Selasa, 30 September 2025

VM ZIMBRA DI-STOP OLEH OOM KILLER AKIBAT SERANGAN SSH BRUTEFORCE PADA PROXMOX HYPERVISOR

cek di log proxmox :

 root@core01:~# journalctl --since "2025-09-29 23:30:00" --until "2025-09-30 00:00:00"

fokus pada output ini :

Sep 28 22:37:43 core01 kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=ssh.service,mems_allowed=0-1,global_oom,task_memcg=/qemu.slice/136.scope,task=kvm,pid=1540008,uid>

Sep 28 22:37:43 core01 kernel: Out of memory: Killed process 1540008 (kvm) total-vm:18661612kB, anon-rss:13816172kB, file-rss:8320kB, shmem-rss:0kB, UID:0 pgtables:28972kB oom_score_adj:0

Sep 28 22:37:43 core01 kernel: usb 3-4: reset SuperSpeed USB device number 2 using xhci_hcd

Sep 28 22:37:43 core01 systemd[1]: 136.scope: A process of this unit has been killed by the OOM killer.

Sep 28 22:37:01 core01 sshd[1552362]: Failed password for invalid user guest from 94.156.115.107 port 38216 ssh2

Sep 28 22:37:43 core01 systemd[1]: 136.scope: Failed with result 'oom-kill'.

Sep 28 22:37:02 core01 sshd[1552299]: Connection closed by invalid user guest 147.45.193.115 port 58712 [preauth]

Sep 28 22:37:43 core01 systemd[1]: 136.scope: Consumed 39min 8.931s CPU time.

Sep 28 22:37:02 core01 sshd[1552348]: Connection closed by authenticating user root 147.45.193.115 port 59564 [preauth]

Sep 28 22:37:02 core01 sshd[1552351]: Connection closed by invalid user wang 94.156.115.107 port 50072 [preauth]

Sep 28 22:37:03 core01 sshd[1552362]: Connection closed by invalid user guest 94.156.115.107 port 38216 [preauth]

Sep 28 22:37:05 core01 sshd[1552374]: Invalid user www from 94.156.115.107 port 50076

Sep 28 22:37:05 core01 sshd[1552379]: Invalid user sonar from 147.45.193.115 port 59568


RINGKASAN KEJADIAN:

Tanggal/Waktu: 28 September 2025, 22:37:43
Lokasi: Proxmox Host (core01)
VM Terdampak: VM 136 (Zimbra Mail Server)
Penyebab Langsung: OOM (Out Of Memory) Killer
Akar Masalah: Serangan SSH Bruteforce dari Internet

Indikator "STOP":

  1. Kata kunci: "Killed process", "oom-kill"

  2. Tidak ada log shutdown sequence

  3. Process dibunuh paksa oleh kernel

  4. Result: 'oom-kill' (bukan 'success' atau 'exit-code')

KESIMPULAN UNTUK CATATAN:

Status: DI-STOP (forced stop)
Penyebab: OOM Killer
Mekanisme: Process dibunuh paksa oleh kernel Linux
Dampak: Services terputus tiba-tiba, risk data corruption

di
Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)

Migrasi vm dari proxmox ke vmware

 1. Backup vm pada proxmox -> compresion nya pilih none aja -> nanti akan menghasilkan file dengan format vma 2. Exract hasil backup n...