• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Many "plesk kernel" messages in /var/log/messages?

J

james1940

Guest
Good morning,

I have got a new server with plesk installed and got many many log messages in my /var/log/messages. Here is a small portion:

[root@plesk log]# tail /var/log/messages
Feb 26 03:03:40 plesk kernel: audit(1172480616.018:91593490): avc: denied { connectto } for pid=6279 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.019:91593491): avc: denied { connectto } for pid=6279 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.029:91593492): avc: denied { connectto } for pid=8519 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.030:91593493): avc: denied { connectto } for pid=8519 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.032:91593494): avc: denied { connectto } for pid=10678 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.037:91593495): avc: denied { connectto } for pid=10185 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.040:91593496): avc: denied { connectto } for pid=9045 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F0200000000000000000000000000000000000000000000000000000000000000005358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.614:91593536): avc: denied { connectto } for pid=11368 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.616:91593537): avc: denied { connectto } for pid=8777 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.628:91593538): avc: denied { connectto } for pid=8897 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Click to expand...

Does anybody know what these messages mean (i get about 10 messages per second)?

Thank you :)
 
selinux ftw!

Youve got some high weirdness going on there with the path dumped out as hex. Converting that to ascii comes back with garbage. Wild guess here, but maybe frontpage?
 
We had a some of this in our logs and after looking at /var/log/secure and our mod_security logs found the log entries were linked to frontpage and/or some other type of Windows script attempts.
 
You must log in or register to reply here.

Similar threads

M
Resolved Failed to start The Apache HTTP Server: SELinux impedisce a /usr/sbin/httpd un accesso open su file /var/log/modsec_audit.log. -- SOLVED --
Replies
0
Views
2K
mmcomputers
M
danami
Forwarded to devs SELinux errors due to ARC mail handler
Replies
2
Views
1K
Kaspar@Plesk
Kaspar@Plesk
Azurel
Question Does Plesk possibly monitor this file /var/log/messages?
Replies
1
Views
787
AYamshanov
AYamshanov
tkalfaoglu
Resolved How to stop all these audit messages?
Replies
1
Views
4K
tkalfaoglu
tkalfaoglu
O
Resolved Plesk 18 - Horde or Roundcube Webmail - Error 500 - Internal server error
Replies
10
Views
8K
octet
O
Back
Top