• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Watchdog On-Demand Scanning Problem

S

sparkybarkalot

Guest
Just upgraded to 8.3.0 and when I try to run an on-demand scan in the Watchdog module the following occurs:

1) I hit the green start button and I get this message: "Scanning is in progress. About 30 minutes left" and a progress bar that remains empty for a few minutes until

2) Scanning Status reads: "The scanner has never been started."

Any suggestions?
 
More info...

I found the following error message in /usr/local/psa/var/modules/watchdog/report/securscan log:

"Test 'force' in '/usr/local/psa/libexec/modules/watchdog' was not found, or necessary permission were not granted"

But I don't know what that might mean.

There IS a file called 'force' in '/usr/local/psa/libexec/modules/watchdog/security'. Is the on-demand scanner perhaps looking in the wrong place for 'force' and that's why it's failing? If so, any ideas how I can fix this?
 
My weekly scan just failed as well, so Watchdog isn't working at all after running the 8.3.0 update. Does anyone have a fix for this?
 
rkhunter

I have the same problem and the same message ('force'....).
I can update and run the test from ssh (using rkhunter --update and rkhunter -c) but not from plesk...

:(
 
The daily report was send with the date of 1970/1/1 every day, till the update.

After a reboot, I get two messages via eMail that SpamAssassin was not running and will be exclude from monitoring. The date in this email's was correct.
 
rkhunter not functioning in scan mode

sparkybarkalot said:
Just upgraded to 8.3.0 and when I try to run an on-demand scan in the Watchdog module the following occurs:
------- "The scanner has never been started."
Click to expand...

Yes same with my server, I am running fc4, tried uninstalling and reinstalling watchdog, no better results, has someone tried to alert SWsoft on this issue?
 
SAME PROBLEM - Is there a way to downgrade?

I'm new to SwSoft and Plesk. Is this unusual for SwSoft to deliver upgrades with major bugs such as this?

I have two servers:
Server A - Upgraded 8.2.1 to 8.3.0: The dog is dead.
Server B - Upgrade to 8.3.0 fail: But the dog is alive and kickin'

Is there a way to back-out the 8.3.0 upgrade and return to 8.2.1? That would at least solve our issues until 8.3.X is fixed and TESTED.
 
Also same problem for me ...
Just to let SWSoft know ...
 
ok, i tried to run the scan from the command line and got an error message , can't find rkhunter.conf. So i look in the directory and scan the box for rkhunter and it's not there anymore, so I yum it back into the system and scan from the command line, it seems to work. I go to plesk panel and try the scan on demand and still the same.
Is swsoft soft on responding to this issue? Already they are killing support for my system in the near future, are they waiting for the deadline to expire so they don't have to do anything about it?
 
bibliopegist said:
ok, i tried to run the scan from the command line and got an error message , can't find rkhunter.conf. So i look in the directory and scan the box for rkhunter and it's not there anymore, so I yum it back into the system and scan from the command line, it seems to work. I go to plesk panel and try the scan on demand and still the same.
Is swsoft soft on responding to this issue? Already they are killing support for my system in the near future, are they waiting for the deadline to expire so they don't have to do anything about it?
Click to expand...


Hello Bibliopegist, When you say it seem to work - did it actually work?
 
Monarch1 said:
Hello Bibliopegist, When you say it seem to work - did it actually work?
Click to expand...
Yes it works, but with "strange stuff" like: [ [1;3"
below is the output of the scan:

> /usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update
Running updater...

Mirrorfile /var/rkhunter/db/mirrors.dat rotated
Using mirror http://rkhunter.sourceforge.net
[DB] Mirror file : Up to date
[DB] MD5 hashes system binaries : Up to date
[DB] Operating System information : Up to date
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Up to date
[DB] Known bad program versions : Up to date




Ready.
> /usr/local/psa/admin/sbin/modules/watchdog/rkhunter -c


Rootkit Hunter 1.2.8 is running

Determining OS... Ready


Checking binaries
* Selftests
Strings (command) /usr/bin/whoami[ OK ]


* System tools
Info: prelinked files found
Performing 'known good' check...
/bin/cat[ OK ]
/bin/chmod[ OK ]
/bin/chown[ OK ]
/bin/date[ OK ]
/bin/dmesg[ OK ]
/bin/env[ OK ]
/bin/grep[ OK ]
/bin/kill[ OK ]
/bin/login[ OK ]
m ]
========
=======

* Suspicious files and malware
Scanning for known rootkit strings[ OK ]
Scanning for known rootkit files[ OK ]
Testing running processes... [ OK ]
Miscellaneous Login backdoors[ OK ]
Miscellaneous directories[ OK ]
Software related files[ OK ]
Sniffer logs[ OK ]

[Press <ENTER> to continue]

* Trojan specific characteristics
shv4
Checking /etc/rc.d/rc.sysinit
Test 1[ Clean ]
Test 2[ Clean ]
Test 3[ Clean ]
Checking /etc/inetd.conf[ Not found ]
Checking /etc/xinetd.conf[ Clean ]

