rkhunter and fail2ban logs not showing at ispconfig
i have a similar problem with this thread http://www.howtoforge.com/forums/showthread.php?t=44694 (which is not solved)
rkhunter and fail2ban logs not showing at ispconfig logfiles.
until yesterday rkhunter log was showing. i don't remember fail2ban to ever showed there...
Could you help?
I run ispconfig on centos 6.2 and nginx. Yesterday i did a yum update if that could help.
In which logfile does rkhunter and fail2ban log their actions on your server?
Here is the log of the updates i made before this happen:
Feb 05 20:39:33 Updated: glibc-common-2.12-1.47.el6_2.5.x86_64
Feb 05 20:39:46 Updated: glibc-2.12-1.47.el6_2.5.x86_64
Feb 05 20:39:48 Updated: php-common-5.3.10-2.el6.remi.x86_64
Feb 05 20:39:51 Updated: openssl-1.0.0-20.el6_2.1.x86_64
Feb 05 20:39:53 Updated: php-pdo-5.3.10-2.el6.remi.x86_64
Feb 05 20:39:53 Updated: openssh-5.3p1-70.el6_2.2.x86_64
Feb 05 20:39:55 Updated: php-cli-5.3.10-2.el6.remi.x86_64
Feb 05 20:39:57 Updated: t1lib-5.1.2-6.el6_2.1.x86_64
Feb 05 20:40:00 Updated: kernel-firmware-2.6.32-220.4.1.el6.noarch
Feb 05 20:40:07 Updated: kernel-headers-2.6.32-220.4.1.el6.x86_64
Feb 05 20:40:12 Updated: glibc-headers-2.12-1.47.el6_2.5.x86_64
Feb 05 20:40:14 Updated: glibc-devel-2.12-1.47.el6_2.5.x86_64
Feb 05 20:40:21 Installed: kernel-2.6.32-220.4.1.el6.x86_64
Feb 05 20:40:21 Updated: php-gd-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:23 Updated: php-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:27 Updated: openssh-server-5.3p1-70.el6_2.2.x86_64
Feb 05 20:40:28 Updated: openssh-clients-5.3p1-70.el6_2.2.x86_64
Feb 05 20:40:29 Updated: php-mysql-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:31 Updated: php-odbc-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:32 Updated: php-mssql-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:34 Updated: openssl-devel-1.0.0-20.el6_2.1.x86_64
Feb 05 20:40:36 Updated: php-fpm-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:38 Updated: php-imap-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:42 Updated: 1:php-eaccelerator-0.9.6.1-11.el6.remi.x86_64
Feb 05 20:40:43 Updated: php-xmlrpc-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:44 Updated: php-mcrypt-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:45 Updated: php-mbstring-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:46 Updated: php-xml-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:47 Updated: php-soap-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:48 Updated: php-snmp-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:48 Updated: php-tidy-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:54 Updated: php-ldap-5.3.10-2.el6.remi.x86_64
Feb 05 20:40:56 Updated: at-3.1.10-43.el6_2.1.x86_64
Feb 05 20:41:02 Updated: ghostscript-8.70-11.el6_2.6.x86_64
Feb 05 20:41:09 Installed: kernel-devel-2.6.32-220.4.1.el6.x86_64
and one more thing is that i changed the default ssh port to something else
The log locations are ok. Please check that the fail2ban.log is not empty.
Regarding rkhunter, do you get the rkhunter sacn result on the shell when you execute this command:
rkhunter --update --checkall --nocolors --skip-keypress
Checking for hidden files and directories [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
/usr/bin/unhide [ Warning ]
/usr/bin/unhide-tcp [ Warning ]
which was there since forever.
for fail2ban here is the last lines of the non-empty log:
I found out that the problem is more more serious! I tried to add a new site, blog.riosif.gr.
Vhosts at nginx/sites-enabled and nginx/sites-active created. But nothing created at /var/www/
At the sites options i read "/var/www/clients/client1/web34/web:/var/www/clients/client1/web34/tmp" but no web34 folder is created.
I think this is caused of the update. What should i do? Please help!
One more thing i just found out and has to do with the no creation of new sites is this error when i try to restart php-fpm:
"Starting php-fpm: [07-Feb-2012 16:41:22] ERROR: [pool web36] cannot get uid for user 'web36'
[07-Feb-2012 16:41:22] ERROR: FPM initialization failed"
after that i delete the web36.conf
and php-fmp starts again but i cannot add new websites.
I guess that all this has something to do with priviledges of ispconfig but how should i fix it?
Maybe i should reinstall ispconfig? How could this be done?
Dont reinstall ispconfig, this will just mess up your system.
Just look into the system log in the ispconfig monitor if there are any errors blocking the processing of system changes and if there are no errors, take a look at the ispconfig debugging instructions in the ispconfig faq.
I figure out that the problem is that when i add a new site no user is created and as a result nothing else is created. So i think it's a permissions issue that ispconfig can't create a new user(for example user web30 is not created).
Anyways i'll do an os reinstall. Last general linux os question. Because i'm not a linux/unix advanced user is there any article you know of or any guide or something about backing up-restoring the os at a previous state that could solve that kind of issues without a need of reinstallation?
|All times are GMT +2. The time now is 02:11.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.