在检查Linux的日志文件时,发现大量 avahi-daemon[3733]: Invalid query packet错误(不同服务器对应的数字有所不同)
Aug 3 07:00:01 hostname auditd[3143]: Audit daemon rotating log files
Aug 3 08:02:39 hostname avahi-daemon[3733]: Invalid query packet.
Aug 3 08:03:19 hostname last message repeated 7 times
Aug 3 08:29:24 hostname avahi-daemon[3733]: Invalid query packet.
Aug 3 08:32:34 hostname last message repeated 9 times
Aug 3 08:35:19 hostname last message repeated 9 times
Aug 3 08:44:45 hostname last message repeated 9 times
Aug 3 08:45:50 hostname last message repeated 9 times
Aug 3 08:47:05 hostname last message repeated 34 times
Aug 3 08:48:06 hostname last message repeated 14 times
Aug 3 09:18:35 hostname avahi-daemon[3733]: Invalid query packet.
Aug 3 09:49:22 hostname last message repeated 8 times
Aug 3 10:04:32 hostname last message repeated 11 times
Aug 3 11:52:49 hostname last message repeated 8 times
Aug 3 11:55:38 hostname last message repeated 8 times
Aug 3 13:13:15 hostname last message repeated 8 times
Aug 3 13:18:26 hostname last message repeated 8 times
Aug 3 13:50:10 hostname last message repeated 7 times
Aug 3 13:58:21 hostname last message repeated 24 times
Aug 3 14:29:48 hostname last message repeated 20 times
Aug 3 14:35:45 hostname last message repeated 8 times
Aug 3 14:36:49 hostname last message repeated 14 times
Aug 3 14:48:23 hostname last message repeated 9 times
Aug 3 16:02:28 hostname last message repeated 6 times
Aug 3 16:03:30 hostname last message repeated 10 times
Aug 3 16:06:30 hostname last message repeated 14 times
Aug 3 16:20:00 hostname last message repeated 8 times
avahi-daemon是一种Linux操作系统上运行在客户机上实施查找基于网络的 Zeroconf service的服务守护进程。 该服务可以为Zeroconf网络实现DNS服务发现及DNS组播规范。 用户程序通过Linux D-Bus信息传递接收发现到网络服务和资源的通知。该守护进程配合缓存用户程序的答复,以帮助减少因答复而产生的网络流量。
网上搜索到一些资料显示说这个是一个bug来的(请见参考资料),我检查了手头上所有RHEL 5.7版本的Linux服务器,几乎都有上面错误信息。网上有网友建议:除非你有兼容的设备或使用 zeroconf 协议的服务,否则应该关闭它。
[root@DB-Server log]# service avahi-daemon status
Avahi daemon is running
[root@DB-Server log]# service avahi-daemon stop
Shutting down Avahi daemon: [ OK ]
[root@DB-Server log]# chkconfig --list |grep avahi-daemon
avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
[root@DB-Server log]# chkconfig avahi-daemon off
[root@DB-Server log]# chkconfig --list |grep avahi-daemon
avahi-daemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@DB-Server log]#
另外,在rhel5-guide-i731.pdf文档里面,也建议关闭此服务:如果可以话,尽量禁用Avahi服务。因为这样可以减少网络攻击。如下所示:
3.7.1 Disable Avahi Server if Possible
Because the Avahi daemon service keeps an open network port, it is subject to network attacks. Disabling it is
particularly important to reduce the system's vulnerability to such attacks.
3.7.1.1 Disable Avahi Server Software
Issue the command:
# chkconfig avahi-daemon off
3.7.1.2 Remove Avahi Server iptables Firewall Exception
Edit the files /etc/sysconfig/iptables and /etc/sysconfig/ip6tables (if IPv6 is in use). In each file, locate and delete the line:
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
By default, inbound connections to Avahi’s port are allowed. If the Avahi server is not being used, this exception
should be removed from the firewall configuration. See Section 2.5.5 for more information about the Iptables firewall.
