Hello again, i have a similar problem with this thread http://www.howtoforge.com/forums/showthread.php?t=44694 (which is not solved) rkhunter and fail2ban logs not showing at ispconfig logfiles. until yesterday rkhunter log was showing. i don't remember fail2ban to ever showed there... Could you help? I run ispconfig on centos 6.2 and nginx. Yesterday i did a yum update if that could help. Thanks
/var/log/fail2ban.log /var/log/rkhunter/rkhunter.log Here is the log of the updates i made before this happen: Feb 05 20:39:33 Updated: glibc-common-2.12-1.47.el6_2.5.x86_64 Feb 05 20:39:46 Updated: glibc-2.12-1.47.el6_2.5.x86_64 Feb 05 20:39:48 Updated: php-common-5.3.10-2.el6.remi.x86_64 Feb 05 20:39:51 Updated: openssl-1.0.0-20.el6_2.1.x86_64 Feb 05 20:39:53 Updated: php-pdo-5.3.10-2.el6.remi.x86_64 Feb 05 20:39:53 Updated: openssh-5.3p1-70.el6_2.2.x86_64 Feb 05 20:39:55 Updated: php-cli-5.3.10-2.el6.remi.x86_64 Feb 05 20:39:57 Updated: t1lib-5.1.2-6.el6_2.1.x86_64 Feb 05 20:40:00 Updated: kernel-firmware-2.6.32-220.4.1.el6.noarch Feb 05 20:40:07 Updated: kernel-headers-2.6.32-220.4.1.el6.x86_64 Feb 05 20:40:12 Updated: glibc-headers-2.12-1.47.el6_2.5.x86_64 Feb 05 20:40:14 Updated: glibc-devel-2.12-1.47.el6_2.5.x86_64 Feb 05 20:40:21 Installed: kernel-2.6.32-220.4.1.el6.x86_64 Feb 05 20:40:21 Updated: php-gd-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:23 Updated: php-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:27 Updated: openssh-server-5.3p1-70.el6_2.2.x86_64 Feb 05 20:40:28 Updated: openssh-clients-5.3p1-70.el6_2.2.x86_64 Feb 05 20:40:29 Updated: php-mysql-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:31 Updated: php-odbc-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:32 Updated: php-mssql-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:34 Updated: openssl-devel-1.0.0-20.el6_2.1.x86_64 Feb 05 20:40:36 Updated: php-fpm-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:38 Updated: php-imap-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:42 Updated: 1hp-eaccelerator-0.9.6.1-11.el6.remi.x86_64 Feb 05 20:40:43 Updated: php-xmlrpc-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:44 Updated: php-mcrypt-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:45 Updated: php-mbstring-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:46 Updated: php-xml-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:47 Updated: php-soap-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:48 Updated: php-snmp-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:48 Updated: php-tidy-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:54 Updated: php-ldap-5.3.10-2.el6.remi.x86_64 Feb 05 20:40:56 Updated: at-3.1.10-43.el6_2.1.x86_64 Feb 05 20:41:02 Updated: ghostscript-8.70-11.el6_2.6.x86_64 Feb 05 20:41:09 Installed: kernel-devel-2.6.32-220.4.1.el6.x86_64 and one more thing is that i changed the default ssh port to something else
The log locations are ok. Please check that the fail2ban.log is not empty. Regarding rkhunter, do you get the rkhunter sacn result on the shell when you execute this command: rkhunter --update --checkall --nocolors --skip-keypress
Code: System checks summary ===================== File properties checks... Files checked: 137 Suspect files: 2 Rootkit checks... Rootkits checked : 246 Possible rootkits: 0 Applications checks... All checks skipped The system checks took: 1 minute and 50 seconds All results have been written to the log file (/var/log/rkhunter/rkhunter.log) One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter/rkhunter.log) I get warnings for: Checking for hidden files and directories [ Warning ] Checking if SSH protocol v1 is allowed [ Warning ] /usr/bin/unhide [ Warning ] /usr/bin/unhide-tcp [ Warning ] which was there since forever. for fail2ban here is the last lines of the non-empty log: Code: 2012-02-04 13:40:57,191 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2012-02-04 13:40:57,194 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin 2012-02-04 13:40:57,261 fail2ban.filter : INFO Added logfile = /var/log/secure 2012-02-04 13:40:57,262 fail2ban.filter : INFO Set maxRetry = 5 2012-02-04 13:40:57,262 fail2ban.filter : INFO Set findtime = 600 2012-02-04 13:40:57,262 fail2ban.actions: INFO Set banTime = 600 2012-02-04 13:40:57,315 fail2ban.jail : INFO Jail 'ssh-iptables' started 2012-02-04 15:14:49,107 fail2ban.actions: WARNING [ssh-iptables] Ban 1.202.148.22 2012-02-04 15:24:50,058 fail2ban.actions: WARNING [ssh-iptables] Unban 1.202.148.22 2012-02-04 17:13:58,486 fail2ban.actions: WARNING [ssh-iptables] Ban 88.208.218.199 2012-02-04 17:23:58,592 fail2ban.actions: WARNING [ssh-iptables] Unban 88.208.218.199 2012-02-04 21:46:27,468 fail2ban.actions: WARNING [ssh-iptables] Ban 212.156.126.210 2012-02-04 21:56:27,636 fail2ban.actions: WARNING [ssh-iptables] Unban 212.156.126.210 2012-02-05 03:02:08,959 fail2ban.actions: WARNING [ssh-iptables] Ban 49.254.98.187 2012-02-05 03:12:09,586 fail2ban.actions: WARNING [ssh-iptables] Unban 49.254.98.187 2012-02-05 03:34:10,542 fail2ban.filter : INFO Log rotation detected for /var/log/secure 2012-02-05 03:35:10,606 fail2ban.filter : INFO Log rotation detected for /var/log/secure 2012-02-05 17:10:30,482 fail2ban.actions: WARNING [ssh-iptables] Ban 210.212.250.35 2012-02-05 17:20:30,860 fail2ban.actions: WARNING [ssh-iptables] Unban 210.212.250.35 2012-02-05 18:30:09,754 fail2ban.actions: WARNING [ssh-iptables] Ban 184.107.179.242 2012-02-05 18:40:09,807 fail2ban.actions: WARNING [ssh-iptables] Unban 184.107.179.242 2012-02-05 18:53:31,804 fail2ban.jail : INFO Jail 'ssh-iptables' stopped 2012-02-05 18:53:31,824 fail2ban.server : INFO Exiting Fail2ban 2012-02-05 18:56:30,726 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4 2012-02-05 18:56:30,726 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2012-02-05 18:56:30,754 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin 2012-02-05 18:56:31,202 fail2ban.filter : INFO Added logfile = /var/log/secure 2012-02-05 18:56:31,202 fail2ban.filter : INFO Set maxRetry = 5 2012-02-05 18:56:31,220 fail2ban.filter : INFO Set findtime = 600 2012-02-05 18:56:31,220 fail2ban.actions: INFO Set banTime = 600 2012-02-05 18:56:31,273 fail2ban.jail : INFO Jail 'ssh-iptables' started 2012-02-05 18:56:34,455 fail2ban.jail : INFO Jail 'ssh-iptables' stopped 2012-02-05 18:56:34,456 fail2ban.server : INFO Exiting Fail2ban 2012-02-05 18:56:35,643 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4 2012-02-05 18:56:35,644 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2012-02-05 18:56:35,644 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin 2012-02-05 18:56:35,655 fail2ban.filter : INFO Added logfile = /var/log/secure 2012-02-05 18:56:35,656 fail2ban.filter : INFO Set maxRetry = 5 2012-02-05 18:56:35,656 fail2ban.filter : INFO Set findtime = 600 2012-02-05 18:56:35,657 fail2ban.actions: INFO Set banTime = 600 2012-02-05 18:56:35,711 fail2ban.jail : INFO Jail 'ssh-iptables' started 2012-02-05 18:57:29,770 fail2ban.jail : INFO Jail 'ssh-iptables' stopped 2012-02-05 18:57:29,771 fail2ban.server : INFO Exiting Fail2ban 2012-02-05 18:59:23,555 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4 2012-02-05 18:59:23,555 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2012-02-05 18:59:23,556 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin 2012-02-05 18:59:23,616 fail2ban.filter : INFO Added logfile = /var/log/secure 2012-02-05 18:59:23,617 fail2ban.filter : INFO Set maxRetry = 5 2012-02-05 18:59:23,618 fail2ban.filter : INFO Set findtime = 600 2012-02-05 18:59:23,618 fail2ban.actions: INFO Set banTime = 600 2012-02-05 18:59:23,672 fail2ban.jail : INFO Jail 'ssh-iptables' started 2012-02-05 18:59:26,967 fail2ban.jail : INFO Jail 'ssh-iptables' stopped 2012-02-05 18:59:26,967 fail2ban.server : INFO Exiting Fail2ban 2012-02-05 18:59:28,184 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4 2012-02-05 18:59:28,184 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2012-02-05 18:59:28,185 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin 2012-02-05 18:59:28,194 fail2ban.filter : INFO Added logfile = /var/log/secure 2012-02-05 18:59:28,195 fail2ban.filter : INFO Set maxRetry = 5 2012-02-05 18:59:28,196 fail2ban.filter : INFO Set findtime = 600 2012-02-05 18:59:28,196 fail2ban.actions: INFO Set banTime = 600 2012-02-05 18:59:28,249 fail2ban.jail : INFO Jail 'ssh-iptables' started 2012-02-06 21:40:02,482 fail2ban.jail : INFO Jail 'ssh-iptables' stopped 2012-02-06 21:40:02,564 fail2ban.server : INFO Exiting Fail2ban 2012-02-06 21:42:08,946 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4 2012-02-06 21:42:08,959 fail2ban.jail : INFO Creating new jail 'ssh-iptables' 2012-02-06 21:42:08,983 fail2ban.jail : INFO Jail 'ssh-iptables' uses Gamin 2012-02-06 21:42:09,093 fail2ban.filter : INFO Added logfile = /var/log/secure 2012-02-06 21:42:09,093 fail2ban.filter : INFO Set maxRetry = 5 2012-02-06 21:42:09,095 fail2ban.filter : INFO Set findtime = 600 2012-02-06 21:42:09,095 fail2ban.actions: INFO Set banTime = 600 2012-02-06 21:42:09,159 fail2ban.jail : INFO Jail 'ssh-iptables' started 2012-02-06 22:21:17,721 fail2ban.jail : INFO Jail 'ssh-iptables' stopped 2012-02-06 22:21:17,734 fail2ban.server : INFO Exiting Fail2ban
I found out that the problem is more more serious! I tried to add a new site, blog.riosif.gr. Vhosts at nginx/sites-enabled and nginx/sites-active created. But nothing created at /var/www/ At the sites options i read "/var/www/clients/client1/web34/web:/var/www/clients/client1/web34/tmp" but no web34 folder is created. I think this is caused of the update. What should i do? Please help!
One more thing i just found out and has to do with the no creation of new sites is this error when i try to restart php-fpm: "Starting php-fpm: [07-Feb-2012 16:41:22] ERROR: [pool web36] cannot get uid for user 'web36' [07-Feb-2012 16:41:22] ERROR: FPM initialization failed" after that i delete the web36.conf rm /etc/php-fpm.d/web36.conf and php-fmp starts again but i cannot add new websites. I guess that all this has something to do with priviledges of ispconfig but how should i fix it? Maybe i should reinstall ispconfig? How could this be done?
Dont reinstall ispconfig, this will just mess up your system. Just look into the system log in the ispconfig monitor if there are any errors blocking the processing of system changes and if there are no errors, take a look at the ispconfig debugging instructions in the ispconfig faq.
Hello again. I figure out that the problem is that when i add a new site no user is created and as a result nothing else is created. So i think it's a permissions issue that ispconfig can't create a new user(for example user web30 is not created).
Anyways i'll do an os reinstall. Last general linux os question. Because i'm not a linux/unix advanced user is there any article you know of or any guide or something about backing up-restoring the os at a previous state that could solve that kind of issues without a need of reinstallation? Thank you
If you use virtualization, you can back up the whole virtual machine (for example for OpenVZ, there's the vzdump tool - see http://www.howtoforge.com/clone-back-up-restore-openvz-vms-with-vzdump ). If this is a physical system, take a look at CloneZilla or Ghost4Linux.
