Solved

CentOS 6.4 Core files

Posted on 2013-06-30
8
612 Views
Last Modified: 2013-07-03
Hi,

I have installed CentOS 6.4 64bit few days ago and noticed that the hard drive got full within few days. I looked in /tmp folder and noticed lots of core.numbers files ie core.1111 core.32323

These files are being created every few seconds.

ulimit -c shows zero which basically means that no core file should be created.

I would like to know why these files are being created? Apparently I need to know the application that is creating this file before debugging.

And how do I stop these files from being created?


Thanks.
0
Comment
Question by:ezzadin
  • 5
  • 3
8 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
Hi,

Will you post your dmsesg output here?

Cheers,
K.
0
 

Author Comment

by:ezzadin
Comment Utility
Hi,

Attached is the dmesg.

Thanks.
dmesg.txt
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
I did not find anything unusual here. Will you please post :

/etc/sysctl.conf

/var/log/messages
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
It seems that your system was configured to generate core dump files for crashes. I think we need to find what is causing crashes.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:ezzadin
Comment Utility
Hi,

here is sysctl:

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

Open in new window


I didnt see anything is /var/log/messages.

I rebooted the system few minutes ago and it stopped creating the files...
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
Comment Utility
In fact you don't have a core file setting in your sysctl file. For your system to create dump files like that you had something different in your sysctl. Something like this:

kernel.core_uses_pid = 1
kernel.core_pattern = /tmp/core-%e-%s-%u-%g-%p-%t
fs.suid_dumpable = 2

Open in new window


But you don't.

There's one thing that comes to my mind that may be you have booted from a different kernel from CD or something which had these settings..

Is it possible that you've reboot from rescue kernel and set your your after boot ??

This is the only thing that I could come up with..

cheers,
K.
0
 

Author Comment

by:ezzadin
Comment Utility
I actually had this box installed and configured in the office and had is running for few days then shut it down and moved it to our data-center and powered up.

The system started creating the dump file when it was powered up in the data-center, so as you mentioned maybe it just booted from rescue kernel and once the server was rebooted, it started normally.

In any case, thanks for your help.
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
You're welcome.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Currently, there is not an RPM package available under the RHEL/Fedora/CentOS distributions that gives you a quick and easy way to allow PHP to interface with Oracle. As a result, I have included a set of instructions on how to do this with minimal …
Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now