Google Cloud and plesk

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
angelos
Forum User
Forum User
Posts: 14
Joined: Mon Dec 11, 2006 1:51 pm

Google Cloud and plesk

Unread post by angelos »

Hallo,

I'm running plesk in the google cloud and I activated ASL as an extention.
Now the ASL kernel can not be loaded in this case. Is there a way to get the ASL kernel running in the Google Cloud. Or do I just run it without that option ?

thank you,

regards,
Angelo
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4120
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Google Cloud and plesk

Unread post by mikeshinn »

We have the ASL kernel running on customer deployments in Google cloud. Could you elaborate on what youre seeing when you install the kernel?
angelos
Forum User
Forum User
Posts: 14
Joined: Mon Dec 11, 2006 1:51 pm

Re: Google Cloud and plesk

Unread post by angelos »

Hallo Mikeshinn,

thank you for your reply

I just installed it through Plesk Onyx. And I just assumed that it wouldn't work because it was not loaded.

What is the best procedure to enable the asl kernel and it features ?
So I can load it and get it to work.

Thank you very much

Angelo
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4120
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Google Cloud and plesk

Unread post by mikeshinn »

Lets see if its installed. First lets see if its installed, run this as root:

rpm -qa kernel-asl

Do you see any output? If you do, then you just need to configure your boot loader to boot into the ASL kernel.Depending on the distribution youre using, you'll use a different procedure to set which kernel to boot into. This article describes the process for each supported Linux distribution:

https://wiki.atomicorp.com/wiki/index.p ... el_to_boot

Let me know if you need help with either of these.
angelos
Forum User
Forum User
Posts: 14
Joined: Mon Dec 11, 2006 1:51 pm

Re: Google Cloud and plesk

Unread post by angelos »

Hey Mikeshinn,

works like a charm, I loaded the ASL kernel and it works. Thx.
I should have just tried and read the documentation better, my bad.

The only thing I have right now is that the plesk panel won't start, it gives me an nginx bad gateway page and the following is what I'm seeing in the logging :

Mar 31 01:34:05 : PAX: execution attempt in: <anonymous mapping>, 37b54e16000-37b54e26000 37b54e16000
Mar 31 01:34:05 : PAX: terminating task: /usr/sbin/sw-engine-fpm(sw-engine-fpm):2481, uid/euid: 997/997, PC: 0000037b54e16010, SP: 000003f96bc91a48


grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:9375] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:9032] uid/euid:0/0 gid/egid:0/0


can you advice on this issue ?

thank you
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4120
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Google Cloud and plesk

Unread post by mikeshinn »

Which kernel are you using?

uname -a
angelos
Forum User
Forum User
Posts: 14
Joined: Mon Dec 11, 2006 1:51 pm

Re: Google Cloud and plesk

Unread post by angelos »

this one : CentOS Linux (4.14.30-3955.el7.art.x86_64) 7 (Core)

thank you for your help :-)
angelos
Forum User
Forum User
Posts: 14
Joined: Mon Dec 11, 2006 1:51 pm

Re: Google Cloud and plesk

Unread post by angelos »

Still getting this :

Apr 18 19:07:56 lnx kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:3012] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:2616] uid/euid:0/0 gid/egid:0/0
Apr 18 19:07:57 lnx kernel: PAX: execution attempt in: <anonymous mapping>, 33030721000-33030731000 33030721000
Apr 18 19:07:57 lnx kernel: PAX: terminating task: /usr/sbin/sw-engine-fpm(sw-engine-fpm):3025, uid/euid: 997/997, PC: 0000033030721010, SP: 000003aaa0a1a408
Apr 18 19:07:57 lnx kernel: PAX: bytes at PC: 53 41 57 41 56 41 55 55 48 8b df 48 83 ec 60 48 8b 43 10 48
Apr 18 19:07:57 lnx kernel:
Apr 18 19:07:57 lnx kernel: PAX: bytes at SP-8: 0000000001e76c80 000000000050326e 0000000001c30160 0000033022203cc0 0000033022203cc0 0000033022203cca 000003aaa0a1a6c0 0000000000000000 0000000000000000 0000000000000000 00000003000f4240
Apr 18 19:07:57 lnx kernel:
Apr 18 19:07:57 lnx kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:3025] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:2616] uid/euid:0/0 gid/egid:0/0



I'm running :

Linux lnx 4.14.30-3955.el7.art.x86_64 #1 SMP Mon Mar 26 16:24:20 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux


I get a 502 bad gateway when I try to open plesk
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4120
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Google Cloud and plesk

Unread post by mikeshinn »

OK, so that means that part of plesk is trying to violate the memory protection model the kernel has established to prevent code injection attacks. I'm guessing they need to be able to allow code injection, in which case you will need to disable that protection for Plesk:

service sw-engine stop
paxctl -cm /usr/sbin/sw-engine-fpm
paxctl -cm /usr/bin/sw-engine
service sw-engine start
Post Reply