The squid service keeps crushing and below is the message seen when i run service “status”, could anyone please tell me what the problem could be?
See below my Linux OS version:
# cat /etc/os-release
NAME=”Linux Mint”
VERSION=”21.1 (Vera)”
ID=linuxmint
ID_LIKE=”ubuntu debian”
PRETTY_NAME=”Linux Mint 21.1″
VERSION_ID=”21.1″
HOME_URL=”https://www.linuxmint.com/”
SUPPORT_URL=”https://forums.linuxmint.com/”
BUG_REPORT_URL=”http://linuxmint-troubleshooting-guide.readthedocs.io/en/latest/”
PRIVACY_POLICY_URL=”https://www.linuxmint.com/”
VERSION_CODENAME=vera
UBUNTU_CODENAME=jammy
And the sample error message when i check “service squid status”:
# service squid status
× squid.service – Squid Web Proxy Server
Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2023-02-24 19:20:53 CAT; 2 days ago
Docs: man:squid(8)
Process: 671188 ExecStartPre=/usr/sbin/squid –foreground -z (code=exited, status=0/SUCCESS)
Process: 671191 ExecStart=/usr/sbin/squid –foreground -sYC (code=exited, status=1/FAILURE)
Main PID: 671191 (code=exited, status=1/FAILURE)
CPU: 2min 15.674s
squid[671191]: Squid Parent: squid-1 process 672979 exited with status 1
squid[671191]: Squid Parent: squid-1 process 672979 will not be restarted for 3600 seconds due to repeated, frequent failures
squid[671191]: Exiting due to repeated, frequent failures
squid[671191]: Removing PID file (/run/squid.pid)
systemd[1]: squid.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: squid.service: Killing process 672981 (pinger) with signal SIGKILL.
systemd[1]: squid.service: Killing process 672981 (pinger) with signal SIGKILL.
systemd[1]: squid.service: Failed with result ‘exit-code’.
systemd[1]: squid.service: Unit process 672981 (pinger) remains running after unit stopped.
systemd[1]: squid.service: Consumed 2min 15.674s CPU time.
Please check the logs and share to see if there is more information about the squid service. You can run the following command as root:
#dmesg
Based on your log messages (“TCP: request_sock_TCP: Possible SYN flooding on port 3128”), it’s obvious that the Squid Web Proxy is under constant DDoS attack. Squid proxy by default runs on port 3128 and it’s clear that the port is being bombarded by “TCP SYN Flood”
“SYN floods” are a form of DDoS attack that attempts to flood a system with requests in order to consume resources and ultimately disable it.
You can prevent SYN flood attacks by installing a firewall on your server.
To activate the firewall on linuxmint, run these commands as root:
1) To check the status of the firewall:
root@yourserver# ufw status verbose
Status: inactive
2) To enable the firewall (make sure you have console access to your server before activating the fw as you might lose SSH connection):
root@yourserver# ufw enable
3) You can optionally install the GUI to manage the firewall:
root@yourserver# apt-get install gufw
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
gufw is already the newest version (22.04.0-0ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 147 not upgraded.
4) Using the GUI, remember to create firewall rules to allow you SSH access to your server from your local network.
Hi Tech Junction, thanks for the quick response, please find below the requested log messages:
[3015458.845878] squid[671764]: segfault at 7fe3e567fcf0 ip 00007fe4e5509fbd sp 00007ffc8fde8290 error 4 in libc.so.6[7fe4e548e000+195000]
[3015458.845891] Code: 8b 4a 08 48 83 f9 0f 0f 86 c0 01 00 00 48 39 ce 0f 82 b7 01 00 00 49 8b 32 48 83 e6 f8 48 39 c6 0f 85 37 04 00 00 48 8b 72 18 39 56 10 0f 85 89 03 00 00 4c 39 5a 10 0f 85 7f 03 00 00 f6 c1
[3015740.781355] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3015919.266747] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3016511.125031] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3016783.892781] squid[671997]: segfault at 55922f8ccd ip 000055922dd110d7 sp 00007ffca0b34020 error 4 in squid[55922db41000+47b000]
[3016783.892794] Code: 83 ec 18 64 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 4c 8d 64 24 07 e8 26 30 e3 ff 4c 8b 6b 18 4d 85 ed 0f 84 aa 00 00 00 8b 55 78 4c 8d 64 24 07 85 d2 78 3b 4c 8d 64 24 07 ba 01 00 00
[3016837.119459] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3017118.081446] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3017278.438091] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3017289.165494] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3017423.506746] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3018694.490819] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3019214.751951] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3019288.381624] squid[672457]: segfault at 5577ae7b ip 00005577abfe10d7 sp 00007fff6a0f36f0 error 4 in squid[5577abe11000+47b000]
[3019288.381636] Code: 83 ec 18 64 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 4c 8d 64 24 07 e8 26 30 e3 ff 4c 8b 6b 18 4d 85 ed 0f 84 aa 00 00 00 8b 55 78 4c 8d 64 24 07 85 d2 78 3b 4c 8d 64 24 07 ba 01 00 00
[3019288.386368] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.
[3019306.909344] TCP: request_sock_TCP: Possible SYN flooding on port 3128. Sending cookies. Check SNMP counters.