Announcement

Collapse
No announcement yet.

Hacked accounts not removed. CageFS trow error

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Hacked accounts not removed. CageFS trow error

    When doing updates on the server I notice from time to time some .cagefs files that are not updated and trow errors like these:

    Removed file /var/cagefs/46/username/etc/profile.d/alt_mod_passenger.sh
    Removed file /var/cagefs/46/username/etc/profile.d/alt_mod_passenger.sh-5.3.7-6.el6.cloudlinux
    Updating user jomonaxa ...
    Removed file /var/cagefs/96/username2/etc/profile<type exceptions.OSError>: [Err code 13] Permission denied: /home/username2/.cagefs
    <type exceptions.OSError>: [Err code 13] Permission denied: /home/username3/.cagefs
    .d/alt_mod_passenger.sh

    When checking these accounts, they are removed in cPanel and does not exist.
    But they exist on the servers home folder:

    root@server:/home/username# ls -la
    total 88K
    d--------- 5 root root 4.0K Dec 18 2018 ./
    drwx--x--x. 957 root root 68K Nov 6 01:32 ../
    drwxrwx--x 2 username username 4.0K Dec 4 2018 .cagefs/
    drwxr-xr-x 2 username username 4.0K Dec 18 2018 .cl.selector/
    drwxr-x--- 3 username nobody 4.0K Dec 3 2018 public_html/

    Is there something you can do to fix these old accounts/folders? Is there a script or some notification that can be made so its possible to cleanup these old accounts/folders?
    Tags: None
  • #2
    Actually I checked many accounts and many of them are not hacked. Maybee it has been a old bug or something in cPanel that did not remove them as they should.
    But any tips on how to check all servers and fix those cagefs errors would be great.

    Comment

    • #3
      Hello Morten! Thank you for reaching out! Try to run:

      Code:
      cagefsctl --clean-var-cagefs
      Also, check pls: user and group must be the same.
      If the error repeats then сan you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new so we can take a closer look at your system? You can post the ticket number here and well link this thread to it. Thank you.

      Comment

      • #4
        That command will only clean .cagefs/var folders:
        clean /var/cagefs directory (remove data of non-existent users)

        But the user does still exist after running that command:
        root@server:/home/username2 # ls -la
        total 84K
        d--------- 4 root root 4.0K Nov 6 02:01 ./
        drwx--x--x. 957 root root 68K Nov 6 01:32 ../
        drwxrwx--x 2 username2 username2 4.0K Jan 1 2019 .cagefs/
        drwxr-xr-x 2 username2 username2 4.0K Jan 18 2019 .cl.selector/

        Comment

        • #5
          It also shows that you have the owner in the output in the directory /home/username (not the user but root). You need to register the correct owner. And if the account is deleted, then you need to check that the user is not in /etc/passwd

          Comment

          Previous template Next
          Working...
          X