Cannot start sw-engine: Error 0x7a911401 in attaching to process!

Created:

2016-12-30 18:47:20 UTC

Modified:

2017-08-16 16:58:48 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Cannot start sw-engine: Error 0x7a911401 in attaching to process!

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 11.x for Linux
  • Plesk 12.0 for Linux

Symptoms

Plesk shows 500 Internal server error. sw-engine process can not be started.

Unable to start sw-engine-fpm manually. The following error appears:

# /usr/bin/sw-engine-fpm -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm
Starting sw-engine-fpm: [-] Error 0x7a911401 in attaching to process!
Child process return code 255

The following command failed:

# strace -o /dev/null grep -i trace /proc/self/status
[-] Error 0x7a911401 in attaching to process!
strace: test_ptrace_setoptions_for_all: unexpected exit status 255

# strace ls
[-] Error 0x7a911401 in attaching to process!
Child process return code 255

The following error may also appear in /var/log/sw-cp-server/error_log :

(mod_fastcgi.c.1068) the fastcgi-backend /usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm failed to start:
(mod_fastcgi.c.1072) child exited with status 1 /usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm
(mod_fastcgi.c.1075) If you're trying to run your app as a FastCGI backend, make sure you're using the FastCGI-enabled version.
If this is PHP on Gentoo, add 'fastcgi' to the USE flags.
(mod_fastcgi.c.1171) [ERROR]: spawning fcgi failed.
  • /lib/libgrubd.so file is present and having the following checksums:

    MD5 checksum is "300b1066d197ee94a97393c6c79e0f46"

    # md5sum /lib/libgrubd.so
    300b1066d197ee94a97393c6c79e0f46 /lib/libgrubd.so

    SHA256 checksum "a3a5e17e45c5fc27a3dcc4d11b1d6eb67c1726bd1e4dbd873f5238040c6de5ce"

    # sha256sum /lib/libgrubd.so
    a3a5e17e45c5fc27a3dcc4d11b1d6eb67c1726bd1e4dbd873f5238040c6de5ce /lib/libgrubd.so

    Cause

  • Kernel ptrace enabled

  • The server has been compromised, some malware library intercept system calls, including prtace as a debug protection option.

Resolution

Make sure that kernel ptrace is disabled.

Move library libgrubd.so to another location and comment reference for this library in /etc/ld.so.preload config:

# mv /lib/libgrubd.so /root
# cat /etc/ld.so.preload
#/lib/libgrubd.so

Restart psa service:

# service psa restart
Have more questions? Submit a request
Please sign in to leave a comment.