• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Ubuntu Server 16.04 stops, without any errors

Oliver_Strixner

New Pleskian
i have an Root-Server with ubuntu 16.04 and Plesk Onyx, and it has the behavior to stop, reboot ist not working, only for some minutes i get ssh access, the its down again. i found out that when i stop apparmor everything is ok. Last time i deinstalled it, but its now here again.

Any Solution for this "ghost"-behavior?

Plesk Ony Version 17.8.11 Update #8, last updated on May 25, 2018 06:28 AM

Linux 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

The last lines of syslog, before gone:

enter
code
May 30 19:40:02 srvwt20 plesk_saslauthd[7459]: failed mail authentication attempt for user 'conference' (password len=9)
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: warning: unknown[185.234.218.130]: SASL LOGIN authentication failed: authentication failure
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: lost connection after AUTH from unknown[185.234.218.130]
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: disconnect from unknown[185.234.218.130] ehlo=1 auth=0/1 commands=1/2
May 30 19:40:03 srvwt20 postfix/smtpd[7456]: connect from dedi-mon.fastit.net[85.114.144.99]
May 30 19:40:03 srvwt20 postfix/smtpd[7456]: disconnect from dedi-mon.fastit.net[85.114.144.99] helo=1 quit=1 commands=2
May 30 19:40:32 srvwt20 plesk_saslauthd[7459]: select timeout, exiting
May 30 19:43:01 srvwt20 CRON[7470]: (root) CMD (/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/magicspam/scripts/magicspam-updater.php')
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: connect from unknown[5.101.40.66]
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: privileges set to (115:120) (effective 115:120)
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: No such user '[email protected]' in mail authorization database
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: failed mail authentication attempt for user '[email protected]' (password len=7)
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: warning: unknown[5.101.40.66]: SASL LOGIN authentication failed: authentication failure
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: disconnect from unknown[5.101.40.66] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
May 30 19:43:16 srvwt20 kernel: [622545.519944] audit_printk_skb: 42 callbacks suppressed
May 30 19:43:16 srvwt20 kernel: [622545.519955] audit: type=1400 audit(1527702196.259:14291): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/old-stats-user" pid=7524 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:43:16 srvwt20 dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=85.114.144.99, lip=89.163.132.177, session=<ZMq74m9t78VVcpBj>
May 30 19:43:21 srvwt20 postfix/smtpd[7520]: connect from unknown[185.234.217.39]
May 30 19:43:21 srvwt20 plesk_saslauthd[7522]: failed mail authentication attempt for user 'log' (password len=9)
May 30 19:43:21 srvwt20 postfix/smtpd[7520]: warning: unknown[185.234.217.39]: SASL LOGIN authentication failed: authentication failure
May 30 19:43:22 srvwt20 postfix/smtpd[7520]: lost connection after AUTH from unknown[185.234.217.39]
May 30 19:43:22 srvwt20 postfix/smtpd[7520]: disconnect from unknown[185.234.217.39] ehlo=1 auth=0/1 commands=1/2
May 30 19:43:51 srvwt20 plesk_saslauthd[7522]: select timeout, exiting
May 30 19:44:34 srvwt20 dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=85.114.144.99, lip=89.163.132.177, session=<JO5h529trOFVcpBj>
May 30 19:45:01 srvwt20 CRON[7538]: (root) CMD (/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/magicspam/scripts/ms_clean_queue.php')

