Hallo,
I'm running plesk in the google cloud and I activated ASL as an extention.
Now the ASL kernel can not be loaded in this case. Is there a way to get the ASL kernel running in the Google Cloud. Or do I just run it without that option ?
thank you,
regards,
Angelo
Google Cloud and plesk
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Google Cloud and plesk
We have the ASL kernel running on customer deployments in Google cloud. Could you elaborate on what youre seeing when you install the kernel?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Google Cloud and plesk
Hallo Mikeshinn,
thank you for your reply
I just installed it through Plesk Onyx. And I just assumed that it wouldn't work because it was not loaded.
What is the best procedure to enable the asl kernel and it features ?
So I can load it and get it to work.
Thank you very much
Angelo
thank you for your reply
I just installed it through Plesk Onyx. And I just assumed that it wouldn't work because it was not loaded.
What is the best procedure to enable the asl kernel and it features ?
So I can load it and get it to work.
Thank you very much
Angelo
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Google Cloud and plesk
Lets see if its installed. First lets see if its installed, run this as root:
rpm -qa kernel-asl
Do you see any output? If you do, then you just need to configure your boot loader to boot into the ASL kernel.Depending on the distribution youre using, you'll use a different procedure to set which kernel to boot into. This article describes the process for each supported Linux distribution:
https://wiki.atomicorp.com/wiki/index.p ... el_to_boot
Let me know if you need help with either of these.
rpm -qa kernel-asl
Do you see any output? If you do, then you just need to configure your boot loader to boot into the ASL kernel.Depending on the distribution youre using, you'll use a different procedure to set which kernel to boot into. This article describes the process for each supported Linux distribution:
https://wiki.atomicorp.com/wiki/index.p ... el_to_boot
Let me know if you need help with either of these.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Google Cloud and plesk
Hey Mikeshinn,
works like a charm, I loaded the ASL kernel and it works. Thx.
I should have just tried and read the documentation better, my bad.
The only thing I have right now is that the plesk panel won't start, it gives me an nginx bad gateway page and the following is what I'm seeing in the logging :
Mar 31 01:34:05 : PAX: execution attempt in: <anonymous mapping>, 37b54e16000-37b54e26000 37b54e16000
Mar 31 01:34:05 : PAX: terminating task: /usr/sbin/sw-engine-fpm(sw-engine-fpm):2481, uid/euid: 997/997, PC: 0000037b54e16010, SP: 000003f96bc91a48
grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:9375] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:9032] uid/euid:0/0 gid/egid:0/0
can you advice on this issue ?
thank you
works like a charm, I loaded the ASL kernel and it works. Thx.
I should have just tried and read the documentation better, my bad.
The only thing I have right now is that the plesk panel won't start, it gives me an nginx bad gateway page and the following is what I'm seeing in the logging :
Mar 31 01:34:05 : PAX: execution attempt in: <anonymous mapping>, 37b54e16000-37b54e26000 37b54e16000
Mar 31 01:34:05 : PAX: terminating task: /usr/sbin/sw-engine-fpm(sw-engine-fpm):2481, uid/euid: 997/997, PC: 0000037b54e16010, SP: 000003f96bc91a48
grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:9375] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:9032] uid/euid:0/0 gid/egid:0/0
can you advice on this issue ?
thank you
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Google Cloud and plesk
Which kernel are you using?
uname -a
uname -a
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Google Cloud and plesk
this one : CentOS Linux (4.14.30-3955.el7.art.x86_64) 7 (Core)
thank you for your help
thank you for your help
Re: Google Cloud and plesk
Still getting this :
Apr 18 19:07:56 lnx kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:3012] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:2616] uid/euid:0/0 gid/egid:0/0
Apr 18 19:07:57 lnx kernel: PAX: execution attempt in: <anonymous mapping>, 33030721000-33030731000 33030721000
Apr 18 19:07:57 lnx kernel: PAX: terminating task: /usr/sbin/sw-engine-fpm(sw-engine-fpm):3025, uid/euid: 997/997, PC: 0000033030721010, SP: 000003aaa0a1a408
Apr 18 19:07:57 lnx kernel: PAX: bytes at PC: 53 41 57 41 56 41 55 55 48 8b df 48 83 ec 60 48 8b 43 10 48
Apr 18 19:07:57 lnx kernel:
Apr 18 19:07:57 lnx kernel: PAX: bytes at SP-8: 0000000001e76c80 000000000050326e 0000000001c30160 0000033022203cc0 0000033022203cc0 0000033022203cca 000003aaa0a1a6c0 0000000000000000 0000000000000000 0000000000000000 00000003000f4240
Apr 18 19:07:57 lnx kernel:
Apr 18 19:07:57 lnx kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:3025] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:2616] uid/euid:0/0 gid/egid:0/0
I'm running :
Linux lnx 4.14.30-3955.el7.art.x86_64 #1 SMP Mon Mar 26 16:24:20 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
I get a 502 bad gateway when I try to open plesk
Apr 18 19:07:56 lnx kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:3012] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:2616] uid/euid:0/0 gid/egid:0/0
Apr 18 19:07:57 lnx kernel: PAX: execution attempt in: <anonymous mapping>, 33030721000-33030731000 33030721000
Apr 18 19:07:57 lnx kernel: PAX: terminating task: /usr/sbin/sw-engine-fpm(sw-engine-fpm):3025, uid/euid: 997/997, PC: 0000033030721010, SP: 000003aaa0a1a408
Apr 18 19:07:57 lnx kernel: PAX: bytes at PC: 53 41 57 41 56 41 55 55 48 8b df 48 83 ec 60 48 8b 43 10 48
Apr 18 19:07:57 lnx kernel:
Apr 18 19:07:57 lnx kernel: PAX: bytes at SP-8: 0000000001e76c80 000000000050326e 0000000001c30160 0000033022203cc0 0000033022203cc0 0000033022203cca 000003aaa0a1a6c0 0000000000000000 0000000000000000 0000000000000000 00000003000f4240
Apr 18 19:07:57 lnx kernel:
Apr 18 19:07:57 lnx kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:3025] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:2616] uid/euid:0/0 gid/egid:0/0
I'm running :
Linux lnx 4.14.30-3955.el7.art.x86_64 #1 SMP Mon Mar 26 16:24:20 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
I get a 502 bad gateway when I try to open plesk
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Google Cloud and plesk
OK, so that means that part of plesk is trying to violate the memory protection model the kernel has established to prevent code injection attacks. I'm guessing they need to be able to allow code injection, in which case you will need to disable that protection for Plesk:
service sw-engine stop
paxctl -cm /usr/sbin/sw-engine-fpm
paxctl -cm /usr/bin/sw-engine
service sw-engine start
service sw-engine stop
paxctl -cm /usr/sbin/sw-engine-fpm
paxctl -cm /usr/bin/sw-engine
service sw-engine start
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone