We have recently upgraded our server and have been experencing some issues where our website becomes unavailable (returns 500/503 errors)
The server setup is:
Ubuntu 20.04.1
Apache 2.4.41
PHP 7.4.3
OSSEC HIDS
When this issue happens we get a notification from OSSEC with the below:
Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)."
Portion of the log(s):
ossec: output: 'netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| \1)' | sort':
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::25 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
Previous output:
ossec: output: 'netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| \1)' | sort':
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::25 :::* LISTEN
tcp6 512 0 :::443 :::* LISTEN
tcp6 68 0 :::80 :::* LISTEN
The only way we have been able to fix this issue is by doing a full server reboot
Any advice on how to diagnose what the issue is would be greatly appreciated, please let me know if there is any information required