last kern.log

May 30 19:36:17 srvwt20 kernel: [622126.298226] audit: type=1400 audit(1527701777.024:14264): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:36:17 srvwt20 kernel: [622126.298776] audit: type=1400 audit(1527701777.024:14265): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:36:17 srvwt20 kernel: [622126.298793] audit: type=1400 audit(1527701777.024:14266): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.396288] audit: type=1400 audit(1527701855.123:14267): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/plesk/passwd.db" pid=7280 comm="auth" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=115
May 30 19:37:35 srvwt20 kernel: [622204.401175] audit: type=1400 audit(1527701855.127:14268): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap" pid=7356 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap-login"
May 30 19:37:35 srvwt20 kernel: [622204.401207] audit: type=1400 audit(1527701855.127:14269): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap-login" pid=7356 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap"
May 30 19:37:35 srvwt20 kernel: [622204.403166] audit: type=1400 audit(1527701855.131:14270): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403246] audit: type=1400 audit(1527701855.131:14271): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403268] audit: type=1400 audit(1527701855.131:14272): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403409] audit: type=1400 audit(1527701855.131:14273): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403430] audit: type=1400 audit(1527701855.131:14274): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.954513] audit: type=1400 audit(1527701855.683:14275): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/plesk/passwd.db" pid=7280 comm="auth" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=115
May 30 19:37:35 srvwt20 kernel: [622204.959361] audit: type=1400 audit(1527701855.687:14276): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap" pid=7358 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap-login"
May 30 19:43:16 srvwt20 kernel: [622545.519944] audit_printk_skb: 42 callbacks suppressed
May 30 19:43:16 srvwt20 kernel: [622545.519955] audit: type=1400 audit(1527702196.259:14291): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/old-stats-user" pid=7524 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0

on start up i have this messages:

May 30 23:31:18 srvwt20 kernel: [ 12.752471] ACPI Warning: SystemIO range 0x0000000000004028-0x000000000000402F conflicts with OpRegion 0x0000000000004000-0x000000000000404E (\PMIO) (20150930/utaddress-254)

May 30 23:31:18 srvwt20 kernel: [ 12.752485] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver

and some Memory hints

May 30 23:31:18 srvwt20 kernel: [ 0.000000] *BAD*gran_size: 16M chunk_size: 1G num_reg: 8 lose cover RAM: -768M

May 30 23:31:18 srvwt20 kernel: [ 0.000000] gran_size: 16M chunk_size: 2G num_reg: 8 lose cover RAM: 9472M

so i dont find anny real error for this, but the solution seems to stop apparmor.

can anybody help,?
 
Note, that AppArmor is supported since Plesk Onyx 17.0 and removal of AppArmor packages will break Plesk.
So, I suggest you following two commands:

# plesk installer --select-release-current --reinstall-patch --upgrade-installed-components
# plesk repair installation

I hope it will help.
 
Thanks, i ve done this.

in plesk repair installation i've got some messages:
WARNING:failed to get permissions for package diverts others to: /usr/lib/apache2/modules/mod_proxy.so.orig from package /var/cache/apt/archives/libapache2-mod-proxy-psa_2.4.18-ubuntu16.04.17100418_amd64.deb
WARNING:failed to get permissions for package diverts others to: /usr/lib/apache2/modules/mod_proxy_fcgi.so.orig from package /var/cache/apt/archives/libapache2-mod-proxy-psa_2.4.18-ubuntu16.04.17100418_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_10_setup.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_47_common_exceptions.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_40_generic_attacks.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_23_request_limits.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_21_protocol_anomalies.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_41_xss_attacks.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_59_outbound_blocking.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_45_trojans.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_41_sql_injection_attacks.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_20_protocol_violations.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_40_generic_attacks.data from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_50_outbound.data from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_50_outbound_malware.data from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_42_tight_security.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_30_http_policy.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_35_bad_robots.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_60_correlation.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_35_bad_robots.data from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_49_inbound_blocking.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_35_scanners.data from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_48_local_exceptions.conf.example from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb
WARNING:failed to get permissions for /etc/apache2/modsecurity.d/rules/modsecurity_crs-plesk/modsecurity_crs_50_outbound.conf from package /var/cache/apt/archives/plesk-modsecurity-crs_17.8.11-ubuntu16.04.18021217_amd64.deb

in the '/var/log/plesk/install/plesk_17.8.11_repair.log
ends with ****Product repair completed successfully.

no problems log.

So erveything working fine.
Thanks for this tipp.
 
Back
Top