• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Many "plesk kernel" messages in /var/log/messages?

J

james1940

Guest
Good morning,

I have got a new server with plesk installed and got many many log messages in my /var/log/messages. Here is a small portion:

[root@plesk log]# tail /var/log/messages
Feb 26 03:03:40 plesk kernel: audit(1172480616.018:91593490): avc: denied { connectto } for pid=6279 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.019:91593491): avc: denied { connectto } for pid=6279 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.029:91593492): avc: denied { connectto } for pid=8519 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.030:91593493): avc: denied { connectto } for pid=8519 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.032:91593494): avc: denied { connectto } for pid=10678 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.037:91593495): avc: denied { connectto } for pid=10185 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.040:91593496): avc: denied { connectto } for pid=9045 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F0200000000000000000000000000000000000000000000000000000000000000005358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.614:91593536): avc: denied { connectto } for pid=11368 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.616:91593537): avc: denied { connectto } for pid=8777 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.628:91593538): avc: denied { connectto } for pid=8897 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Click to expand...

Does anybody know what these messages mean (i get about 10 messages per second)?

Thank you :)
 
selinux ftw!

Youve got some high weirdness going on there with the path dumped out as hex. Converting that to ascii comes back with garbage. Wild guess here, but maybe frontpage?
 
We had a some of this in our logs and after looking at /var/log/secure and our mod_security logs found the log entries were linked to frontpage and/or some other type of Windows script attempts.
 
You must log in or register to reply here.

Similar threads

M
Resolved Failed to start The Apache HTTP Server: SELinux impedisce a /usr/sbin/httpd un accesso open su file /var/log/modsec_audit.log. -- SOLVED --
Replies
0
Views
2K
mmcomputers
M
danami
Forwarded to devs SELinux errors due to ARC mail handler
Replies
2
Views
1K
Kaspar@Plesk
Kaspar@Plesk
Azurel
Question Does Plesk possibly monitor this file /var/log/messages?
Replies
1
Views
696
AYamshanov
AYamshanov
tkalfaoglu
Resolved How to stop all these audit messages?
Replies
1
Views
3K
tkalfaoglu
tkalfaoglu
O
Resolved Plesk 18 - Horde or Roundcube Webmail - Error 500 - Internal server error
Replies
10
Views
8K
octet
O
Back
Top