Watchdog On-Demand Scanning Problem

[Hyncos]

In order to run rkhunter manually you have to add the configfile option.

/opt/psa/admin/sbin/modules/watchdog/rkhunter --configfile /opt/psa/etc/modules/watchdog/rkhunter.conf -c

(see http://kb.swsoft.com/en/1323)

 

[PixyPumpkin]

Ok, Thx! but I do not want to do it manualy thats why I have a CONTROL PANEL!

Very strange that SwSoft is leaving this security option as it is NOT WORKING

 

[bibliopegist]

In order to run rkhunter manually you have to add the configfile option.

/opt/psa/admin/sbin/modules/watchdog/rkhunter --configfile /opt/psa/etc/modules/watchdog/rkhunter.conf -c

(see http://kb.swsoft.com/en/1323)

eh eh eh, no such directories on my server, the opt directory is empty......

 

[elger]

eh eh eh, no such directories on my server, the opt directory is empty......

And what does /usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update --configfile /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c do for you?

 

[bibliopegist]

And what does /usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update --configfile /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c do for you?

/usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update --configfile works,
/usr/local/psa/admin/sbin/modules/watchdog/rkhunter -c works

but

> /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c
bash: /usr/local/psa/etc/modules/watchdog/rkhunter.conf: Permission denied

 

[elger]

> /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c
bash: /usr/local/psa/etc/modules/watchdog/rkhunter.conf: Permission denied

Try to find the file, type:
updatedb
Wait untill it is done... might be a minute or so and then:
locate rkhunter.conf
now all files and directories with the name rkhunter.conf are listed in a milisecond...

If the file does not exist you might have an awnser to your question... (there is no configfile so it won't work...)

 

[dash]

I found the following error message in /usr/local/psa/var/modules/watchdog/report/securscan log:

"Test 'force' in '/usr/local/psa/libexec/modules/watchdog' was not found, or necessary permission were not granted"

But I don't know what that might mean.

There IS a file called 'force' in '/usr/local/psa/libexec/modules/watchdog/security'. Is the on-demand scanner perhaps looking in the wrong place for 'force' and that's why it's failing? If so, any ideas how I can fix this?

As a workaround you can set
auto_globals_jit = Off
in /usr/local/psa/admin/conf/php.ini
looks like it works.

 

[bibliopegist]

Try to find the file, type:
updatedb
Wait untill it is done... might be a minute or so and then:
locate rkhunter.conf
now all files and directories with the name rkhunter.conf are listed in a milisecond...

If the file does not exist you might have an awnser to your question... (there is no configfile so it won't work...)

> updatedb
> locate rkhunter.conf
/usr/local/etc/rkhunter.conf
/usr/local/psa/etc/modules/watchdog/rkhunter.conf

well I know it's here because I placed it there after installing rkhunter when I discovered that plesk8.3.0 erased it in the upgrade.
This however does not solves the problem with on demand scanning from the plesk panel.
Anyone with news from swsoft on this issue?

 

[webviva]

In my case, the solution proposed by dash is the correct.

I had the following situation: rkhunter and force (/usr/local/psa/libexec/modules/watchdog/security/force) work fine from command line. I can execute them and the log file is stored at /var/log/rkhunter.log and all is OK. The problem was to execute "Security on demand" from Plesk. It doesn't work and always show "Never executed (or something similar)". If I ran force script from command line and I change the owner of /var/log/rkhunter.log file to

root:psaadm

then Plesk panel shows that the scanning was made and it shows the result of the scanner but If I try to execute the scan from Plesk it doesn't work...

As dash has proposed, in my server it was a problem with php configuration and not a problem of Plesk itself (or rkhunter). I have changed

auto_globals_jit = Off -> This one was in "On"
register_argc_argv = Off -> This one was in "On"
register_long_arrays = Off 
register_globals = Off

in php.ini file and I have restarted apache

And this solve the problem!

Thanks

 

[bibliopegist]

As dash has proposed, in my server it was a problem with php configuration and not a problem of Plesk itself (or rkhunter). I have changed

auto_globals_jit = Off -> This one was in "On"
register_argc_argv = Off -> This one was in "On"
register_long_arrays = Off 
register_globals = Off

in php.ini file and I have restarted apache

And this solve the problem!

Thanks

Same here, Thanks a bunch, it now works.

 

[sparkybarkalot]

That didn't work for me...

Still cannot do the on-demand scan in Plesk after making the following changes (as suggested above):

auto_globals_jit was "On" so I changed it to "Off"
register_argc_argv was "Off" so I did not change it.

Saved php.ini, restarted apache, and still cannot do an on-demand scan in Plesk.

I can still continue to scan successfully from the command line, however.

Did I miss something? Anyone else still having problems as well, after making the above changes?

 

[webviva]

If you execute rkhunter from command line, it works?

If it doesn't works, then the problem will be some misconfiguration of watchdog.

 

[bibliopegist]

Still cannot do the on-demand scan in Plesk after making the following changes (as suggested above):

auto_globals_jit was "On" so I changed it to "Off"
register_argc_argv was "Off" so I did not change it.

Saved php.ini, restarted apache, and still cannot do an on-demand scan in Plesk.

I can still continue to scan successfully from the command line, however.

Did I miss something? Anyone else still having problems as well, after making the above changes?

/usr/local/psa/admin/conf/php.ini

this is where my php.ini file is, that's the one plesk use. There is another one in /etc that is not used. Didi you flip the switches in the correct one?

 

[Palmarium]

So now my on-demand scan in Plesk also works ...
for all those who still have problems i will give you a short summary what i did ...

this command didnt work for me

/opt/psa/admin/sbin/modules/watchdog/rkhunter --configfile /opt/psa/etc/modules/watchdog/rkhunter.conf -c

so i used this one and the watchdog run in the console

/usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update --configfile /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c

after that i changed the following variables in the php.ini in /usr/local/psa/admin/conf/php.ini

auto_globals_jit = Off -> This one was in "On"
register_argc_argv = Off -> This one was in "On"
register_long_arrays = Off
register_globals = Off

then you have to restart the webserver and everything works also in plesk

thx for all your help

 

[bibliopegist]

Yes, same steps for me here and it works.
So that's for rkhunter, but the rest of watchdog is still not working as it should, on the system monitoring email I receive everyday, the date is still always the same :

Subject: Watchdog daily report Dec 31, 1969 (Wednesday) on

Watchdog is running since Jan 11, 2008 01:00 AM.
Watchdog is monitoring services:
Plesk Web Server
Web Server (Apache)
SMTP Server (QMail)
IMAP/POP3 Server (Courier-IMAP)
DNS Server (BIND)
MySQL
Plesk SpamAssassin
Watchdog is monitoring:
[normal] /dev/hda1 (mount point /)

[normal] /dev/hda6 (mount point /home)

[normal] /dev/hda5 (mount point /usr)

[normal] /dev/hda7 (mount point /var)


Security scans number: 0.

No events registered for the period.

 

[sparkybarkalot]

Now working for me as well

bibliopegist, thanks for pointing me to the correct php.ini. After making the suggested changes to /usr/local/psa/admin/conf/php.ini it is working for me now! Thanks everyone.

 

[sbillis]

Opps Sorry folks

 

[virtualahmad]

is there a fix without changing php.ini variables ? I'm not sure what affect those variables will have on apps running on the server....

 

[webviva]

These changes only affect to plesk (it's the php.ini located under /usr/local/psa/admin).

 

[ZopfWare]

Anyone have an answer to this one? WOuld really like to have RKhunter run from the control panel.