• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue with Watchdog under PLESK v9.2.1

N

Noah Kaufman

Guest
There is an issue with PLESK v9.2.1 running on RedHat 4 ES Update 8.
(This also applies to other Linux systems as well....)

The issue with PLESK v9.2.1 is where the Watchdog module
specifies an option on the weekly report that rkhunter 1.3.4 does not
support.

The file:
/usr/local/psa/admin/plib/report/autoreport.php
Which is called as part of:
/etc/cron.weekly/50plesk-weekly
Calls a depricated option called "--report-mode"

You can see this error when you review the Watchdog module reports
generated on a weekly basis, that are located in:
/usr/local/psa/var/modules/watchdog/report

According to the rkhunter web page located here:
http://www.rootkit.nl/projects/rootkit_hunter.html
The correct option should probably be: --nocolors

This will happen on any PLESK / Linux system where rkhunter is running v1.3.4.
 
same problem in v9.2.3

This problem still exists in Plesk 9.2.3. Here's the full output of the "report":

[ Rootkit Hunter version 1.3.4 ]

Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
Invalid option specified: --report-mode


I'm pretty sure rkhunter doesn't even do any checks because of this. If I run rkhunter by hand, specifying the invalid "--report-mode" flag, here's the output I get:

[root@server ~]# /usr/local/psa/admin/bin/modules/watchdog/rkhunter --check --update --report-mode
Invalid option specified: --report-mode
[root@server ~]#

Whereas, if you omit the "--report-mode" flag, it runs normally. "--report-mode" was removed in rkhunter 1.3.0.
http://rkhunter.cvs.sourceforge.net/viewvc/*checkout*/rkhunter/rkhunter/files/CHANGELOG
http://rkhunter.sourceforge.net/

The desired options instead of "--report-mode" are probably "--cronjob --report-warnings-only" (--cronjob implies --nocolors). Unfortunately, this script is encoded and can't be changed by anyone but Parallels.
 
Just remove --report-mode from rkhunter call in /usr/local/psa/libexec/modules/watchdog/security/schedule
 
You must log in or register to reply here.

Similar threads

Hangover2
Resolved Watchdog does not install Rootkit Hunter
Replies
6
Views
12K
Sebahat.hadzhi
Sebahat.hadzhi
Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
752
yfain
Y
R
Resolved WP Toolkit/Wordpress Toolkit - older version screenshot issue
Replies
4
Views
4K
rhall
R
O
Question How Can I Set Up Email Notifications in Plesk to Alert Me About Issues with the "Locate My Postal Code" Tool?
Replies
0
Views
2K
OusmaneKannon
O
P
Question Drupal CMS 1.0 with Plesk: Composer PATH issue for automatic updates
Replies
7
Views
2K
horvan
H
Back
Top