• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Watchdog2 Event?

C

chaoszwerg

Guest
hi,

i get the follwoing message from watchdog2:

[01:02:39] WARNING, found: /dev/.udevdb (directory) /etc/.java (directory)
[01:02:41] Warning: root login possible. Change for your safety the 'PermitRootLogin'
[01:02:41] Warning: SSH version 1 possible allowed!


how can i resolve these warnings, are they critical?

thx
oli
 
Originally posted by chaoszwerg
[01:02:41] Warning: root login possible. Change for your safety the 'PermitRootLogin'
[01:02:41] Warning: SSH version 1 possible allowed!
how can i resolve these warnings, are they critical?
[/B]
Click to expand...

login with SSH
go to /etc/ssh/
edit sshd_config
find the line "Protocol 2" make sure it doesn't have "1" in it
find the line "PermitRootLogin no" make sure it read "no"

save the changes. BEFORE you restart SSH make sure you have a user you can login with and from which you can change to root

type: adduser NAME
type: passwd NAME

RESTART ssh (type: service sshd restart)
 
hi eilko,

thanks for the quick answer.

how critical is the root login ?

what kind of user i need to change to root?
 
If your password is very cryptic it's unlikely to be a problem. The suggestion of blocking root access is to make it more difficult for people (or usually scripts) from guessing your login credentials and gaining root access to your server. A cryptic root password coupled with brute-force blocking is secure enough IMHO.
 
hi,

ok my root password is: adminpassword

is this secure enough???

:) no joking!

where can a find the option for brute-force blocking?
 
Ohmigod! that's my root password too!

lol

I have been dealing with a number of brute force attempts on several of my servers and would also be interested in the "brute force checking" described in the previous post.
 
ART

I'd recommend ARTs (atomicrocketturtle.com) ASL which installs a grsec kernel, and also install ARTs mod_security and mod_dosevasive as an added and most needed layer of protection after your initial upgrade with the grsecurity kernel.

Although R-fx Networks Brute Force Detection (BFD) works, it's a bit tedious and to some hard to configure on certain servers.

peedle....- if that is really your password you're in trouble already. :confused:
 
I downloaded BFD and installed it...but it doesn't seem to do anything... I have personally reviewed the logs and KNOW that Brute force login attempts are being made, however it looks like BFD isn't doing anything.


I dont get any errors, and I have looked at the conf file for BFD and it looks like it is set up to access the right log files, however I'm unable to determine if it is actually doing anyting...


Got any further suggestions?
 
You'd be better served by asking the guys at

http://www.rfxnetworks.com/

Trust me, unless you have those apps setup for your server you'll have problems.

NOT that you are having problems. BFD isn't going to report brute force unless it happens, so unless you have a test app to test it, then and again, you should join the forums at rfxnetworks and ask.
 
I got the following warning too:

/etc/.java

If you then go down enough dirs and eventually there are two empty files.

drwxr-xr-x 2 root root 4.0K May 9 17:42 .
drwxr-xr-x 3 root root 4.0K May 9 17:42 ..
-rw-r--r-- 1 root root 0 May 9 17:42 .system.lock
-rw-r--r-- 1 root root 0 May 9 17:42 .systemRootModFile

Is this indeed a problem ?
 
Hi,

There was a post on wht about the .java folder with the empty files.

I was told you can leave it or remove it so I removed it on my server.

I am getting this also but may be because when CentOS 3.6 updated it goes to CentOS 3.7:

"Warning: This operating system is not fully supported! "
 
you know, set firewall to block ALL IP's minus Those with permission to access root.

It's useful to have multiple IP's in case you're own IP Changes.

and if the data-center is good enough to of given you a hardware firewall, then u only need to give em a call to lift the block or change ur IP access.
 
You must log in or register to reply here.

Similar threads

K
Issue Docker containers don't start after plesk/extension upgrades
Replies
0
Views
1K
kassi
K
L
Issue NGINX [emerg] "fastcgi_cache" zone "*****.it_fastcgi" is unknown in /etc/nginx/nginx.conf:41 nginx: configuration file /etc/nginx/nginx.conf
Replies
0
Views
840
Lorenzo P
L
M
Question Upgrade MariaDB 10.3 to 10.11 via Plesk 18.0.61 on Debian 10
Replies
1
Views
608
Kaspar@Plesk
Kaspar@Plesk
U
Issue DRWeb logging to root console
Replies
5
Views
561
uniauto
U
K
Question Error message during Plesk Updates “Warning: install PAM module not successed” (PAMConfig.confset.PAMServiceError: system-auth)
Replies
0
Views
1K
kosmos
K
Back
Top