store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Fri Nov 22, 2019 11:26 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Google Cloud and plesk
Unread postPosted: Wed Mar 21, 2018 10:52 am 
Offline
Forum User
Forum User

Joined: Mon Dec 11, 2006 1:51 pm
Posts: 14
Hallo,

I'm running plesk in the google cloud and I activated ASL as an extention.
Now the ASL kernel can not be loaded in this case. Is there a way to get the ASL kernel running in the Google Cloud. Or do I just run it without that option ?

thank you,

regards,
Angelo


Top
 Profile  
Reply with quote  
 Post subject: Re: Google Cloud and plesk
Unread postPosted: Thu Mar 22, 2018 8:16 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
We have the ASL kernel running on customer deployments in Google cloud. Could you elaborate on what youre seeing when you install the kernel?

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: Google Cloud and plesk
Unread postPosted: Sun Mar 25, 2018 6:07 am 
Offline
Forum User
Forum User

Joined: Mon Dec 11, 2006 1:51 pm
Posts: 14
Hallo Mikeshinn,

thank you for your reply

I just installed it through Plesk Onyx. And I just assumed that it wouldn't work because it was not loaded.

What is the best procedure to enable the asl kernel and it features ?
So I can load it and get it to work.

Thank you very much

Angelo


Top
 Profile  
Reply with quote  
 Post subject: Re: Google Cloud and plesk
Unread postPosted: Wed Mar 28, 2018 5:00 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
Lets see if its installed. First lets see if its installed, run this as root:

rpm -qa kernel-asl

Do you see any output? If you do, then you just need to configure your boot loader to boot into the ASL kernel.Depending on the distribution youre using, you'll use a different procedure to set which kernel to boot into. This article describes the process for each supported Linux distribution:

https://wiki.atomicorp.com/wiki/index.p ... el_to_boot

Let me know if you need help with either of these.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: Google Cloud and plesk
Unread postPosted: Sat Mar 31, 2018 1:15 pm 
Offline
Forum User
Forum User

Joined: Mon Dec 11, 2006 1:51 pm
Posts: 14
Hey Mikeshinn,

works like a charm, I loaded the ASL kernel and it works. Thx.
I should have just tried and read the documentation better, my bad.

The only thing I have right now is that the plesk panel won't start, it gives me an nginx bad gateway page and the following is what I'm seeing in the logging :

Mar 31 01:34:05 : PAX: execution attempt in: <anonymous mapping>, 37b54e16000-37b54e26000 37b54e16000
Mar 31 01:34:05 : PAX: terminating task: /usr/sbin/sw-engine-fpm(sw-engine-fpm):2481, uid/euid: 997/997, PC: 0000037b54e16010, SP: 000003f96bc91a48


grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:9375] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:9032] uid/euid:0/0 gid/egid:0/0


can you advice on this issue ?

thank you


Top
 Profile  
Reply with quote  
 Post subject: Re: Google Cloud and plesk
Unread postPosted: Sun Apr 01, 2018 3:32 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
Which kernel are you using?

uname -a

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: Google Cloud and plesk
Unread postPosted: Wed Apr 04, 2018 5:16 am 
Offline
Forum User
Forum User

Joined: Mon Dec 11, 2006 1:51 pm
Posts: 14
this one : CentOS Linux (4.14.30-3955.el7.art.x86_64) 7 (Core)

thank you for your help :-)


Top
 Profile  
Reply with quote  
 Post subject: Re: Google Cloud and plesk
Unread postPosted: Wed Apr 18, 2018 3:17 pm 
Offline
Forum User
Forum User

Joined: Mon Dec 11, 2006 1:51 pm
Posts: 14
Still getting this :

Apr 18 19:07:56 lnx kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:3012] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:2616] uid/euid:0/0 gid/egid:0/0
Apr 18 19:07:57 lnx kernel: PAX: execution attempt in: <anonymous mapping>, 33030721000-33030731000 33030721000
Apr 18 19:07:57 lnx kernel: PAX: terminating task: /usr/sbin/sw-engine-fpm(sw-engine-fpm):3025, uid/euid: 997/997, PC: 0000033030721010, SP: 000003aaa0a1a408
Apr 18 19:07:57 lnx kernel: PAX: bytes at PC: 53 41 57 41 56 41 55 55 48 8b df 48 83 ec 60 48 8b 43 10 48
Apr 18 19:07:57 lnx kernel:
Apr 18 19:07:57 lnx kernel: PAX: bytes at SP-8: 0000000001e76c80 000000000050326e 0000000001c30160 0000033022203cc0 0000033022203cc0 0000033022203cca 000003aaa0a1a6c0 0000000000000000 0000000000000000 0000000000000000 00000003000f4240
Apr 18 19:07:57 lnx kernel:
Apr 18 19:07:57 lnx kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/sw-engine-fpm[sw-engine-fpm:3025] uid/euid:997/997 gid/egid:1002/1002, parent /usr/sbin/sw-engine-fpm[sw-engine-fpm:2616] uid/euid:0/0 gid/egid:0/0



I'm running :

Linux lnx 4.14.30-3955.el7.art.x86_64 #1 SMP Mon Mar 26 16:24:20 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux


I get a 502 bad gateway when I try to open plesk


Top
 Profile  
Reply with quote  
 Post subject: Re: Google Cloud and plesk
Unread postPosted: Thu Apr 26, 2018 3:22 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
OK, so that means that part of plesk is trying to violate the memory protection model the kernel has established to prevent code injection attacks. I'm guessing they need to be able to allow code injection, in which case you will need to disable that protection for Plesk:

service sw-engine stop
paxctl -cm /usr/sbin/sw-engine-fpm
paxctl -cm /usr/bin/sw-engine
service sw-engine start

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group