Issue Xinetd ftp issue after update 89 [Plesk 17.8.11]

[fabrizioi]

Hi All,

After upgrade #89 I have some issue with ftp access. (Plesk 17.8.11 #89, CentoOs 7 X64)

I need to restart xinetd service in order to connect via ftp to my domains after 2/3 hours of activities.

I have inspected this issue I believe there is an ssl issue.
The problem seems to be:
PAM unable to dlopen(/usr/lib64/security/pam_stack.so): /usr/lib64/security/pam_stack.so: cannot open shared

service xinetd status

Redirecting to /bin/systemctl status xinetd.service
● xinetd.service - Xinetd A Powerful Replacement For Inetd
Loaded: loaded (/usr/lib/systemd/system/xinetd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-08-26 12:18:20 CEST; 52s ago
Process: 79018 ExecStart=/usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid $EXTRAOPTIONS (code=exited, status=0/SUCCESS)
Main PID: 79019 (xinetd)
Tasks: 2
Memory: 2.8M
CGroup: /system.slice/xinetd.service
├─79019 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
└─79032 proftpd: dev04_mydomain - XX.XX.XX.XX: IDLE

Aug 26 12:18:20 serverdedicato.mydomain.com xinetd[79019]: removing tcpmux
Aug 26 12:18:20 serverdedicato.mydomain.com xinetd[79019]: removing time
Aug 26 12:18:20 serverdedicato.mydomain.com xinetd[79019]: removing time
Aug 26 12:18:20 serverdedicato.mydomain.com xinetd[79019]: xinetd Version 2.3.15 started with libwrap loadavg labeled-networking options compiled in.
Aug 26 12:18:20 serverdedicato.mydomain.com xinetd[79019]: Started working: 2 available services
Aug 26 12:18:20 serverdedicato.mydomain.com systemd[1]: Started Xinetd A Powerful Replacement For Inetd.
Aug 26 12:18:41 serverdedicato.mydomain.com xinetd[79019]: START: ftp pid=79032 from=::ffff:94.89.6.74
Aug 26 12:18:41 serverdedicato.mydomain.com proftpd[79032]: mod_tls/2.9: certificate '/usr/local/psa/admin/conf/httpsd.pem': expired on Mar 21 16:40:00 2019 GMT
Aug 26 12:18:41 serverdedicato.mydomain.com proftpd[79032]: PAM unable to dlopen(/usr/lib64/security/pam_stack.so): /usr/lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Aug 26 12:18:41 serverdedicato.mydomain.com proftpd[79032]: PAM adding faulty module: /usr/lib64/security/pam_stack.so

Any suggestions about that ?

Thanks in advance

 

[IgorG]

FTP Login suddenly does not work anymore

I have a freshly installed Plesk 12 on CentOS 7. FTP logins worked fine yesterday. Today I get a 530 Login incorrect. I think the only change since yesterday was a server reboot. /var/log/secure tells me that /etc/ftpusers is missing Jun 8 00:33:19 macbook proftpd: PAM unable to...

talk.plesk.com

 

[fabrizioi]

Hi IgorG,

Thanks for the suggestions, I have read the links provided in the post: How to fix PROFTPD login failed error

My version of /etc/pam.d/proftp is a little bit different

#%PAM-1.0
auth required<--->pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required<--->pam_stack.so service=system-auth
auth required<--->pam_shells.so
account required<--->pam_stack.so service=system-auth
session required<--->pam_stack.so service=system-auth

Do you recommend to completly override ? (after a backup of the current config file)

Regards

 

[IgorG]

Do you recommend to completly override ? (after a backup of the current config file)

On my test Plesk server I see following content of this file:

# cat /etc/pam.d/proftpd
#%PAM-1.0
auth       required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required    pam_shells.so
auth       include     system-auth
account    include     system-auth
session    include     system-auth
session    required    pam_loginuid.so

Tru to backup and then replace this file.

 

[fabrizioi]

Hi IgorG,

I never edit this file. this is the default when I have fresh install plesk 17.8.11.

I have backuped the file and replaced with your version; restarted the service, done.
I have uploaded some files correcly.

I need some days in order to verify if the isssue is fixed, but seems to be good.

Thanks you very much for your help.

Best Regards

 

[fabrizioi]

Hi IgorG,

Unfortunately Ftp stop working again.

I believe the problem can be the following, but I'm not sure:
mod_tls/2.9: certificate '/usr/local/psa/admin/conf/httpsd.pem': expired on Mar 21 16:40:00 2019

Regards

 

[mr-wolf]

I believe that's the same certificate you set here: https://<yourplesk>:8443/admin/ssl-certificate/list in "Certificate for securing Plesk"
Why is it expired?
I don't know if it's the cause of your FTP problems, but fixing that is always good.

 

[fabrizioi]

Hi all,

Sorry for the late in the reply.

Sure the certificate as the same and renew it, also fix the ssl issue on ftp side.

But actually I haven't secured plesk panel with ssl certificates.

I have fix the issue for now with this workaround

/etc/xinet.d/ftp_psa

added lines:

per_source = UNLIMITED

I have test it on 2 WebServer with Plesk 17.8.x, and after one week seem to be stable.

I believe that the correct way will be protect Plesk with an ssl certificates.

Thanks you very much for your help.

Best Regards

Fabrizio