Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Detected 175 processes that are running outdated executables

Discussion in 'General Discussion' started by satsamira, Apr 18, 2018.

  1. satsamira

    satsamira Member

    Joined:
    Apr 11, 2018
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    turkey
    cPanel Access Level:
    Root Administrator
    Hello ,

    I see the following alarms in the "Security Advisor" section my cPanel:
    Detected 175 processes that are running outdated executables: 283269 284074 284071 283148 283017 283498 283998 282 .................

    I run the following and give the following results:
    # /usr/bin/needs-restarting
    283269 : lfd - stopping
    284074 : lfd - stopping
    284071 : lfd - stopping
    283148 : lfd - stopping
    283017 : lfd - stopping
    283498 : lfd - stopping
    283998 : lfd - stopping
    282982 : lfd - stopping
    283490 : lfd - stopping
    65885 : child - aborting
    283300 : lfd - stopping
    283495 : lfd - stopping

    I also run the following to resolve the issue:
    #service lvestats restart
    but the problem is not resolved and there is still alert in the "security advisor" section.
    Please advise you to solve the problem.
    Thanks.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Based on what you're showing the services weren't actually restarted - needs-restarting just gives you a list of processes that need to be restarted. In this case it looks like CSF/LFD need to be restarted. You'll also need to identify what process PID 65885 is a child of. You can use lsof to do this:

    Code:
    lsof -p 65885
    Pending the process still exists

    Can you provide the full output of the needs-restarting command after you restart LFD?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. satsamira

