hostname last message repeated 8 times
avahi-daemon是一種Linux操作系統上運行在客戶機上實施查找基於網絡的Zeroconf service的服務守護進程。 該服務可以為Zeroconf網絡實現DNS服務發現及DNS組播規范。 用戶程序通過Linux D-Bus信息傳遞接收發現到網絡服務和資源的通知。該守護進程配合緩存用戶程序的答復,以幫助減少因答復而產生的網絡流量。
網上搜索到一些資料顯示說這個是一個bug來的(請見參考資料),我檢查了手頭上所有RHEL 5.7版本的Linux服務器,幾乎都有上面錯誤信息。網上有網友建議:除非你有兼容的設備或使用 zeroconf 協議的服務,否則應該關閉它。
[root@DB-Server log]# service avahi-daemon status
Avahi daemon is running
[root@DB-Server log]# service avahi-daemon stop
Shutting down Avahi daemon: [ OK ]
[root@DB-Server log]# chkconfig --list |grep avahi-daemon
avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
[root@DB-Server log]# chkconfig avahi-daemon off
[root@DB-Server log]# chkconfig --list |grep avahi-daemon
avahi-daemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@DB-Server log]#
另外,在rhel5-guide-i731.pdf文檔里面,也建議關閉此服務:如果可以話,盡量禁用Avahi服務。因為這樣可以減少網絡攻擊。如下所示:
3.7.1 Disable Avahi Server if Possible
Because the Avahi daemon service keeps an open network port, it is subject to network attacks. Disabling it is
particularly important to reduce the system's vulnerability to such attacks.
3.7.1.1 Disable Avahi Server Software
Issue the command:
# chkconfig avahi-daemon off
3.7.1.2 Remove Avahi Server iptables Firewall Exception
Edit the files /etc/sysconfig/iptables and /etc/sysconfig/ip6tables (if IPv6 is in use). In each file, locate and delete the line:
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
By default, inbound connections to Avahi’s port are allowed. If the Avahi server is not being used, this exception
should be removed from the firewall configuration. See Section 2.5.5 for more information about the Iptables firewall.
參考資料:
http://blog.csdn.net/zhaojian1988/article/details/9214673