Oliver_Strixner
New Pleskian
i have an Root-Server with ubuntu 16.04 and Plesk Onyx, and it has the behavior to stop, reboot ist not working, only for some minutes i get ssh access, the its down again. i found out that when i stop apparmor everything is ok. Last time i deinstalled it, but its now here again.
Any Solution for this "ghost"-behavior?
Plesk Ony Version 17.8.11 Update #8, last updated on May 25, 2018 06:28 AM
Linux 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
The last lines of syslog, before gone:
enter
code
May 30 19:40:02 srvwt20 plesk_saslauthd[7459]: failed mail authentication attempt for user 'conference' (password len=9)
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: warning: unknown[185.234.218.130]: SASL LOGIN authentication failed: authentication failure
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: lost connection after AUTH from unknown[185.234.218.130]
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: disconnect from unknown[185.234.218.130] ehlo=1 auth=0/1 commands=1/2
May 30 19:40:03 srvwt20 postfix/smtpd[7456]: connect from dedi-mon.fastit.net[85.114.144.99]
May 30 19:40:03 srvwt20 postfix/smtpd[7456]: disconnect from dedi-mon.fastit.net[85.114.144.99] helo=1 quit=1 commands=2
May 30 19:40:32 srvwt20 plesk_saslauthd[7459]: select timeout, exiting
May 30 19:43:01 srvwt20 CRON[7470]: (root) CMD (/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/magicspam/scripts/magicspam-updater.php')
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: connect from unknown[5.101.40.66]
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: privileges set to (115:120) (effective 115:120)
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: No such user '[email protected]' in mail authorization database
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: failed mail authentication attempt for user '[email protected]' (password len=7)
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: warning: unknown[5.101.40.66]: SASL LOGIN authentication failed: authentication failure
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: disconnect from unknown[5.101.40.66] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
May 30 19:43:16 srvwt20 kernel: [622545.519944] audit_printk_skb: 42 callbacks suppressed
May 30 19:43:16 srvwt20 kernel: [622545.519955] audit: type=1400 audit(1527702196.259:14291): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/old-stats-user" pid=7524 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:43:16 srvwt20 dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=85.114.144.99, lip=89.163.132.177, session=<ZMq74m9t78VVcpBj>
May 30 19:43:21 srvwt20 postfix/smtpd[7520]: connect from unknown[185.234.217.39]
May 30 19:43:21 srvwt20 plesk_saslauthd[7522]: failed mail authentication attempt for user 'log' (password len=9)
May 30 19:43:21 srvwt20 postfix/smtpd[7520]: warning: unknown[185.234.217.39]: SASL LOGIN authentication failed: authentication failure
May 30 19:43:22 srvwt20 postfix/smtpd[7520]: lost connection after AUTH from unknown[185.234.217.39]
May 30 19:43:22 srvwt20 postfix/smtpd[7520]: disconnect from unknown[185.234.217.39] ehlo=1 auth=0/1 commands=1/2
May 30 19:43:51 srvwt20 plesk_saslauthd[7522]: select timeout, exiting
May 30 19:44:34 srvwt20 dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=85.114.144.99, lip=89.163.132.177, session=<JO5h529trOFVcpBj>
May 30 19:45:01 srvwt20 CRON[7538]: (root) CMD (/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/magicspam/scripts/ms_clean_queue.php')
last kern.log
May 30 19:36:17 srvwt20 kernel: [622126.298226] audit: type=1400 audit(1527701777.024:14264): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:36:17 srvwt20 kernel: [622126.298776] audit: type=1400 audit(1527701777.024:14265): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:36:17 srvwt20 kernel: [622126.298793] audit: type=1400 audit(1527701777.024:14266): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.396288] audit: type=1400 audit(1527701855.123:14267): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/plesk/passwd.db" pid=7280 comm="auth" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=115
May 30 19:37:35 srvwt20 kernel: [622204.401175] audit: type=1400 audit(1527701855.127:14268): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap" pid=7356 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap-login"