    satsamira Member

    Joined:
    Apr 11, 2018
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    turkey
    cPanel Access Level:
    Root Administrator
    I restarted lfd and this is the complete output:
    Code:
    # /usr/bin/needs-restarting
    283269 : lfd - stopping
    284074 : lfd - stopping
    284071 : lfd - stopping
    283148 : lfd - stopping
    283017 : lfd - stopping
    283498 : lfd - stopping
    283998 : lfd - stopping
    282982 : lfd - stopping
    283490 : lfd - stopping
    65885 : child - aborting
    283300 : lfd - stopping
    283495 : lfd - stopping
    283384 : lfd - stopping
    283918 : lfd - stopping
    280877 : lfd - stopping
    283782 : lfd - stopping
    283466 : lfd - stopping
    284176 : lfd - stopping
    284177 : lfd - stopping
    283457 : lfd - stopping
    283788 : lfd - stopping
    283540 : lfd - stopping
    284125 : lfd - stopping
    284263 : lfd - stopping
    284115 : lfd - stopping
    283089 : lfd - stopping
    284110 : lfd - stopping
    283150 : lfd - stopping
    283525 : lfd - stopping
    283082 : lfd - stopping
    283489 : lfd - stopping
    283844 : lfd - stopping
    284280 : lfd - stopping
    283317 : lfd - stopping
    283316 : lfd - stopping
    283485 : lfd - stopping
    284289 : lfd - stopping
    283852 : lfd - stopping
    284680 : lfd - stopping
    284007 : lfd - stopping
    283850 : lfd - stopping
    284162 : lfd - stopping
    284279 : lfd - stopping
    284160 : lfd - stopping
    283962 : lfd - stopping
    283963 : lfd - stopping
    283799 : lfd - stopping
    282971 : lfd - stopping
    284275 : lfd - stopping
    284274 : lfd - stopping
    284105 : lfd - stopping
    283538 : lfd - stopping
    283124 : lfd - stopping
    283243 : lfd - stopping
    284217 : lfd - stopping
    664551 : child - aborting
    284108 : lfd - stopping
    283060 : lfd - stopping
    283878 : lfd - stopping
    284293 : lfd - stopping
    283875 : lfd - stopping
    381797 : child - aborting
    284147 : lfd - stopping
    283275 : lfd - stopping
    283974 : lfd - stopping
    284278 : lfd - stopping
    284316 : lfd - stopping
    284035 : lfd - stopping
    282962 : lfd - stopping
    284232 : lfd - stopping
    284131 : lfd - stopping
    284220 : lfd - stopping
    284223 : lfd - stopping
    282972 : lfd - stopping
    283862 : lfd - stopping
    283861 : lfd - stopping
    283749 : lfd - stopping
    282957 : lfd - stopping
    284189 : lfd - stopping
    282953 : lfd - stopping
    282958 : lfd - stopping
    283941 : lfd - stopping
    284055 : lfd - stopping
    283438 : lfd - stopping
    283945 : lfd - stopping
    284051 : lfd - stopping
    283179 : lfd - stopping
    284187 : lfd - stopping
    732096 : child - aborting
    284059 : lfd - stopping
    283105 : lfd - stopping
    283454 : lfd - stopping
    436668 : child - aborting
    284123 : lfd - stopping
    284122 : lfd - stopping
    283102 : lfd - stopping
    284120 : lfd - stopping
    283754 : lfd - stopping
    283756 : lfd - stopping
    283182 : lfd - stopping
    283053 : lfd - stopping
    283234 : lfd - stopping
    284100 : lfd - stopping
    283818 : lfd - stopping
    283816 : lfd - stopping
    283811 : lfd - stopping
    283535 : lfd - stopping
    1038205 : child - aborting
    283892 : lfd - stopping
    283959 : lfd - stopping
    283954 : lfd - stopping
    284312 : lfd - stopping
    284084 : lfd - stopping
    283448 : lfd - stopping
    283785 : lfd - stopping
    283440 : lfd - stopping
    283115 : lfd - stopping
    283764 : lfd - stopping
    283209 : lfd - stopping
    283766 : lfd - stopping
    283769 : lfd - stopping
    283805 : lfd - stopping
    283802 : lfd - stopping
    283886 : lfd - stopping
    283513 : lfd - stopping
    283880 : lfd - stopping
    283883 : lfd - stopping
    284230 : lfd - stopping
    284038 : lfd - stopping
    284093 : lfd - stopping
    284096 : lfd - stopping
    284095 : lfd - stopping
    284094 : lfd - stopping
    284141 : lfd - stopping
    284099 : lfd - stopping
    284098 : lfd - stopping
    283078 : lfd - stopping
    283476 : lfd - stopping
    283772 : lfd - stopping
    284286 : lfd - stopping
    283838 : lfd - stopping
    284703 : lfd - stopping
    284056 : lfd - stopping
    283833 : lfd - stopping
    284242 : lfd - stopping
    284246 : lfd - stopping
    284247 : lfd - stopping
    283930 : lfd - stopping
    283932 : lfd - stopping
    290201 : child - aborting
    283270 : lfd - stopping
    283378 : lfd - stopping
    283064 : lfd - stopping
    283373 : lfd - stopping
    283377 : lfd - stopping
    283825 : lfd - stopping
    283823 : lfd - stopping
    283822 : lfd - stopping
    283820 : lfd - stopping
    283985 : lfd - stopping
    283986 : lfd - stopping
    283521 : lfd - stopping
    283829 : lfd - stopping
    283904 : lfd - stopping
    282999 : lfd - stopping
    283906 : lfd - stopping
    283907 : lfd - stopping
    283901 : lfd - stopping
    283902 : lfd - stopping
    284251 : lfd - stopping
    284252 : lfd - stopping
    284069 : lfd - stopping
    284256 : lfd - stopping
    286341 : lfd - stopping
    283765 : lfd - stopping
    
