Using AWS Linux 2, on my wp site this error "Error establishing a database connection", I believe I was hacked via the wp blog page and the entire site is disabled. Using MySQL:
$ sudo systemctl start mysqld
Job for mysqld.service failed because the control process exited with error code. See "systemctl status mysqld.service" and "journalctl -xe" for details.
At first didn’t realize that I needed to run those two commands in the CLI. Here is the output for systemctl status mysqld.service -l:
$ systemctl status mysqld.service -l
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2022-02-13 21:00:30 UTC; 6h ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Process: 19959 ExecStart=/usr/sbin/mysqld $MYSQLD_OPTS (code=exited, status=1/FAILURE)
Process: 19926 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
Main PID: 19959 (code=exited, status=1/FAILURE)
Status: "Server startup in progress"
Error: 13 (Permission denied)
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal mysqld[19959]: 2022-02-13T21:00:30.730728Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.28) starting as process 19959
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal mysqld[19959]: 2022-02-13T21:00:30.734108Z 0 [Warning] [MY-010091] [Server] Can't create test file /var/lib/mysql/mysqld_tmp_file_case_insensitive_test.lower-test
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal mysqld[19959]: 2022-02-13T21:00:30.734121Z 0 [Warning] [MY-010159] [Server] Setting lower_case_table_names=2 because file system for /var/lib/mysql/ is case insensitive
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal mysqld[19959]: 2022-02-13T21:00:30.734720Z 0 [ERROR] [MY-010187] [Server] Could not open file '/var/log/mysqld.log' for error logging: Permission denied
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal mysqld[19959]: 2022-02-13T21:00:30.736749Z 0 [ERROR] [MY-010119] [Server] Aborting
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal mysqld[19959]: 2022-02-13T21:00:30.736912Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.28) MySQL Community Server - GPL.
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal systemd[1]: mysqld.service: main process exited, code=exited, status=1/FAILURE
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal systemd[1]: Failed to start MySQL Server.
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal systemd[1]: Unit mysqld.service entered failed state.
Feb 13 21:00:30 ip-172-31-91-154.ec2.internal systemd[1]: mysqld.service failed.
and running journalctl -xe -l:
Feb 14 03:17:27 ip-172-31-91-154.ec2.internal sshd[29726]: Excess permission or bad ownership on file /var/lo
Feb 14 03:17:27 ip-172-31-91-154.ec2.internal sshd[29726]: Received disconnect from 81.70.242.147 port 43604:
Feb 14 03:17:27 ip-172-31-91-154.ec2.internal sshd[29726]: Disconnected from 81.70.242.147 port 43604 [preaut
Feb 14 03:17:41 ip-172-31-91-154.ec2.internal sshd[29728]: Connection closed by 104.243.26.5 port 46890 [prea
Feb 14 03:18:06 ip-172-31-91-154.ec2.internal sshd[29730]: Invalid user yw from 82.196.5.221 port 47008
Feb 14 03:18:06 ip-172-31-91-154.ec2.internal sshd[29730]: Excess permission or bad ownership on file /var/lo
Feb 14 03:18:06 ip-172-31-91-154.ec2.internal sshd[29730]: input_userauth_request: invalid user yw [preauth]
Feb 14 03:18:06 ip-172-31-91-154.ec2.internal sshd[29730]: pam_unix(sshd:auth): check pass; user unknown
Feb 14 03:18:06 ip-172-31-91-154.ec2.internal sshd[29730]: pam_unix(sshd:auth): authentication failure; logna
Feb 14 03:18:08 ip-172-31-91-154.ec2.internal sshd[29730]: Failed password for invalid user yw from 82.196.5.
Feb 14 03:18:08 ip-172-31-91-154.ec2.internal sshd[29730]: Excess permission or bad ownership on file /var/lo
Feb 14 03:18:08 ip-172-31-91-154.ec2.internal sshd[29730]: Received disconnect from 82.196.5.221 port 47008:1
Feb 14 03:18:08 ip-172-31-91-154.ec2.internal sshd[29730]: Disconnected from 82.196.5.221 port 47008 [preauth
Feb 14 03:18:15 ip-172-31-91-154.ec2.internal sshd[29732]: Invalid user server from 120.53.121.152 port 59070
Feb 14 03:18:15 ip-172-31-91-154.ec2.internal sshd[29732]: Excess permission or bad ownership on file /var/lo
Feb 14 03:18:15 ip-172-31-91-154.ec2.internal sshd[29732]: input_userauth_request: invalid user server [preau
Feb 14 03:18:15 ip-172-31-91-154.ec2.internal sshd[29732]: pam_unix(sshd:auth): check pass; user unknown
Feb 14 03:18:15 ip-172-31-91-154.ec2.internal sshd[29732]: pam_unix(sshd:auth): authentication failure; logna
Feb 14 03:18:18 ip-172-31-91-154.ec2.internal sshd[29732]: Failed password for invalid user server from 120.5
Feb 14 03:18:18 ip-172-31-91-154.ec2.internal sshd[29732]: Excess permission or bad ownership on file /var/lo
Feb 14 03:18:19 ip-172-31-91-154.ec2.internal sshd[29732]: Received disconnect from 120.53.121.152 port 59070
Feb 14 03:18:19 ip-172-31-91-154.ec2.internal sshd[29732]: Disconnected from 120.53.121.152 port 59070 [preau
Feb 14 03:18:27 ip-172-31-91-154.ec2.internal dhclient[2827]: XMT: Solicit on eth0, interval 111530ms.
I tried removing the db and reinstalling but this did not make any difference.
2
Answers
Deleting the ec2 instance and starting over was the direction I took. Still no idea of what caused the error however am double checking security holes and patching up. Thanks everyone for responding.
best
the issue is this line:
Which is supported by this error message:
access forbidden by rule
So the issue is permissions to the
/var/log/mysqld.log
file. What is needed is to create permissions for mysql to access this file – running this command with a server reboot solved this issue: