abrtd errors
abrtd is a product by Redhat.
It is not used, required, configured or managed by ASL. If you are having issues with abrtd, please contact Redhat for assistance. The most common condition with abrtd is that it incorrectly guesses that paxtests are application crashes, and tries to collect information about them. They are not application crashes, and paxtest is performing normally. Please contact Redhat for assistance with ABRT.
If you wish to disable ABRT, run these commands as root:
service abrt-ccpp stop service abrtd stop service abrt-oops stop chkconfig --del abrtd chkconfig --del abrt-ccpp chkconfig --del abrt-oops
[edit]Redactor: not installed
If you are using cpanel:
The redactor is not supported on cpanel.
If you are not using cpanel, and are using ASL:
This means someone has uninstalled the redactor from your system. Please run the ASL installer again to ensure it reinstalled and configured correctly.
[edit]package mod_security is not installed
If you are using cpanel:
cpanel does not use package management. They have chosen to compile apache from source, and all its modules. Therefore, modsecurity must be compiled from source on your system and no package management can be used and you not see mod_security installed via rpm or yum on your system. Please direct any questions about this decision to cpanel.
If modsecurity really is not installed in cpanel, then run the ASL installer again to ensure it is reinstalled and configured correctly. Do not install modsecurity from cpanel.
If you are not using cpanel, and are using ASL:
This means someone has uninstalled modsecurity from your system. Please run the ASL installer again to ensure it reinstalled and configured correctly.
If you are not using cpanel, and not using ASL:
You will need to manually install modsecurity on your system. Please see the URL below:
https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules
[edit]PHP Startup: Unable to load dynamic library '/var/asl/usr/lib64//php/modules/sqlite3.so'
This is caused when someone or something has downgraded sqlite on your system to an older incompatible version. ASL will never do this.
Note: If you are using a control panel that is not using package management, please report this as a bug to your control panel vendor. Proper package management will prevent software from being overwritten and downgraded, and no reputible software company should be putting our software that does not use package management. The failure to use software management tools built into your operating system is both dangerous, and unnecessary amd is what causes this kind of problem.
[edit]Solution 1
Reinstallation of sqlite is one effective method for fixing this.
This command, run as root, can be used to restore sqlite on your system:
yum reinstall sqlite
If this does not resolve your issue, see Solution 2 below.
[edit]Solution 2
To try to combat this on systems where package management is not used, we've added in code to ASL to work with older versions of sqlite where possible. Not all older versions of sqlite are compatible, and a minimum version of 3.6.x is required.
To ensure all of ASL is up to date, run this command as root:
yum upgrade asl-php
You must have at least version 5.4.19-17 of asl-php installed.
[edit]PHP Web application reports "Could not open socket"
This may be because you have disabled the fsockopen PHP function, and your application requires this function. To re-enable this function in ASL, log into the ASL GUI, click on Configuration, scroll down to ALLOW_fsockopen, set it to "yes" and then click update.
If this does not resolve your issue, please contact your web application developer for assistance.
[edit]PHP web application reports "file_get_contents (etc) failed to open stream: operation failed
This happens when you either configure PHP to disable fopen for URLs, or you have configured ASL to do this. By default, ASL will not disable any PHP functions. See these two configuration options:
https://www.atomicorp.com/wiki/index.php/ASL_Configuration#PHP_URL_FOPEN
To re-enable this function in ASL, log into the ASL GUI, click on Configuration, scroll down to PHP_URL_FOPEN , set it to "yes" and then click update.
If this does not resolve your issue, please contact your web application developer for assistance.
[edit]cannot open database /var/lib/rpm and db3-error from dbenv_open
This a serious error with your operating systems software management system. This is not caused by ASL and is not something ASL can fix.
This either means that you do not have permission to access the software management system, or if you do have permission it means your operating systems software management database is corrupt or missing. Please contact your OS vendor for assistance with this issue.
[edit]Yum was not detected. Attempting to resolve..
This means that yum, the package management system built into modern Linux rpm based Linux systems, such as Redhat, Fedora and Centos is missing. This is a key and vital part of the system that makes it not only possible to install software, but also to make sure the system is up to date and properly patched. ASL will try to install yum if its missing, but if it can not you will need to discuss this issue with your OS vendor.
yum is an internal part of the OS, and if its missing something is seriously wrong with the system and should be resolved before trying to install any software.
[edit]Error: Missing Dependency: httpd-mmn = 20051115 is needed by package
This means that the system is running a non-package managed version of Apache, such as with cpanel or directadmin and your system has been configured to not allow package management or dependency resolution via a package manager. ASL will generally attempt to work around this, but in some cases this may not be possible. Please report this as a bug to your control panel vendor as disabling package management is a very bad software engineering practice.
[edit]Access denied for user 'tortix'@'localhost' (using password: YES)
This means that the credentials you have supplied to ASL to log into the mysql database are incorrect. During installation ASL will ask for credentials to create the databases it needs using the databases admin user, and later will ask what non-privileged account it should create to log into the database. Please ensure that you have configured ASL to use the non-privileged account information you instructed the installer to create during installation. You can change the database account and username information ASL uses by becoming root on your system and editing this file:
/etc/asl/config
then change these variables to the non-priviliged account you created during installation for ASL:
OSSEC_DATABASE_USERNAME
OSSEC_DATABASE_PASSWORD
For example, if you instructed ASL during installation to use the username "tortix" and the password "password" these settings would look like this:
OSSEC_DATABASE_USERNAME="tortix"
OSSEC_DATABASE_PASSWORD="password"
Save the file, and then run this command as root:
asl -s -f
If you did not setup the databases ASL uses correctly, run the following commands as root:
/var/asl/bin/database-setup
service ossec-hids restart
If ASL still can not log into the tortix database, this means that the mysql credentials ASL is using have been changed outside of ASL. Please follow this process to restore them manually
Step 1: Log into mysql as your administrative user
The administrative user in mysql is the most privileged user in mysql. This user can create users, change password and carry out other "super user" functions. By default this user is "root, but may be different for your system. For example, the user is "admin" on Plesk systems. ASL does not setup or configure this user. If you do not know what the user is, or what that users password is please contact the parties that setup mysql on your system.
Run this command:
mysql -u <admin user name> -p
For example:
mysql -u root -p
mysql will then ask for the admin users password, type it in. If you successfully log in, you will see this:
mysql>
If you have not successfully logged in, you will see this:
ERROR 1045 (28000): Access denied for user 'youradminusersname'@'localhost' (using password: NO)
ASL does not set or configure the administrative user for mysql, so if you do not know the username or password for this account, contact the parties that setup mysql on your system.
Step 2: Change the password for tortix
Enter this command into mysql, changing OSSEC_DATABASE_USERNAME and OSSEC_DATABASE_PASSWORD to the appropriate values for your system.
Example:
If OSSEC_DATABASE_USERNAME was configured on your to "tortix" and OSSEC_DATABASE_PASSWORD was configured to "mypassword", you would enter the command:
SET PASSWORD FOR 'tortix'@'localhost' = PASSWORD('mypassword');
Step 3: Flush mysqls privileges table
Type this command into mysql:
flush PRIVILEGES;
Your password is now reset. You can now quit from mysql with the command quit.
[edit]ossec-dbd(5202): ERROR: Error connecting to database 'localhost'(tortix): ERROR: Unknown MySQL server host 'localhost' (0).
Check to ensure you are not using "skip-networking" in /etc/my.cnf, OSSEC chroots and because it does so, cannot use the regular mysql socket to communicate to the database. It requires a TCP connection over the loopback IP address. Likely mysql has been configured to not listen on the loopback IP (skip-networking) or firewall rules are blocking connections to it.
[edit]ERROR: Invalid SMTP Server: localhost
This means your system is missing an entry for localhost and the operating system can not determine what the IP address for localhost is. This is a serious error on the system and will have adverse impact on other systems.
Recommended solution
1) Determine how the localhost entry was removed, this may be indicative of other serious problems with your system
2) Add a localhost entry to /etc/hosts
127.0.0.1 localhost.localdomain localhost
If this does not solve your problem with missing localhost entries you may more serious problems with your system that are beyond the scope of ASL. localhost is a standard name used on all operating systems, and all operating systems are configured with a localhost entry. If yours is missing your system has been modified from the OS vendors standard working configuration.
[edit]Horde webmail is reporting: "There was an error sending your message: Failed to open sendmail [/var/qmail/bin/sendmail] for execution."
Option 1) The host secure choice and frankly the easiest option is to configure horde to use SMTP and not to call the sendmail binary. This post in the support forum details how to configure horde to use SMTP[8]. Some versions of horde also require that you enable pfsockopen and fsockopen, you will need to enable these functions if horde still does not work after SMTP mode. We recommend you test horde first to make sure you actually need these functions, rather than enabling them in advance. They can create a hole in PHP if they are enabled, and should only be enabled if you know need them.
Option 2) Horde can run in one of two modes, the default is to use exec() and/or popen() to send mail. This mode is less secure. If you do not want to use SMTP, just enable those functions in the ASL Configuration and you are setup. Some versions of horde also require that you enable pfsockopen and fsockopen, you will need to enable these functions if horde still does not work after enabling exec and popen. We recommend you test horde first to make sure you actually need these functions, rather than enabling them in advance. They can create a hole in PHP if they are enabled, and should only be enabled if you know need them.
