Articles in this section

See more

What Watchdog warnings may be safely ignored

Avatar
Natalia Astashenko
Updated
Follow

Applicable to:

  • Plesk for Linux

Question

What Watchdog warnings may be safely ignored?

Answer

The following list of warnings may be safely ignored:

1.

[16:34:46] Warning:&nbsp Package manager verification has failed:
[16:34:46] File: /usr/local/psa/etc/modules/watchdog/rkhunter.conf
[16:34:46] The file hash value has changed
[16:34:46] The file size has changed
[16:34:46] The file modification time has changed

Watchdog configuration was changed via Plesk

2.

[16:35:32] Warning: The following suspicious shared memory segments have been found:
[16:35:32] Process: /usr/sbin/httpd PID: 9522 Owner: root
[16:35:32] Process: PID: 25000 Owner: psaadm
[16:35:32] Process: /usr/bin/postgres PID: 9759 Owner: postgres

These shared memory segments are owned by Apache, Plesk and Postgres

3.

[16:35:33] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[16:35:33] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa

Services are enabled for Plesk functioning

4.

[16:35:38] Warning: Hidden directory found: /dev/.udev
[16:35:38] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
[16:35:39] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression
[16:35:39] Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, from Unix, max compression
[16:35:39] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
[16:35:39] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
[16:35:39] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text

- *.hmac files are used for messages authentication, see SSH manual

- /usr/share/man/ folder is used for packages manuals

- directory /dev/.udev is created by the udevd daemon and used for system boot process.

 

Additional information

For more information about watchdog, refer to the documentation article.

For the purpose of scanning the server for malware, Watchdog uses the Rootkit Hunter utility. For additional information regarding Rootkit Hunter, visit the Rootkit Hunter developer's Web site.

It is possible to whitelist many warnings encountered by the next information

http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/README

http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/FAQ

Comments

0 comments

Please sign in to leave a comment.

Related articles