In one of our Centos server, i can't restart httpd.
Error :
[root@localhost ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
In nmap i can see port 80 is opened by httpd. I tried to kill the process and httpd but it failed
[root@localhost ~]# netstat -ltnp | grep ':80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1016/nginx
[root@localhost ~]# ps -wlp1016
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
5 S 99 1016 1 0 80 0 - 5497 ep_pol ? 00:00:00 nginx
[root@localhost ~]# fuser -k -n tcp 80
80/tcp: 1016 1017 1018 1019
[root@localhost ~]# netstat -ltnp | grep ':80'
[root@localhost ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
[root@localhost ~]#
Now i can start httpd in that server, later i noticed that in crontab
[root@localhost html]# crontab -l
3,18,33,48 * * * * killall -6 nginx httpd; sleep 1; /usr/local/nginx/sbin/nginx
[root@localhost html]#
I removed that entry and seems fine. Its like an attack from outside.
Error :
[root@localhost ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
In nmap i can see port 80 is opened by httpd. I tried to kill the process and httpd but it failed
[root@localhost ~]# netstat -ltnp | grep ':80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1016/nginx
[root@localhost ~]# ps -wlp1016
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
5 S 99 1016 1 0 80 0 - 5497 ep_pol ? 00:00:00 nginx
[root@localhost ~]# fuser -k -n tcp 80
80/tcp: 1016 1017 1018 1019
[root@localhost ~]# netstat -ltnp | grep ':80'
[root@localhost ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
[root@localhost ~]#
Now i can start httpd in that server, later i noticed that in crontab
[root@localhost html]# crontab -l
3,18,33,48 * * * * killall -6 nginx httpd; sleep 1; /usr/local/nginx/sbin/nginx
[root@localhost html]#
I removed that entry and seems fine. Its like an attack from outside.