Facebook
Twitter
J.Wick
Regular Pleskian
Username:
TITLE
SELinux Interferes with Plesk FTP Backup
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Obsidian Version 18.0.46 Update #1
Rocky Linux 8.6
PROBLEM DESCRIPTION
Migrated Plesk from Centos 7.9 over to a new server with Rocky Linux 8.6 and could not connect to our remote FTPS backup server successfully.
STEPS TO REPRODUCE
Entered known working settings for FTPS (Non-PASV) on custom port 2121/TCP into Plesk Backup Remote Storage and clicked 'Apply.'
ACTUAL RESULT
Plesk partially connected to the FTP and timed out, producing an error, with a CURL troubleshooting command that worked when tried at the CLI.
EXPECTED RESULT
Should quickly connect and report successful connection.
ANY ADDITIONAL INFORMATION
Turning on firewall drop packet logging, I saw the outbound connection was creating many FINAL_REJECT log entries.
SELinux was discovered after a day of troubleshooting it was blocking the outbound connection. After disabling SELinux and rebooting, the connection was successful.
SELinux is important technology; I'd like to re-enable it, but administrators need a way to know about situations like this and have fast ways to correct them. Plesk should be more intelligent in handling SELinux alerts and have a method to recognize non-standard ports in the Backup Manager FTP settings and adjust SELinux accordingly as part of its FTP connection test.
A Tools & Settings -> Security -> SELinux Security panel would be a great feature addition.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
TITLE
SELinux Interferes with Plesk FTP Backup
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Obsidian Version 18.0.46 Update #1
Rocky Linux 8.6
PROBLEM DESCRIPTION
Migrated Plesk from Centos 7.9 over to a new server with Rocky Linux 8.6 and could not connect to our remote FTPS backup server successfully.
STEPS TO REPRODUCE
Entered known working settings for FTPS (Non-PASV) on custom port 2121/TCP into Plesk Backup Remote Storage and clicked 'Apply.'
ACTUAL RESULT
Plesk partially connected to the FTP and timed out, producing an error, with a CURL troubleshooting command that worked when tried at the CLI.
EXPECTED RESULT
Should quickly connect and report successful connection.
ANY ADDITIONAL INFORMATION
Turning on firewall drop packet logging, I saw the outbound connection was creating many FINAL_REJECT log entries.
SELinux was discovered after a day of troubleshooting it was blocking the outbound connection. After disabling SELinux and rebooting, the connection was successful.
SELinux is important technology; I'd like to re-enable it, but administrators need a way to know about situations like this and have fast ways to correct them. Plesk should be more intelligent in handling SELinux alerts and have a method to recognize non-standard ports in the Backup Manager FTP settings and adjust SELinux accordingly as part of its FTP connection test.
A Tools & Settings -> Security -> SELinux Security panel would be a great feature addition.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
