Just upgraded to 8.3.0 and when I try to run an on-demand scan in the Watchdog module the following occurs:

1) I hit the green start button and I get this message: "Scanning is in progress. About 30 minutes left" and a progress bar that remains empty for a few minutes until

2) Scanning Status reads: "The scanner has never been started."

Any suggestions?

I found the following error message in /usr/local/psa/var/modules/watchdog/report/securscan log:

"Test 'force' in '/usr/local/psa/libexec/modules/watchdog' was not found, or necessary permission were not granted"

But I don't know what that might mean.

There IS a file called 'force' in '/usr/local/psa/libexec/modules/watchdog/security'. Is the on-demand scanner perhaps looking in the wrong place for 'force' and that's why it's failing? If so, any ideas how I can fix this?

The same problem

same problem, too

My weekly scan just failed as well, so Watchdog isn't working at all after running the 8.3.0 update. Does anyone have a fix for this?

I have the same problem and the same message ('force'....).
I can update and run the test from ssh (using rkhunter --update and rkhunter -c) but not from plesk...

:(

Exactly the same problem.

The daily report was send with the date of 1970/1/1 every day, till the update.

After a reboot, I get two messages via eMail that SpamAssassin was not running and will be exclude from monitoring. The date in this email's was correct.

Just upgraded to 8.3.0 and when I try to run an on-demand scan in the Watchdog module the following occurs:
------- "The scanner has never been started."


Yes same with my server, I am running fc4, tried uninstalling and reinstalling watchdog, no better results, has someone tried to alert SWsoft on this issue?

I'm new to SwSoft and Plesk. Is this unusual for SwSoft to deliver upgrades with major bugs such as this?

I have two servers:
Server A - Upgraded 8.2.1 to 8.3.0: The dog is dead.
Server B - Upgrade to 8.3.0 fail: But the dog is alive and kickin'

Is there a way to back-out the 8.3.0 upgrade and return to 8.2.1? That would at least solve our issues until 8.3.X is fixed and TESTED.

Also same problem for me ...
Just to let SWSoft know ...

ok, i tried to run the scan from the command line and got an error message , can't find rkhunter.conf. So i look in the directory and scan the box for rkhunter and it's not there anymore, so I yum it back into the system and scan from the command line, it seems to work. I go to plesk panel and try the scan on demand and still the same.
Is swsoft soft on responding to this issue? Already they are killing support for my system in the near future, are they waiting for the deadline to expire so they don't have to do anything about it?

same problem here, i will open a ticket on swsoft support ...

ok, i tried to run the scan from the command line and got an error message , can't find rkhunter.conf. So i look in the directory and scan the box for rkhunter and it's not there anymore, so I yum it back into the system and scan from the command line, it seems to work. I go to plesk panel and try the scan on demand and still the same.
Is swsoft soft on responding to this issue? Already they are killing support for my system in the near future, are they waiting for the deadline to expire so they don't have to do anything about it?


Hello Bibliopegist, When you say it seem to work - did it actually work?

Hello Bibliopegist, When you say it seem to work - did it actually work?
Yes it works, but with "strange stuff" like: [ [1;3"
below is the output of the scan:

> /usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update
Running updater...

Mirrorfile /var/rkhunter/db/mirrors.dat rotated
Using mirror http://rkhunter.sourceforge.net
[DB] Mirror file : Up to date
[DB] MD5 hashes system binaries : Up to date
[DB] Operating System information : Up to date
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Up to date
[DB] Known bad program versions : Up to date




Ready.
> /usr/local/psa/admin/sbin/modules/watchdog/rkhunter -c


Rootkit Hunter 1.2.8 is running

Determining OS... Ready


Checking binaries
* Selftests
Strings (command) /usr/bin/whoami[ OK ]


* System tools
Info: prelinked files found
Performing 'known good' check...
/bin/cat[ OK ]
/bin/chmod[ OK ]
/bin/chown[ OK ]
/bin/date[ OK ]
/bin/dmesg[ OK ]
/bin/env[ OK ]
/bin/grep[ OK ]
/bin/kill[ OK ]
/bin/login[ OK ]
m ]
========
=======

* Suspicious files and malware
Scanning for known rootkit strings[ OK ]
Scanning for known rootkit files[ OK ]
Testing running processes... [ OK ]
Miscellaneous Login backdoors[ OK ]
Miscellaneous directories[ OK ]
Software related files[ OK ]
Sniffer logs[ OK ]

[Press <ENTER> to continue]

* Trojan specific characteristics
shv4
Checking /etc/rc.d/rc.sysinit
Test 1[ Clean ]
Test 2[ Clean ]
Test 3[ Clean ]
Checking /etc/inetd.conf[ Not found ]
Checking /etc/xinetd.conf[ Clean ]