* Suspicious file properties
chmod properties
Checking /bin/ps[ Clean ]
Checking /bin/ls[ Clean ]
Checking /usr/bin/w[ Clean ]
Checking /usr/bin/who[ Clean ]
Checking /bin/netstat[ Clean ]
Checking /bin/login[ Clean ]
Script replacements
Checking /bin/ps[ Clean ]
Checking /bin/ls[ Clean ]
Checking /usr/bin/w[ Clean ]
Checking /usr/bin/who[ Clean ]
Checking /bin/netstat[ Clean ]
Checking /bin/login[ Clean ]

* OS dependant tests

Linux
Checking loaded kernel modules... [ OK ]
Checking files attributes[ OK ]
Checking LKM module path[ OK ]


Networking
* Check: frequently used backdoors
Port 2001: Scalper Rootkit[ OK ]
Port 2006: CB Rootkit[ OK ]
Port 2128: MRK[ OK ]
Port 14856: Optic Kit (Tux)[ OK ]
Port 47107: T0rn Rootkit[ OK ]
Port 60922: zaRwT.KiT[ OK ]

* Interfaces
Scanning for promiscuous interfaces[ OK ]

[Press <ENTER> to continue]


System checks
* Allround tests
Checking hostname... Found. Hostname is u15185411.onlinehome-server.com
Checking for passwordless user accounts... OK
Checking for differences in user accounts... OK. No changes.
Checking for differences in user groups... OK. No changes.
Checking boot.local/rc.local file...
- /etc/rc.local[ OK ]
- /etc/rc.d/rc.local[ OK ]
- /usr/local/etc/rc.local[ Not found ]
- /usr/local/etc/rc.d/rc.local[ Not found ]
- /etc/conf.d/local.start[ Not found ]
- /etc/init.d/boot.local[ Not found ]
Checking rc.d files...
Processing........................................
........................................
........................................
........................................
........................................
........................................
........................................
........................................
.............
Result rc.d files check[ OK ]
Checking history files
Bourne Shell[ OK ]

* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files...[ Warning! ]
---------------
/dev/.udevdb /etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory)

[Press <ENTER> to continue]


Application advisories
* Application scan
Checking Apache2 modules ... [ Not found ]
Checking Apache configuration ... [ OK ]

* Application version scan
- GnuPG 1.4.5 [ OK ]
- Apache 2.0.54 [ OK ]
- Bind DNS 9.3.1 [ OK ]
- OpenSSL 0.9.7f [ Old or patched version ]
- PHP 5.0.4 [ OK ]
- Procmail MTA 3.22 [ OK ]
- ProFTPd 1.3.0 [ OK ]
- OpenSSH 4.2p1 [ OK ]



Security advisories
* Check: Groups and Accounts
Searching for /etc/passwd... [ Found ]
Checking users with UID '0' (root)... [ OK ]

* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... [  OK ( Remote root login disabled) ]
Checking for allowed protocols... [  OK ( Only SSH2 allowed) ]

* Check: Events and Logging
Search for syslog configuration... [  OK ]
Checking for running syslog slave... [  OK ]
Checking for logging to remote system... [  OK ( no remote logging) ]

[Press <ENTER> to continue]


---------------------------- Scan results ----------------------------

MD5
MD5 compared: 53
Incorrect MD5 checksums: 0

 File scan
Scanned files: 342
Possible infected files: 0

 Application scan
Vulnerable applications: 1

Scanning took 100 seconds

-----------------------------------------------------------------------
 
contact swsoft, the more of us doing it the more chances they will lesson. I am through 1and1 I told them about the problem.
 
Wdcollect

Exactly the same problem. I am running FC7 and SWsoft 8.3.0

"Wdcollect service does not respond. Refer to SWsoft technical support for help."
 
Same issues here

When i did:
/usr/local/psa/admin/sbin/modules/watchdog/rkhunter -c

I got:
Fatal error: can't find configuration file (/usr/local/etc/rkhunter.conf)

"/usr/local/etc" didnt even exist.

But I found "rkhunter.conf" in
/usr/local/psa/etc/modules/watchdog/rkhunter.conf

So to verify I created "/usr/local/etc" and copied "rkhunter.conf" in there.
running "rkhunter -c" worked fine then.

Plesk control panel access to the security scan still the same and not working.
looks like accesss to rkhunter via control panel is configured in a weird way :p

To run it anyhow you could try the erm workaround by copying the config file into the location where rkhunter looks for it when you run it via shell access. Least worked for me.

(On a side note: wdcollect and awstat both messy here too.)

Regards.
 
You must log in or register to reply here.

Similar threads

G
Question WP installs are quarantined daily.
Replies
4
Views
726
Bobbbb
B
T
Resolved Migration from Debian 9 to 11.5 massive problems, warnings and errors
Replies
2
Views
1K
Thera
T
Remigio
Issue watchdog doesn't start security scan
Replies
0
Views
366
Remigio
Remigio
F
Resolved Watchdog doesnt scan server
Replies
1
Views
1K
IgorG
IgorG
M
Resolved Failed to update the Panel (due to autoinstall.plesk.com server problems)
Replies
6
Views
3K
mow
M
Back
Top