May 30 19:37:35 srvwt20 kernel: [622204.401207] audit: type=1400 audit(1527701855.127:14269): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap-login" pid=7356 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap"
May 30 19:37:35 srvwt20 kernel: [622204.403166] audit: type=1400 audit(1527701855.131:14270): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403246] audit: type=1400 audit(1527701855.131:14271): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403268] audit: type=1400 audit(1527701855.131:14272): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403409] audit: type=1400 audit(1527701855.131:14273): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403430] audit: type=1400 audit(1527701855.131:14274): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.954513] audit: type=1400 audit(1527701855.683:14275): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/plesk/passwd.db" pid=7280 comm="auth" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=115
May 30 19:37:35 srvwt20 kernel: [622204.959361] audit: type=1400 audit(1527701855.687:14276): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap" pid=7358 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap-login"
May 30 19:43:16 srvwt20 kernel: [622545.519944] audit_printk_skb: 42 callbacks suppressed
May 30 19:43:16 srvwt20 kernel: [622545.519955] audit: type=1400 audit(1527702196.259:14291): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/old-stats-user" pid=7524 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
on start up i have this messages:
May 30 23:31:18 srvwt20 kernel: [ 12.752471] ACPI Warning: SystemIO range 0x0000000000004028-0x000000000000402F conflicts with OpRegion 0x0000000000004000-0x000000000000404E (\PMIO) (20150930/utaddress-254)
May 30 23:31:18 srvwt20 kernel: [ 12.752485] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
and some Memory hints
May 30 23:31:18 srvwt20 kernel: [ 0.000000] *BAD*gran_size: 16M chunk_size: 1G num_reg: 8 lose cover RAM: -768M
May 30 23:31:18 srvwt20 kernel: [ 0.000000] gran_size: 16M chunk_size: 2G num_reg: 8 lose cover RAM: 9472M
so i dont find anny real error for this, but the solution seems to stop apparmor.
can anybody help,?
Any Solution for this "ghost"-behavior?
Plesk Ony Version 17.8.11 Update #8, last updated on May 25, 2018 06:28 AM
Linux 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
The last lines of syslog, before gone:
enter
code
May 30 19:40:02 srvwt20 plesk_saslauthd[7459]: failed mail authentication attempt for user 'conference' (password len=9)
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: warning: unknown[185.234.218.130]: SASL LOGIN authentication failed: authentication failure
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: lost connection after AUTH from unknown[185.234.218.130]
May 30 19:40:02 srvwt20 postfix/smtpd[7456]: disconnect from unknown[185.234.218.130] ehlo=1 auth=0/1 commands=1/2
May 30 19:40:03 srvwt20 postfix/smtpd[7456]: connect from dedi-mon.fastit.net[85.114.144.99]
May 30 19:40:03 srvwt20 postfix/smtpd[7456]: disconnect from dedi-mon.fastit.net[85.114.144.99] helo=1 quit=1 commands=2
May 30 19:40:32 srvwt20 plesk_saslauthd[7459]: select timeout, exiting
May 30 19:43:01 srvwt20 CRON[7470]: (root) CMD (/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/magicspam/scripts/magicspam-updater.php')
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: connect from unknown[5.101.40.66]
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: privileges set to (115:120) (effective 115:120)
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: No such user '[email protected]' in mail authorization database
May 30 19:43:14 srvwt20 plesk_saslauthd[7522]: failed mail authentication attempt for user '[email protected]' (password len=7)
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: warning: unknown[5.101.40.66]: SASL LOGIN authentication failed: authentication failure
May 30 19:43:14 srvwt20 postfix/smtpd[7520]: disconnect from unknown[5.101.40.66] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
May 30 19:43:16 srvwt20 kernel: [622545.519944] audit_printk_skb: 42 callbacks suppressed
May 30 19:43:16 srvwt20 kernel: [622545.519955] audit: type=1400 audit(1527702196.259:14291): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/old-stats-user" pid=7524 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:43:16 srvwt20 dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=85.114.144.99, lip=89.163.132.177, session=<ZMq74m9t78VVcpBj>