* Suspicious file properties
chmod properties
Checking /bin/ps[ Clean ]
Checking /bin/ls[ Clean ]
Checking /usr/bin/w[ Clean ]
Checking /usr/bin/who[ Clean ]
Checking /bin/netstat[ Clean ]
Checking /bin/login[ Clean ]
Script replacements
Checking /bin/ps[ Clean ]
Checking /bin/ls[ Clean ]
Checking /usr/bin/w[ Clean ]
Checking /usr/bin/who[ Clean ]
Checking /bin/netstat[ Clean ]
Checking /bin/login[ Clean ]

* OS dependant tests

Linux
Checking loaded kernel modules... [ OK ]
Checking files attributes[ OK ]
Checking LKM module path[ OK ]


Networking
* Check: frequently used backdoors
Port 2001: Scalper Rootkit[ OK ]
Port 2006: CB Rootkit[ OK ]
Port 2128: MRK[ OK ]
Port 14856: Optic Kit (Tux)[ OK ]
Port 47107: T0rn Rootkit[ OK ]
Port 60922: zaRwT.KiT[ OK ]

* Interfaces
Scanning for promiscuous interfaces[ OK ]

[Press <ENTER> to continue]


System checks
* Allround tests
Checking hostname... Found. Hostname is u15185411.onlinehome-server.com
Checking for passwordless user accounts... OK
Checking for differences in user accounts... OK. No changes.
Checking for differences in user groups... OK. No changes.
Checking boot.local/rc.local file...
- /etc/rc.local[ OK ]
- /etc/rc.d/rc.local[ OK ]
- /usr/local/etc/rc.local[ Not found ]
- /usr/local/etc/rc.d/rc.local[ Not found ]
- /etc/conf.d/local.start[ Not found ]
- /etc/init.d/boot.local[ Not found ]
Checking rc.d files...
Processing........................................
........................................
........................................
........................................
........................................
........................................
........................................
........................................
.............
Result rc.d files check[ OK ]
Checking history files
Bourne Shell[ OK ]

* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files...[ Warning! ]
---------------
/dev/.udevdb /etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory)

[Press <ENTER> to continue]


Application advisories
* Application scan
Checking Apache2 modules ... [ Not found ]
Checking Apache configuration ... [ OK ]

* Application version scan
- GnuPG 1.4.5 [ OK ]
- Apache 2.0.54 [ OK ]
- Bind DNS 9.3.1 [ OK ]
- OpenSSL 0.9.7f [ Old or patched version ]
- PHP 5.0.4 [ OK ]
- Procmail MTA 3.22 [ OK ]
- ProFTPd 1.3.0 [ OK ]
- OpenSSH 4.2p1 [ OK ]



Security advisories
* Check: Groups and Accounts
Searching for /etc/passwd... [ Found ]
Checking users with UID '0' (root)... [ OK ]

* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... [  OK ( Remote root login disabled) ]
Checking for allowed protocols... [  OK ( Only SSH2 allowed) ]

* Check: Events and Logging
Search for syslog configuration... [  OK ]
Checking for running syslog slave... [  OK ]
Checking for logging to remote system... [  OK ( no remote logging) ]

[Press <ENTER> to continue]


---------------------------- Scan results ----------------------------

MD5
MD5 compared: 53
Incorrect MD5 checksums: 0

 File scan
Scanned files: 342
Possible infected files: 0

 Application scan
Vulnerable applications: 1

Scanning took 100 seconds

-----------------------------------------------------------------------

And so, when support Swsoft will solve a problem ?

contact swsoft, the more of us doing it the more chances they will lesson. I am through 1and1 I told them about the problem.

Exactly the same problem. I am running FC7 and SWsoft 8.3.0

"Wdcollect service does not respond. Refer to SWsoft technical support for help."

Same issues here

When i did:
/usr/local/psa/admin/sbin/modules/watchdog/rkhunter -c

I got:
Fatal error: can't find configuration file (/usr/local/etc/rkhunter.conf)

"/usr/local/etc" didnt even exist.

But I found "rkhunter.conf" in
/usr/local/psa/etc/modules/watchdog/rkhunter.conf

So to verify I created "/usr/local/etc" and copied "rkhunter.conf" in there.
running "rkhunter -c" worked fine then.

Plesk control panel access to the security scan still the same and not working.
looks like accesss to rkhunter via control panel is configured in a weird way :P

To run it anyhow you could try the erm workaround by copying the config file into the location where rkhunter looks for it when you run it via shell access. Least worked for me.

(On a side note: wdcollect and awstat both messy here too.)

Regards.

Same problem here, is there a hotfix somewhere?

In order to run rkhunter manually you have to add the configfile option.

/opt/psa/admin/sbin/modules/watchdog/rkhunter --configfile /opt/psa/etc/modules/watchdog/rkhunter.conf -c

(see http://kb.swsoft.com/en/1323)

Ok, Thx! but I do not want to do it manualy thats why I have a CONTROL PANEL! ;)

Very strange that SwSoft is leaving this security option as it is NOT WORKING :(

In order to run rkhunter manually you have to add the configfile option.

/opt/psa/admin/sbin/modules/watchdog/rkhunter --configfile /opt/psa/etc/modules/watchdog/rkhunter.conf -c

(see http://kb.swsoft.com/en/1323)

eh eh eh, no such directories on my server, the opt directory is empty......

eh eh eh, no such directories on my server, the opt directory is empty......

And what does /usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update --configfile /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c do for you?

And what does /usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update --configfile /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c do for you?

/usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update --configfile works,
/usr/local/psa/admin/sbin/modules/watchdog/rkhunter -c works

but

> /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c
bash: /usr/local/psa/etc/modules/watchdog/rkhunter.conf: Permission denied

> /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c
bash: /usr/local/psa/etc/modules/watchdog/rkhunter.conf: Permission denied

Try to find the file, type:
updatedb
Wait untill it is done... might be a minute or so and then:
locate rkhunter.conf
now all files and directories with the name rkhunter.conf are listed in a milisecond...

If the file does not exist you might have an awnser to your question... (there is no configfile so it won't work...)

I found the following error message in /usr/local/psa/var/modules/watchdog/report/securscan log:

"Test 'force' in '/usr/local/psa/libexec/modules/watchdog' was not found, or necessary permission were not granted"

But I don't know what that might mean.

There IS a file called 'force' in '/usr/local/psa/libexec/modules/watchdog/security'. Is the on-demand scanner perhaps looking in the wrong place for 'force' and that's why it's failing? If so, any ideas how I can fix this?

As a workaround you can set
auto_globals_jit = Off
in /usr/local/psa/admin/conf/php.ini
looks like it works.

Try to find the file, type:
updatedb
Wait untill it is done... might be a minute or so and then:
locate rkhunter.conf
now all files and directories with the name rkhunter.conf are listed in a milisecond...

If the file does not exist you might have an awnser to your question... (there is no configfile so it won't work...)
> updatedb
> locate rkhunter.conf
/usr/local/etc/rkhunter.conf
/usr/local/psa/etc/modules/watchdog/rkhunter.conf

well I know it's here because I placed it there after installing rkhunter when I discovered that plesk8.3.0 erased it in the upgrade.
This however does not solves the problem with on demand scanning from the plesk panel.
Anyone with news from swsoft on this issue?

In my case, the solution proposed by dash is the correct.

I had the following situation: rkhunter and force (/usr/local/psa/libexec/modules/watchdog/security/force) work fine from command line. I can execute them and the log file is stored at /var/log/rkhunter.log and all is OK. The problem was to execute "Security on demand" from Plesk. It doesn't work and always show "Never executed (or something similar)". If I ran force script from command line and I change the owner of /var/log/rkhunter.log file to root:psaadm then Plesk panel shows that the scanning was made and it shows the result of the scanner but If I try to execute the scan from Plesk it doesn't work...

As dash has proposed, in my server it was a problem with php configuration and not a problem of Plesk itself (or rkhunter). I have changed

auto_globals_jit = Off -> This one was in "On"
register_argc_argv = Off -> This one was in "On"
register_long_arrays = Off
register_globals = Off

in php.ini file and I have restarted apache

And this solve the problem!

Thanks :)

As dash has proposed, in my server it was a problem with php configuration and not a problem of Plesk itself (or rkhunter). I have changed

auto_globals_jit = Off -> This one was in "On"
register_argc_argv = Off -> This one was in "On"
register_long_arrays = Off
register_globals = Off

in php.ini file and I have restarted apache

And this solve the problem!

Thanks :)

Same here, Thanks a bunch, it now works.

Still cannot do the on-demand scan in Plesk after making the following changes (as suggested above):

auto_globals_jit was "On" so I changed it to "Off"
register_argc_argv was "Off" so I did not change it.

Saved php.ini, restarted apache, and still cannot do an on-demand scan in Plesk.

I can still continue to scan successfully from the command line, however.

Did I miss something? Anyone else still having problems as well, after making the above changes?

If you execute rkhunter from command line, it works?

If it doesn't works, then the problem will be some misconfiguration of watchdog.
:(

Still cannot do the on-demand scan in Plesk after making the following changes (as suggested above):

auto_globals_jit was "On" so I changed it to "Off"
register_argc_argv was "Off" so I did not change it.

Saved php.ini, restarted apache, and still cannot do an on-demand scan in Plesk.

I can still continue to scan successfully from the command line, however.

Did I miss something? Anyone else still having problems as well, after making the above changes?

/usr/local/psa/admin/conf/php.ini

this is where my php.ini file is, that's the one plesk use. There is another one in /etc that is not used. Didi you flip the switches in the correct one?

So now my on-demand scan in Plesk also works ...
for all those who still have problems i will give you a short summary what i did ...

this command didnt work for me

/opt/psa/admin/sbin/modules/watchdog/rkhunter --configfile /opt/psa/etc/modules/watchdog/rkhunter.conf -c

so i used this one and the watchdog run in the console

/usr/local/psa/admin/sbin/modules/watchdog/rkhunter --update --configfile /usr/local/psa/etc/modules/watchdog/rkhunter.conf -c

after that i changed the following variables in the php.ini in /usr/local/psa/admin/conf/php.ini

auto_globals_jit = Off -> This one was in "On"
register_argc_argv = Off -> This one was in "On"
register_long_arrays = Off
register_globals = Off

then you have to restart the webserver and everything works also in plesk :)

thx for all your help :)

Yes, same steps for me here and it works.
So that's for rkhunter, but the rest of watchdog is still not working as it should, on the system monitoring email I receive everyday, the date is still always the same :

Subject: Watchdog daily report Dec 31, 1969 (Wednesday) on

Watchdog is running since Jan 11, 2008 01:00 AM.
Watchdog is monitoring services:
Plesk Web Server
Web Server (Apache)
SMTP Server (QMail)
IMAP/POP3 Server (Courier-IMAP)
DNS Server (BIND)
MySQL
Plesk SpamAssassin
Watchdog is monitoring:
[normal] /dev/hda1 (mount point /)

[normal] /dev/hda6 (mount point /home)

[normal] /dev/hda5 (mount point /usr)

[normal] /dev/hda7 (mount point /var)


Security scans number: 0.

No events registered for the period.

bibliopegist, thanks for pointing me to the correct php.ini. After making the suggested changes to /usr/local/psa/admin/conf/php.ini it is working for me now! Thanks everyone.

Opps Sorry folks

is there a fix without changing php.ini variables ? I'm not sure what affect those variables will have on apps running on the server....

These changes only affect to plesk (it's the php.ini located under /usr/local/psa/admin).

Anyone have an answer to this one? WOuld really like to have RKhunter run from the control panel.

Anyone have an answer to this one? WOuld really like to have RKhunter run from the control panel.

this one was solved sometime ago:
http://forum.swsoft.com/showpost.php?p=196734&postcount=34

And the Spamassassin problem, is that one solved to?

I only changed the following line in /usr/local/psa/admin/conf/php.ini

auto_globals_jit = Off -> This one was in "On"

I then via the GUI, stopped the watchdog and restarted it. Now my rkhunter works ok.

And the Spamassassin problem, is that one solved to?

watchdog still complains about spamassassin:
The Plesk SpamAssassin service on host foo.onlinehome-server.com
has been released from monitoring on Feb 7, 2008 08:42 AM.
and
The Plesk SpamAssassin service on host foo.onlinehome-server.com
is down.
The problem was discovered on Feb 7, 2008 08:17 AM.

server says spamassassin is up and running so I assume watchdog is giving a false negative, also, the date still shows :
Watchdog daily report Dec 31, 1969 (Wednesday)
in the subject line.

So I guess you could say that it is not functioning properly.
Hey, we are test meat for the software designers, let's just resign ourselves to this fact and beg them to afford us the crumbs of support they so reluctantly give us......

I know I feel like a beta tester to :( I do not understand that they do not solve this BUG.
I hope Parallel is taking things more seriously than SW-Soft did!

Is anybody notice any difference after the last Watchdog update this week? Still WD say's Spamassassin is not running, but it is :( I did not try RKhunter yet is that working now?

Is anybody notice any difference after the last Watchdog update this week? Still WD say's Spamassassin is not running, but it is :( I did not try RKhunter yet is that working now?

they did some fixing, one i noticed is the date in the email report sent by watchdog is now correct and not december 1 1969.
still the spamassassin issue has not been corrected.

And I thought this was called a support forum :( I only miss the support :( I can not believe the did not fix the rest of the BUGS

Well maybe by the time plesk 9 comes out the spamassassin bug will be fixed.... and then again maybe not..

I gave up and I am using psmon, it monitors spamassassin and checks every 60 seconds..

Considering it took this incredible time to fix the wrong date, and the spamassassin bug was around since Plesk 8.2 I would not be holding my breath for it to get fixed soon.