• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

Many "plesk kernel" messages in /var/log/messages?

J

james1940

Guest
Good morning,

I have got a new server with plesk installed and got many many log messages in my /var/log/messages. Here is a small portion:

[root@plesk log]# tail /var/log/messages
Feb 26 03:03:40 plesk kernel: audit(1172480616.018:91593490): avc: denied { connectto } for pid=6279 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.019:91593491): avc: denied { connectto } for pid=6279 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.029:91593492): avc: denied { connectto } for pid=8519 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.030:91593493): avc: denied { connectto } for pid=8519 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.032:91593494): avc: denied { connectto } for pid=10678 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.037:91593495): avc: denied { connectto } for pid=10185 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.040:91593496): avc: denied { connectto } for pid=9045 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F0200000000000000000000000000000000000000000000000000000000000000005358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.614:91593536): avc: denied { connectto } for pid=11368 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.616:91593537): avc: denied { connectto } for pid=8777 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Feb 26 03:03:40 plesk kernel: audit(1172480616.628:91593538): avc: denied { connectto } for pid=8897 comm="httpd" path=000000008B1E34524756E536DB1D126A5358A52E90889B5F010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:system_r:httpd_t tcontext=user_u:system_r:initrc_t tclass=unix_stream_socket
Click to expand...

Does anybody know what these messages mean (i get about 10 messages per second)?

Thank you :)
 
selinux ftw!

Youve got some high weirdness going on there with the path dumped out as hex. Converting that to ascii comes back with garbage. Wild guess here, but maybe frontpage?
 
We had a some of this in our logs and after looking at /var/log/secure and our mod_security logs found the log entries were linked to frontpage and/or some other type of Windows script attempts.
 
You must log in or register to reply here.

Similar threads

M
Resolved Failed to start The Apache HTTP Server: SELinux impedisce a /usr/sbin/httpd un accesso open su file /var/log/modsec_audit.log. -- SOLVED --
Replies
0
Views
3K
mmcomputers
M
danami
Forwarded to devs SELinux errors due to ARC mail handler
Replies
2
Views
2K
Kaspar@Plesk
Kaspar@Plesk
I
Issue Selinux-related errors in /var/log/messages
Replies
5
Views
2K
Kaspar
K
Azurel
Question Does Plesk possibly monitor this file /var/log/messages?
Replies
1
Views
1K
AYamshanov
AYamshanov
tkalfaoglu
Resolved How to stop all these audit messages?
Replies
1
Views
5K
tkalfaoglu
tkalfaoglu
Back
Top