Applicable to:
- Plesk Onyx for Linux
Symptoms
-
Unable to access Plesk: 502 Bad Gateway error is shown.
-
In
/var/log/sw-cp-server/error_log
the following error is shown:CONFIG_TEXT: 2017/02/25 11:21:58 [error] 29398#0: *11 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: , request: "POST /login_up.php3 HTTP/1.1", upstream: "fastcgi://unix:/var/run/sw-engine.sock:", host: "xxx.xxx.xxx.xxx:8443", referrer: "https://xxx.xxx.xxx.xxx:8443/login_up.php3"
-
In
/var/log/syslog or in /var/log/messages
the following message can be found:CONFIG_TEXT: Feb 25 12:55:21 server kernel: grsec: From xxx.xxx.xxx.xxx: process /usr/bin/sw-engine(sw-engine:3782) attached to via ptrace by /usr/bin/sw-engine[sw-engine:3785] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sw-engine[sw-engine:3782] uid/euid:0/0 gid/egid:0/0
Feb 25 12:55:22 server kernel: grsec: From xxx.xxx.xxx.xxx: denied ptrace of /usr/bin/sw-engine(sw-engine:3793) by /usr/bin/sw-engine[sw-engine:3796] uid/euid:999/0 gid/egid:1000/1000, parent /usr/bin/sw-engine[sw-engine:3793] uid/euid:999/0 gid/egid:1000/1000
The following symptoms may also occur:
-
Unable to install any application, it hangs on 0% or 1%.
-
Unable to update plugins.
Cause
OS uses grsec
kernel which is not supported by Plesk with enabled ptrace
which does not allow Plesk work normally.
Resolution
-
Connect to the server via SSH and disable ptrace by adding the following line into
/etc/sysctl.conf
:CONFIG_TEXT: kernel.grsecurity.harden_ptrace = 0
-
Reload system variables:
# sysctl -p
OR:
-
Run the following commands to disable enforced secure memory protection:
# service sw-engine stop
# paxctl -cm /usr/sbin/sw-engine-fpm
# paxctl -cm /usr/bin/sw-engine
# service sw-engine start
Note: If the issue persists after above steps, reboot the system using standard CentOS kernel or contact Grsec support team.
Comments
0 comments
Please sign in to leave a comment.