You can also enable those functions just for specific applications or virtual domains. This post in the support forums details how to only allow functions for webmail [9]. The escapeshellcmd function also needs to be available or sending mail will fail without any error messages.
[edit]Cant get or send mail with webmail application
This can happen if a webmail application is written in PHP and requires a PHP function that has been disabled based on either your ASL configuration, or was manually disabled in your PHP configuration file (php.ini). Most webmail clients require these functions to be enabled in PHP at a minimum:
- exec
- popen
Some webmail clients will also require these functions:
- pfsockopen
- fsockopen
If you are using horde, please see the FAQ above for an additional more secure option, which uses SMTP instead of the exec and popen functions.
[edit]What does the following alert mean and what should be done?
Message: [file "/etc/httpd/modsecurity.d/05_asl_scanner.conf"] [line "37"] [id "351000"] [rev "1"] [msg "Malicious File upload attempt"] [severity "CRITICAL"] Access denied with code 403 (phase 2). File "/tmp/12345" rejected by the approver script "/usr/bin/modsec-clamscan.pl": 0 Unable to parse clamscan output [WARNING: Can't connect to clamd.] Action: Intercepted (phase 2) Stopwatch: 12345 12345 (12345* 12345 -) Producer: 200811121208. Server: Apache/2.0.63 (CentOS)
This means that clamd is not running on the system. Please check to make sure that clamd is running. You can do that by executing the following command as root:
ps auxwww | grep clamd
If you do not get a result like this:
[root@www3 clamav]# ps auxwww | grep clamd clamav 21142 0.0 8.5 203064 173996 ? Ss 04:21 0:04 clamd
clamd is not running. To start clamd simply run this command:
/etc/init.d/clamd start
[edit]Error: Cannot retrieve repository metadata (repomd.xml) for repository: plesk. Please verify its path and try again
Solution:
http://www.atomicorp.com/channels/plesk/README
The plesk third party RPM archive has moved! Running the installer again will reconfigure your system to use the new channel.
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
[edit]Metadata file does not match checksum
This is not an ASL error, that error is generated by your Operating Systems package management system. Please contact your OS vendor for assistance. The information that follows is provided as a courtesy. This tool is not part of ASL, is not used by ASL and is not supported by Atomicorp.
This generally means your yum cache has corrupt or old data in it, you need to clear your yum cache.
Method 1)
Run this command as root:
yum clean metadata
Method 2)
yum clean all
Method 3)
If the previous two methods do not work, and you have fastestmirror installed you may need to rebuild your cache:
yum makecache --disableplugin=fastestmirror
Method 4)
If you still can not get yums cache cleared you may need to disable fastestmirror:
vi /etc/yum/pluginconf.d/fastestmirror.conf
And set "enable=0"
Method 5)
If your package management database seems corrupt, you can try to rebuild it with this command run as root:
rpm --rebuilddb
This is generally not required unless you have killed an rpm operation or had a crash during an rpm operation.
Method 6)
Remove fastestmirror (if you have it installed):
yum remove yum-fastestmirror
[edit]Package psa-tomcat-configurator needs mod_jk, this is not available.
See this post on the Plesk forums: http://forum.swsoft.com/showthread.php?t=56344
This is not an ASL or ART issue.
[edit]Rule: 30104 fired (level 12) -> Apache segmentation fault
Solution:
This means that apache is experiencing a recoverable memory error. We have found that mod_memcache seems to cause this. Turning it off has worked for many users.
Also, see this wiki article for more information on apache debugging:
http://www.atomicorp.com/wiki/index.php/Apache
[edit]Java is stopped by PAX
Solution: Java performs certain actions that violate stack protection security models. To allow JAVA to run in this manner, you simply need to run this command:
paxctl -mps /path/to/java/bin/java
Where /path/to/java/bin/java is the path to your java vinary, for example:
paxctl -mps /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java
[edit]DEBUGGER DETECTED... Bye!
This message is generated by Parallels programs that attempt to detect if the user is running the Parallels program through a debugger. If you are not running a debugger, and you are running the ASL kernel this is most like caused by the a bug in the Parallels program that incorrectly detects this condition. The FAQ article above provides a solution to workaround this bug in Parallels products.
You can also read more about the kernels ptrace exploitation protections.
[edit]Deleting old audit records
Solution:
/usr/bin/find /var/asl/data/audit -maxdepth 1 -type d -ctime +7 -exec /bin/rm -rf {} \;
Change the number “7” to the number of days of audit records you wish to keep.
