- Plesk Onyx for Linux
Unable to access Plesk: 502 Bad Gateway error is shown.
/var/log/sw-cp-server/error_logthe following error is shown:
CONFIG_TEXT: 2017/02/25 11:21:58 [error] 29398#0: *11 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: , request: "POST /login_up.php3 HTTP/1.1", upstream: "fastcgi://unix:/var/run/sw-engine.sock:", host: "xxx.xxx.xxx.xxx:8443", referrer: "https://xxx.xxx.xxx.xxx:8443/login_up.php3"
/var/log/syslog or in /var/log/messagesthe following message can be found:
CONFIG_TEXT: Feb 25 12:55:21 server kernel: grsec: From xxx.xxx.xxx.xxx: process /usr/bin/sw-engine(sw-engine:3782) attached to via ptrace by /usr/bin/sw-engine[sw-engine:3785] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sw-engine[sw-engine:3782] uid/euid:0/0 gid/egid:0/0
Feb 25 12:55:22 server kernel: grsec: From xxx.xxx.xxx.xxx: denied ptrace of /usr/bin/sw-engine(sw-engine:3793) by /usr/bin/sw-engine[sw-engine:3796] uid/euid:999/0 gid/egid:1000/1000, parent /usr/bin/sw-engine[sw-engine:3793] uid/euid:999/0 gid/egid:1000/1000
The following symptoms may also occur:
Unable to install any application, it hangs on 0% or 1%.
Unable to update plugins.
grsec kernel which is not supported by Plesk with enabled
ptrace which does not allow Plesk work normally.
Connect to the server via SSH and disable ptrace by adding the following line into
CONFIG_TEXT: kernel.grsecurity.harden_ptrace = 0
Reload system variables:
# sysctl -p
Run the following commands to disable enforced secure memory protection:
# service sw-engine stop
# paxctl -cm /usr/sbin/sw-engine-fpm
# paxctl -cm /usr/bin/sw-engine
# service sw-engine start
Note: If the issue persists after above steps, reboot the system using standard CentOS kernel or contact Grsec support team.