    I also got the output from the following command:
    # lsof -p 65885

    Code:
    COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
    child   65885 root  cwd    DIR  253,0     4096  787839 /etc/csf
    child   65885 root  rtd    DIR  253,0     4096       2 /
    child   65885 root  txt    REG  253,0     9993 2626443  (deleted)/usr/local/cpanel/3rdparty/perl/524/bin/perl
    child   65885 root  mem    REG  253,0    49965 2626755 /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/List/Util/Util.so
    child   65885 root  mem    REG  253,0          2626401 (deleted)/usr/local/cpanel/3rdparty/perl/524/lib64/perl5/5.24.1/x86_64-linux-64int/auto/File/Glob/Glob.so (stat: No such file or directory)
    child   65885 root  mem    REG  253,0          2626393 (deleted)/usr/local/cpanel/3rdparty/perl/524/lib64/perl5/5.24.1/x86_64-linux-64int/auto/Encode/Encode.so (stat: No such file or directory)
    child   65885 root  mem    REG  253,0    17959  266792 /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Cwd/Cwd.so
    child   65885 root  mem    REG  253,0    14681  266708 /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/Sys/Mmap/Mmap.so
    child   65885 root  mem    REG  253,0          2626420 (deleted)/usr/local/cpanel/3rdparty/perl/524/lib64/perl5/5.24.1/x86_64-linux-64int/auto/Socket/Socket.so (stat: No such file or directory)
    child   65885 root  mem    REG  253,0          2626414 (deleted)/usr/local/cpanel/3rdparty/perl/524/lib64/perl5/5.24.1/x86_64-linux-64int/auto/POSIX/POSIX.so (stat: No such file or directory)
    child   65885 root  mem    REG  253,0          2626407 (deleted)/usr/local/cpanel/3rdparty/perl/524/lib64/perl5/5.24.1/x86_64-linux-64int/auto/IO/IO.so (stat: No such file or directory)
    child   65885 root  mem    REG  253,0          2626399 (deleted)/usr/local/cpanel/3rdparty/perl/524/lib64/perl5/5.24.1/x86_64-linux-64int/auto/Fcntl/Fcntl.so (stat: No such file or directory)
    child   65885 root  mem    REG  253,0 99170352 1335951 /usr/lib/locale/locale-archive
    child   65885 root  mem    REG  253,0    10312 1966085 /lib64/libfreebl3.so
    child   65885 root  mem    REG  253,0  1924768 1966092 /lib64/libc-2.12.so
    child   65885 root  mem    REG  253,0    15056 1966124 /lib64/libutil-2.12.so
    child   65885 root  mem    REG  253,0    40872 1966096 /lib64/libcrypt-2.12.so
    child   65885 root  mem    REG  253,0   596864 1974673 /lib64/libm-2.12.so
    child   65885 root  mem    REG  253,0    20024 1974672 /lib64/libdl-2.12.so
    child   65885 root  mem    REG  253,0   113904 1974674 /lib64/libnsl-2.12.so
    child   65885 root  mem    REG  253,0   143280 1966116 /lib64/libpthread-2.12.so
    child   65885 root  mem    REG  253,0          2626233 (deleted)/usr/local/cpanel/3rdparty/perl/524/lib64/perl5/5.24.1/x86_64-linux-64int/CORE/libperl.so (stat: No such file or directory)
    child   65885 root  mem    REG  253,0    26104 1313577 /usr/lib64/libgdbm.so.2.0.0
    child   65885 root  mem    REG  253,0   159312 1989012 /lib64/ld-2.12.so
    child   65885 root    0r   CHR    1,3      0t0    4101 /dev/null
    child   65885 root    1w   CHR    1,3      0t0    4101 /dev/null
    child   65885 root    2w   CHR    1,3      0t0    4101 /dev/null
    child   65885 root    3u   REG  253,0        7 1188528 /var/run/lfd.pid
    child   65885 root    4w   REG  253,0    83512 1185335  (deleted)/var/log/lfd.log-20180218
    child   65885 root    5r   REG  253,0    17148 1457294 /usr/local/csf/lib/Geo/IP/Record.pm
    
    
     
    #3 satsamira, Apr 19, 2018
    Last edited by a moderator: Apr 19, 2018
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    If that output of needs-restarting was done after CSF/LFD was restarted it looks like there may be an issue with the system recognizing that the service was restarted.

    If you completely stop CSF/LFD (killing any potentially remnant processes) and restart it do you still see the notification? Does it persist through a reboot?

    If both of these are the case please open a ticket using the link in my signature so that we can take a closer look.


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice