Out of the blue this morning, the sole system running Plesk 11.5 that I keep an eye on had entries like this (for one or other webmail system and for forwarding) in the ASL log for pretty much all domains on the server:
Integrity checksum changed for: `/etc/httpd/conf/plesk.conf.d/webmails/horde/domain.tld_webmail.conf
Permissions changed from `rw-------` to `rw-r-----Group ownership was `0`, now it is `48
Plesk has not been updated in the last week, let alone this morning, so it wasn't a Plesk update that triggered this.
The timestamp on all but one file is 28th of November. That's not too long ago for me to know that I did not update the system that day either. However, the files do seem to get regenerated by Plesk if there's a change to the domain's settings (e.g. there is one single domain file dated 1st of December and I know I made changes to the site's configuration in Plesk on that day).
Unfortunately I don't have another 11.5 system to compare configurations, ownership or permissions with.
Has anyone else seen this happen? What are your ownerships/perms on these files on your systems?
There is absolutely nothing suspicious in these files. They are just apache configuration files - adding a webmail serveralias line.
Webmail config perms/owner changed?
Webmail config perms/owner changed?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Webmail config perms/owner changed?
Thats what I get on mine too:
-rw-r----- 1 root apache 185 Nov 20 17:19 www2.atomicorp.com_webmail.conf
-rw-r----- 1 root apache 185 Nov 20 17:19 www2.atomicorp.com_webmail.conf
Re: Webmail config perms/owner changed?
Thanks Scott.
ok, so it has changed from root.root which is how it should NOT have been, to root.apache, which is how it should be.
So I wonder why it was root.root to start with?
It was December 1st yesterday, so some monthly thing could have triggered on Sunday. But if that was the case, why then do we not see it until 9am on Monday, I wonder?
Ach, I don't like it when mystery stuff happens. What I like about Linux is that you can usually see "everything" as long as you know which log to look in, but Plesk holds some cards close to its chest.
The Plesk Action Log shows a mailbox auto-responder was updated an hour previously, but that's all.
ok, so it has changed from root.root which is how it should NOT have been, to root.apache, which is how it should be.
So I wonder why it was root.root to start with?
It was December 1st yesterday, so some monthly thing could have triggered on Sunday. But if that was the case, why then do we not see it until 9am on Monday, I wonder?
Ach, I don't like it when mystery stuff happens. What I like about Linux is that you can usually see "everything" as long as you know which log to look in, but Plesk holds some cards close to its chest.
The Plesk Action Log shows a mailbox auto-responder was updated an hour previously, but that's all.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>