11-05-2016, 05:25 AM
Hi
Recently similar situation came in front of from a customer and the fix which worked for me was the below
1 st Fix
=======
Check and confirm if you have enabled RESTRICT_SYSLOG and if enabled try disabling the same by changing the values to 1 0r 2
Reference Link : https://forums.cpanel.net/threads/user-c...ng.567221/
2nd Fix
=======
This fix has helped me a more than twice now . It seems some servers is having issues with LES and you might need to change the permissions of atleast 3 binaries in my expereince
From the installation log, I can see LES is changing permission of the binaries listed below to 700
===================
server les(5972): {sec.bin} chmod 700 /bin/dmesg
server les(5972): {sec.bin} chmod 700 /bin/mount
server les(5972): {sec.bin} chmod 700 /bin/rpm
server les(5972): {sec.bin} chmod 700 /usr/bin/write
server les(5972): {sec.bin} chmod 700 /bin/logger
server les(5972): {sec.bin} chmod 700 /usr/bin/ipcrm
server les(5972): {sec.bin} chmod 700 /usr/bin/ipcs
server les(5972): {sec.bin} chmod 700 /usr/bin/free
server les(5972): {sec.bin} chmod 700 /usr/bin/locate
server les(5972): {sec.bin} chmod 700 /usr/bin/wall
server les(5972): {sec.bin} chmod 700 /sbin/arp
server les(5972): {sec.bin} chmod 700 /sbin/ifconfig
server les(5972): {sec.bin} chmod 700 /usr/sbin/repquota
server les(5972): {sec.bin} chmod 700 /usr/sbin/tcpdump
server les(5972): {sec.bin} chmod 700 /usr/bin/wget
server les(5972): {sec.bin} chmod 700 /usr/bin/lynx
server les(5972): {sec.bin} chmod 700 /usr/bin/cc
server les(5972): {sec.bin} chmod 700 /usr/bin/gcc
server les(5972): {sec.bin} chmod 700 /usr/bin/logger
server les(5972): {sec.bin} chmod 700 /usr/bin/who
server les(5972): {sec.bin} chmod 700 /usr/bin/w
server les(5972): {glob} sec.bin enabled
==================
Amoung those I only changed the below three which the cron jobs might be mostly depended.
/bin/rpm
/usr/bin/wget
/usr/bin/lynx
Changing the above binaries to 755 permission fixed my issues and cron jobs for users started showing up in logs as well.
https://www.rfxn.com/projects/linux-envi...-security/
Reference Link : http://stackoverflow.com/questions/33420...8#33704328
#3 rd fix possibility
If you have cloudlinux / CageFS installted, then you might need to reinstate the Cagefs and see if that fixes or disabling the cagefs fully as well.
If any pf these 3 is not helping, then it needs more deep investigation.
Please check the above details.
Recently similar situation came in front of from a customer and the fix which worked for me was the below
1 st Fix
=======
Check and confirm if you have enabled RESTRICT_SYSLOG and if enabled try disabling the same by changing the values to 1 0r 2
Reference Link : https://forums.cpanel.net/threads/user-c...ng.567221/
2nd Fix
=======
This fix has helped me a more than twice now . It seems some servers is having issues with LES and you might need to change the permissions of atleast 3 binaries in my expereince
From the installation log, I can see LES is changing permission of the binaries listed below to 700
===================
server les(5972): {sec.bin} chmod 700 /bin/dmesg
server les(5972): {sec.bin} chmod 700 /bin/mount
server les(5972): {sec.bin} chmod 700 /bin/rpm
server les(5972): {sec.bin} chmod 700 /usr/bin/write
server les(5972): {sec.bin} chmod 700 /bin/logger
server les(5972): {sec.bin} chmod 700 /usr/bin/ipcrm
server les(5972): {sec.bin} chmod 700 /usr/bin/ipcs
server les(5972): {sec.bin} chmod 700 /usr/bin/free
server les(5972): {sec.bin} chmod 700 /usr/bin/locate
server les(5972): {sec.bin} chmod 700 /usr/bin/wall
server les(5972): {sec.bin} chmod 700 /sbin/arp
server les(5972): {sec.bin} chmod 700 /sbin/ifconfig
server les(5972): {sec.bin} chmod 700 /usr/sbin/repquota
server les(5972): {sec.bin} chmod 700 /usr/sbin/tcpdump
server les(5972): {sec.bin} chmod 700 /usr/bin/wget
server les(5972): {sec.bin} chmod 700 /usr/bin/lynx
server les(5972): {sec.bin} chmod 700 /usr/bin/cc
server les(5972): {sec.bin} chmod 700 /usr/bin/gcc
server les(5972): {sec.bin} chmod 700 /usr/bin/logger
server les(5972): {sec.bin} chmod 700 /usr/bin/who
server les(5972): {sec.bin} chmod 700 /usr/bin/w
server les(5972): {glob} sec.bin enabled
==================
Amoung those I only changed the below three which the cron jobs might be mostly depended.
/bin/rpm
/usr/bin/wget
/usr/bin/lynx
Changing the above binaries to 755 permission fixed my issues and cron jobs for users started showing up in logs as well.
https://www.rfxn.com/projects/linux-envi...-security/
Reference Link : http://stackoverflow.com/questions/33420...8#33704328
#3 rd fix possibility
If you have cloudlinux / CageFS installted, then you might need to reinstate the Cagefs and see if that fixes or disabling the cagefs fully as well.
If any pf these 3 is not helping, then it needs more deep investigation.
Please check the above details.