This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Out of inodes!!!!

2 posts / 0 new

Topic locked

Last post

#1 Wed, 04/11/2012 - 03:19

irmaiden

Out of inodes!!!!

Hello and forgive me i am newbie in whole server-linux-VPS thing. (Also forgive me for my english)

So my problem is that i notice i run out of inodes at my VPS. I didnt had much time to see whats going on and i was postponing the problem by increasing the harddrive partition. Now i am out of hard disk space. I runned a command and notice that /root/Maildir/new was using 877456 inodes!!!! That were all email alerts that system was sending to root email. (i guess)

here is an example of an e-mail.\

Time: Wed Apr 11 03:01:20 2012 -0400 PID: 19573 Account: dovecot Uptime: 72196 seconds

Executable:

/usr/libexec/dovecot/pop3-login

Command Line (often faked in exploits):

pop3-login

Network connections by the process (if any):

tcp6: 0.0.0.0:110 -> 0.0.0.0:0 tcp6: 0.0.0.0:995 -> 0.0.0.0:0

Files open by the process (if any):

/dev/urandom

Memory maps by the process (if any):

08048000-08068000 r-xp 00000000 ca:00 49634 /usr/libexec/dovecot/pop3-login 08068000-08069000 rw-p 0001f000 ca:00 49634 /usr/libexec/dovecot/pop3-login 09d68000-09d89000 rw-p 00000000 00:00 0 [heap] b72c5000-b72c7000 rw-p 00000000 00:00 0 b72c7000-b7302000 r-xp 00000000 ca:00 16579 /lib/libsepol.so.1 b7302000-b7303000 rw-p 0003b000 ca:00 16579 /lib/libsepol.so.1 b7303000-b730d000 rw-p 00000000 00:00 0 b730d000-b7323000 r-xp 00000000 ca:00 85346 /lib/libselinux.so.1 b7323000-b7325000 rw-p 00015000 ca:00 85346 /lib/libselinux.so.1 b7325000-b7327000 r-xp 00000000 ca:00 16557 /lib/libkeyutils-1.2.so b7327000-b7328000 rw-p 00001000 ca:00 16557 /lib/libkeyutils-1.2.so b7328000-b7330000 r-xp 00000000 ca:00 64945 /usr/lib/libkrb5support.so.0.1 b7330000-b7331000 rw-p 00007000 ca:00 64945 /usr/lib/libkrb5support.so.0.1 b7331000-b7342000 r-xp 00000000 ca:00 1172619 /lib/libresolv-2.5.so b7342000-b7343000 r--p 00010000 ca:00 1172619 /lib/libresolv-2.5.so b7343000-b7344000 rw-p 00011000 ca:00 1172619 /lib/libresolv-2.5.so b7344000-b7347000 rw-p 00000000 00:00 0 b7347000-b736d000 r-xp 00000000 ca:00 63757 /usr/lib/libk5crypto.so.3.1 b736d000-b736e000 rw-p 00025000 ca:00 63757 /usr/lib/libk5crypto.so.3.1 b736e000-b7370000 r-xp 00000000 ca:00 16395 /lib/libcom_err.so.2.1 b7370000-b7371000 rw-p 00001000 ca:00 16395 /lib/libcom_err.so.2.1 b7371000-b7405000 r-xp 00000000 ca:00 64893 /usr/lib/libkrb5.so.3.3 b7405000-b7408000 rw-p 00093000 ca:00 64893 /usr/lib/libkrb5.so.3.3 b7408000-b7434000 r-xp 00000000 ca:00 63753 /usr/lib/libgssapi_krb5.so.2.2 b7434000-b7435000 rw-p 0002c000 ca:00 63753 /usr/lib/libgssapi_krb5.so.2.2 b7435000-b7587000 r-xp 00000000 ca:00 155806 /lib/libc-2.5.so b7587000-b7588000 ---p 00152000 ca:00 155806 /lib/libc-2.5.so b7588000-b758a000 r--p 00152000 ca:00 155806 /lib/libc-2.5.so b758a000-b758b000 rw-p 00154000 ca:00 155806 /lib/libc-2.5.so b758b000-b758e000 rw-p 00000000 00:00 0 b758e000-b75a0000 r-xp 00000000 ca:00 262154 /lib/libz.so.1.2.3 b75a0000-b75a1000 rw-p 00011000 ca:00 262154 /lib/libz.so.1.2.3 b75a1000-b75a2000 rw-p 00000000 00:00 0 b75a2000-b75a5000 r-xp 00000000 ca:00 1172599 /lib/libdl-2.5.so b75a5000-b75a6000 r--p 00002000 ca:00 1172599 /lib/libdl-2.5.so b75a6000-b75a7000 rw-p 00003000 ca:00 1172599 /lib/libdl-2.5.so b75a7000-b76d1000 r-xp 00000000 ca:00 1172558 /lib/libcrypto.so.0.9.8e b76d1000-b76e5000 rw-p 00129000 ca:00 1172558 /lib/libcrypto.so.0.9.8e b76e5000-b76e8000 rw-p 00000000 00:00 0 b76e8000-b772c000 r-xp 00000000 ca:00 1172560 /lib/libssl.so.0.9.8e b772c000-b7730000 rw-p 00043000 ca:00 1172560 /lib/libssl.so.0.9.8e b7736000-b7737000 rw-p 00000000 00:00 0 b7737000-b7752000 r-xp 00000000 ca:00 1172591 /lib/ld-2.5.so b7752000-b7753000 r--p 0001a000 ca:00 1172591 /lib/ld-2.5.so b7753000-b7754000 rw-p 0001b000 ca:00 1172591 /lib/ld-2.5.so bf834000-bf855000 rw-p 00000000 00:00 0 [stack]

f57fe000-f57ff000 r-xp 00000000 00:00 0 [vdso]

I made an alias for root email and i was getting like 2000e-mails per 24h. So i got 2 questions... 1) How do i stop those alerts or where can i controll them 2) Can i safely delete all files inside root/Maildir/new? If yes can you please write me down the exact syntax to delete them without entering that directory( icant anyway there is a huge number of alerts inside there)

Thanks again!

P.S i am running out of inodes again in a couple of days i wont be able to even login my virtualmin panel!

#2 Wed, 04/11/2012 - 09:22

andreychek

Howdy,

How do i stop those alerts or where can i controll them

Hmm, well, the emails that you're seeing don't occur by default... do you know if you had installed some sort of system monitoring tool?

A few quick Google searches on some of the email contents that you're getting suggest those may be sent by the CSF tool -- does that sound familiar? I haven't used CSF before, so I unfortunately don't know how to turn those off, though I'm sure they're configurable.

Can i safely delete all files inside root/Maildir/new?

Sure! First, it sounds like you may have done this already -- but my recommendation would be to have root's email go to another user, perhaps yourself, so that you'll always see them. You can setup an alias in /etc/aliases, where you can specify what email address should get the root user's email.

Now, as for deleting those emails -- once you have an email alias setup for root, you no longer need the /root/Maildir directory.

So what I would do is 'cd' into /root, and then remove the Maildir directory (and all of it's contents) using "rm -rf Maildir" (remember, that's typed from within the "/root" directory.

-Eric

Topic locked