• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue with Watchdog under PLESK v9.2.1

N

Noah Kaufman

Guest
There is an issue with PLESK v9.2.1 running on RedHat 4 ES Update 8.
(This also applies to other Linux systems as well....)

The issue with PLESK v9.2.1 is where the Watchdog module
specifies an option on the weekly report that rkhunter 1.3.4 does not
support.

The file:
/usr/local/psa/admin/plib/report/autoreport.php
Which is called as part of:
/etc/cron.weekly/50plesk-weekly
Calls a depricated option called "--report-mode"

You can see this error when you review the Watchdog module reports
generated on a weekly basis, that are located in:
/usr/local/psa/var/modules/watchdog/report

According to the rkhunter web page located here:
http://www.rootkit.nl/projects/rootkit_hunter.html
The correct option should probably be: --nocolors

This will happen on any PLESK / Linux system where rkhunter is running v1.3.4.
 
same problem in v9.2.3

This problem still exists in Plesk 9.2.3. Here's the full output of the "report":

[ Rootkit Hunter version 1.3.4 ]

Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
Invalid option specified: --report-mode


I'm pretty sure rkhunter doesn't even do any checks because of this. If I run rkhunter by hand, specifying the invalid "--report-mode" flag, here's the output I get:

[root@server ~]# /usr/local/psa/admin/bin/modules/watchdog/rkhunter --check --update --report-mode
Invalid option specified: --report-mode
[root@server ~]#

Whereas, if you omit the "--report-mode" flag, it runs normally. "--report-mode" was removed in rkhunter 1.3.0.
http://rkhunter.cvs.sourceforge.net/viewvc/*checkout*/rkhunter/rkhunter/files/CHANGELOG
http://rkhunter.sourceforge.net/

The desired options instead of "--report-mode" are probably "--cronjob --report-warnings-only" (--cronjob implies --nocolors). Unfortunately, this script is encoded and can't be changed by anyone but Parallels.
 
Just remove --report-mode from rkhunter call in /usr/local/psa/libexec/modules/watchdog/security/schedule
 
You must log in or register to reply here.

Similar threads

Hangover2
Resolved Watchdog does not install Rootkit Hunter
Replies
5
Views
9K
AYamshanov
AYamshanov
Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
406
yfain
Y
R
Resolved WP Toolkit/Wordpress Toolkit - older version screenshot issue
Replies
4
Views
3K
rhall
R
O
Question How Can I Set Up Email Notifications in Plesk to Alert Me About Issues with the "Locate My Postal Code" Tool?
Replies
0
Views
2K
OusmaneKannon
O
P
Question Drupal CMS 1.0 with Plesk: Composer PATH issue for automatic updates
Replies
7
Views
1K
horvan
H
Back
Top