May 30 19:43:21 srvwt20 postfix/smtpd[7520]: connect from unknown[185.234.217.39]
May 30 19:43:21 srvwt20 plesk_saslauthd[7522]: failed mail authentication attempt for user 'log' (password len=9)
May 30 19:43:21 srvwt20 postfix/smtpd[7520]: warning: unknown[185.234.217.39]: SASL LOGIN authentication failed: authentication failure
May 30 19:43:22 srvwt20 postfix/smtpd[7520]: lost connection after AUTH from unknown[185.234.217.39]
May 30 19:43:22 srvwt20 postfix/smtpd[7520]: disconnect from unknown[185.234.217.39] ehlo=1 auth=0/1 commands=1/2
May 30 19:43:51 srvwt20 plesk_saslauthd[7522]: select timeout, exiting
May 30 19:44:34 srvwt20 dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=85.114.144.99, lip=89.163.132.177, session=<JO5h529trOFVcpBj>
May 30 19:45:01 srvwt20 CRON[7538]: (root) CMD (/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/magicspam/scripts/ms_clean_queue.php')
last kern.log
May 30 19:36:17 srvwt20 kernel: [622126.298226] audit: type=1400 audit(1527701777.024:14264): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:36:17 srvwt20 kernel: [622126.298776] audit: type=1400 audit(1527701777.024:14265): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:36:17 srvwt20 kernel: [622126.298793] audit: type=1400 audit(1527701777.024:14266): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/pop3" name="/run/dovecot/stats-writer" pid=7344 comm="pop3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.396288] audit: type=1400 audit(1527701855.123:14267): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/plesk/passwd.db" pid=7280 comm="auth" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=115
May 30 19:37:35 srvwt20 kernel: [622204.401175] audit: type=1400 audit(1527701855.127:14268): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap" pid=7356 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap-login"
May 30 19:37:35 srvwt20 kernel: [622204.401207] audit: type=1400 audit(1527701855.127:14269): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap-login" pid=7356 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap"
May 30 19:37:35 srvwt20 kernel: [622204.403166] audit: type=1400 audit(1527701855.131:14270): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403246] audit: type=1400 audit(1527701855.131:14271): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403268] audit: type=1400 audit(1527701855.131:14272): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403409] audit: type=1400 audit(1527701855.131:14273): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.403430] audit: type=1400 audit(1527701855.131:14274): apparmor="ALLOWED" operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/stats-writer" pid=7356 comm="imap" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 30 19:37:35 srvwt20 kernel: [622204.954513] audit: type=1400 audit(1527701855.683:14275): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/plesk/passwd.db" pid=7280 comm="auth" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=115
May 30 19:37:35 srvwt20 kernel: [622204.959361] audit: type=1400 audit(1527701855.687:14276): apparmor="ALLOWED" operation="file_receive" profile="/usr/lib/dovecot/imap" pid=7358 comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap-login"
May 30 19:43:16 srvwt20 kernel: [622545.519944] audit_printk_skb: 42 callbacks suppressed
May 30 19:43:16 srvwt20 kernel: [622545.519955] audit: type=1400 audit(1527702196.259:14291): apparmor="ALLOWED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/old-stats-user" pid=7524 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
on start up i have this messages:
May 30 23:31:18 srvwt20 kernel: [ 12.752471] ACPI Warning: SystemIO range 0x0000000000004028-0x000000000000402F conflicts with OpRegion 0x0000000000004000-0x000000000000404E (\PMIO) (20150930/utaddress-254)
May 30 23:31:18 srvwt20 kernel: [ 12.752485] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
and some Memory hints
May 30 23:31:18 srvwt20 kernel: [ 0.000000] *BAD*gran_size: 16M chunk_size: 1G num_reg: 8 lose cover RAM: -768M
May 30 23:31:18 srvwt20 kernel: [ 0.000000] gran_size: 16M chunk_size: 2G num_reg: 8 lose cover RAM: 9472M
so i dont find anny real error for this, but the solution seems to stop apparmor.
can anybody help,?