[edit]up2date issues
[edit]up2date_client.up2dateErrors.CommunicationError: Error communicating with server.
This means that Redhats up2date client can not communicate with the Redhat update servers. Please contact Redhat for assistance with this error.
[edit]Error communicating with server. The message was:
When running yum update or yum upgrade this error occurs:
Loading "installonlyn" plugin
Loading "rhnplugin" plugin
There was an error communicating with RHN.
RHN support will be disabled.
Error communicating with server. The message was:
Error Message:
Please run rhn_register (or up2date --register on Red Hat Enterprise Linux 3 or later)
as root on this client
Error Class Code: 9
Error Class Info: Invalid System Credentials.
Explanation:
An error has occurred while processing your request. If this problem
persists please enter a bug report at bugzilla.redhat.com.
If you choose to submit the bug report, please be sure to include
details of what you were trying to do when this error occurred and
details on how to reproduce this problem.
Solution:
This is not an ASL error. This means that your system is configured to use Redhat Update Network and you do not have valid credentials to use their server. Contact Redhat support for assistance.
[edit]yum update errors
[edit]Error performing checksum
This usually means that yums cache is out of date, try running this command as root to clear the cache before you run your yum installation or upgrade/update commands:
yum clean all
[edit]HTTP Error 401: Authorization Required
When running yum update or yum upgrade this error occurs:
Setting up Upgrade Process
Setting up repositories
http://atomicorp.com/channels/asl-2.0/c ... repomd.xml: [Errno 14] HTTP Error 401: Authorization Required
Trying other mirror.
Error: Cannot open/read repomd.xml file for repository: asl-2.0
Solution:
This means that your system is not configured with a valid ASL subscription account. Please check your username and password in your asl configuration and check to make sure your subscription is up to date.
[edit]Tomcat is stopped by PAX
Solution: Java performs certain actions that violate stack protection security models. To allow JAVA to run in this manner, you simply need to this command as root:
paxctl -mps /path/to/java/bin/java
Where /path/to/java/bin/java is the path to your java vinary, for example:
paxctl -mps /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java
[edit]There are unfinished transactions remaining.
The error continues:
You might consider running yum-complete-transaction first to finish them. The program yum-complete-transaction is found in the yum-utils package.
This is not an ASL error, that error is generated by your Operating Systems package management system. This error means that your operating systems package management system was previously used to install, remove and/or upgrade software, and the last transaction was not completed. This has left the package management system of your operating system in an incomplete state, and is preventing software from being properly installed, upgraded and/or deleted.
This tool is not part of ASL, is not used by ASL and is not supported by Atomicorp. Please contact your OS vendor for assistance with issues with your OSes package management system. The information that follows is provided as a courtesy only.
If you want to install this tool, please follow the instructions generated by yum. Specifically, this message is stating that the tool yum-complete-transaction is part of the "yum-utils" package:
The program yum-complete-transaction is found in the yum-utils package. To install that package you need to run this command as root:
yum -y install yum-utils
You need to install that package to use that tool. This tool is part of the overall system that allows you to (among other things) pause & resume upgrades.
If you dont know where a component comes from you can use "yum provides /path/to/file" (wildcards accepted) to search.
Once this tool is installed, you can tell your OSes package management system to complete the last incomplete transaction with this command:
yum-complete-transaction
[edit]Error: Missing Dependency: httpd-mmn = 20051115 is needed by package
This means that the system does not have apache installed. If you have installed apache via a non-package managed means (such as from source code). Contact your apache vendor for assistance with this error.
[edit]error: unpacking of archive failed on file /var/asl/etc/httpd/logs: cpio: rename
Context: Updating the tortixd package via aum or yum
Cause: /var/asl/etc/httpd/logs is a directory. This should be a symbolic link to /var/log/tortixd
Step 1) Remove the log directory from /var/asl/etc/httpd/
rm -rf /var/asl/etc/httpd/logs*
Step 2) Update the tortixd package with:
aum -u
[edit]
Context: Updating with aum, or yum
Cause: The account is using a VPS subscription, which does not have access to the Kernel channel
Step 1) Log into ASL Web, and select:
Settings->ASL Configuration->General->Kernel Channel
Step 2) Set to "Disabled"
Step 3) Click save changes
[edit]Error in PREUN scriptlet in rpm package paxctld-systemd-1.2.1-1.el7.art.x86_64
Context: Updating the paxctld package on EL7, results in duplicate entries
Cause: Package issue with paxctld 1.2.1
Step 1) Log into the system, and become root
Step 2) Run:
rpm -e paxctld-systemd-1.2.1-1.el7.art.x86_64 --justdb
Comments
0 comments
Article is closed for comments.