• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Rootkit Hunter log shows Invalid SCRIPTWHITELIST configuration option

PrimeSites

PrimeSites

New Pleskian
Hi Guys,
I've recently spun up two new VPS servers (Ubuntu 18.04.4 LTS‬ + Plesk Obsidian 18.0.28 Update #3) and the Watchdog function is enabled. When a watchdog security scan is run the system returns a warning saying "Considerable existing/potential security problems were detected in the system", with log contents below:

~~~~~~~~~~~
[ Rootkit Hunter version 1.4.4 ]

Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ No update ]
Checking file i18n/tr.utf8 [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
Checking file i18n/ja [ No update ]
Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/lwp-request
~~~~~~~~~~~

I've not been able to find any info on how to effectively troubleshoot this issue.
Any help/suggestions would be much appreciated.
 
@PrimeSites

In essence, this is a (very) old rkhunter bug that apparently has returned in version 1.4.4 somehow.

It is safe to ignore the "invalid configuration" notification and to get rkhunter running by following the steps :

1 - check for existence of the lwp-request file, run command : find / -name lwp-request

2 - if the lwp-request file is not present at all, uncomment the offending line by using the command : vi +607 /opt/psa/etc/modules/watchdog/rkhunter.conf (read: add # in front of the offending line)

and that is all.

Please note that you can configuration overrides by just adding a config file with the name rkhunter.conf.local in the /opt/psa/etc/modules/watchdog/ directory.

I hope the above helps.

Kind regards...........
 
This ("Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/lwp-request") happened on a server which has been updated to 18.0.37 #2 automatically today. First try was to remove the Watchdog extension and adding it again, but now, Watchdog can´t be found anymore on plesk.com/extensions ...
 
IgorG said:
(...)
Click to expand...
Thanks Igor. I remember... It´s still confusing how the installation of this extension is being handled like a component. I´d expect to find extensions under Extensions.
Anyway, your hint regarding lwp-request works, but now we have a warning in the scan report
/opt/psa/etc/modules/watchdog/rkhunter.conf [ Warning ]
though I´ve changed rights for the file from 0660 to 0607.
 
P.S.:
[10:27:34] /opt/psa/etc/modules/watchdog/rkhunter.conf [ Warning ]
[10:27:34] Warning: Package manager verification has failed:
[10:27:34] File: /opt/psa/etc/modules/watchdog/rkhunter.conf
[10:27:34] The file hash value has changed
[10:27:34] Warning: Write permission is set on file '/opt/psa/etc/modules/watchdog/rkhunter.conf' for all users.
 
TRILOS new media said:
Well that was really dumb, sorry... vi +607 <file> jumps to line 607 after opening <file>, but I thought about rights (0607)... m-|
Click to expand...
@TRILOS new media

You should not alter file permissions, there is no need to do so.

In essence, the error notification

TRILOS new media said:
P.S.:
[10:27:34] /opt/psa/etc/modules/watchdog/rkhunter.conf [ Warning ]
[10:27:34] Warning: Package manager verification has failed:
[10:27:34] File: /opt/psa/etc/modules/watchdog/rkhunter.conf
[10:27:34] The file hash value has changed
[10:27:34] Warning: Write permission is set on file '/opt/psa/etc/modules/watchdog/rkhunter.conf' for all users.
Click to expand...

will be absent by applying the following steps :

1 - go to directory /opt/psa/etc/modules/watchdog

2 - create the file rkhunter.conf.local by running the command : vi rkhunter.conf.local

3 - add the lines :

## Insert test for passing rkhunter.conf file check
PKGMGR_NO_VRFY=/opt/psa/etc/modules/watchdog/rkhunter.conf

# suppress warning for the check whether SSH protocol v1 is allowed - comment if you like
#ALLOW_SSH_PROT_V1=0

## Plesk related Xinetd services to be allowed
XINETD_ALLOWED_SVC=/etc/xinetd.d/ftp_psa
XINETD_ALLOWED_SVC=/etc/xinetd.d/poppassd_psa

4 - save and close the file rkhunter.conf.local

In short, the above line will suppress most of the common false positives generated by rkhunter, including the notification concerning rkhunter.conf

Please note that you can and should add all customisations of rkhunter in the rkhunter.conf.local file.

Also note that, when migrating to another server, these customisations should be transferred manually by rsyncing the rkhunter.conf.local file.

I hope the above helps a bit.

Kind regards.........
 
putty ssh terminal
dpkg -l | grep libwww-perl

apt-get update && apt-get upgrade
apt-get install libwww-perl
 
You must log in or register to reply here.

Similar threads

F
Resolved Watchdog doesnt scan server
Replies
1
Views
2K
IgorG
IgorG
T
New Dedicated server questions
Replies
2
Views
2K
TrevorMatthews
T
Azurel
Watchdog report: Suspect files
Replies
2
Views
4K
netsetter
N
A
security scan show " warning "
Replies
1
Views
4K
IgorG
IgorG
D
Bug im Plesk Cron-Job
Replies
2
Views
3K
DetlefZ
D
Back
Top