WaldoPepper

Member
May 3, 2012
18
3
53
cPanel Access Level
Root Administrator
Starting with the update of DNSOnly to v92.0.5 the following entries occur hourly in the secure log:

Code:
/var/log/secure:
Dec 16 00:28:39 hs5 sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:39 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:39 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:40 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Dec 16 00:28:40 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:40 xyz sudo: pam_unix(sudo:session): session closed for user root
Is this a bug or a feature?

This does not occur in the WHM secure log :-/
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,569
2,612
363
cPanel Access Level
Root Administrator
I created a new CentOS 7 machine and installed the DNSOnly software on that, and after having that up and running for two hours I'm not seeing any entries about WPT in the /var/log/secure file. Do you have the RPM installed? You can run this command to check:

Code:
# rpm -qa | grep toolk
wp-toolkit-cpanel-5.2.3-1959.x86_64
If so, is it possible that this machine was converted from a full WHM install at some point?
 

kawasakai

Active Member
Sep 17, 2015
44
3
58
Germany
cPanel Access Level
Root Administrator
I noticed the same. I have some DNSOnly servers abd all off them informed me via mai about a "AppConfig Registration Notification":
The application “whm-wp-toolkit” has registered with AppConfig for the service: whostmgr
 

kawasakai

Active Member
Sep 17, 2015
44
3
58
Germany
cPanel Access Level
Root Administrator
@cPRex yes indeed, 3 different DNSOnly Servers send that mail. The subject was
The application “whm-wp-toolkit” has been registered with AppConfig for the service: whostmgr
. I suppose that the lastest update triggered this behavior. They are all on the "stable" branch. The date of the notification matches the update:
[2021-01-04 03:39:10 +0100] Completed update 11.90.0.19 -> 11.92.0.6
The update log contains:
Running Task: “11.92_install_wordpress_toolkit_if_wpm”.

---> Package wp-toolkit-cpanel.x86_64 0:5.2.4-2025 will be installed
--> Processing Dependency: sw-engine >= 2 for package: wp-toolkit-cpanel-5.2.4-2025.x86_64
--> Processing Dependency: sw-cp-server >= 2 for package: wp-toolkit-cpanel-5.2.4-2025.x86_64
--> Processing Dependency: libc-client for package: wp-toolkit-cpanel-5.2.4-2025.x86_64
The package wp-toolkit-cpanel had 22 dependencies, most of them with plesk in their name… Additionally the process sw-cp-server is now running…
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,569
2,612
363
cPanel Access Level
Root Administrator
Thanks for the additional details. This indicates the packages was automatically installed because the update detected WordPress Manager existed on the machine.

Is it possible these systems were converted from a full WHM installation to DNSOnly? That would explain the presence of the WordPress Manager tool on the system(s), but normally that is not something that gets installed on a DNSOnly machine.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,569
2,612
363
cPanel Access Level
Root Administrator
Thanks for the clarification. Do you have any details on how the WordPress Manager tool would have been installed on those machines? Since the server would not be used for any web content, I wouldn't expect that package to have been installed through any of our automated tools.
 

kawasakai

Active Member
Sep 17, 2015
44
3
58
Germany
cPanel Access Level
Root Administrator
I am wondering as much as you, I haven't used these VM's for nothing else than their intended purposes, which is DNS. They were installed only for this purpose, so they have been vanilla CentOS before the installation of cPanel DNSOnly. Only thing I can say for sure is that the packages were installed during the automatic update from 11.90.0.19 -> 11.92.0.6. I only did the cluster configuration on them, as far as I can recall.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,569
2,612
363
cPanel Access Level
Root Administrator
I do agree that's when they would have been installed, as WordPress Toolkit gets installed automatically when WordPress Manager packages are detected. It's more interesting to me how the Manager packages were installed in the first place.
 

thowden

Well-Known Member
May 17, 2013
92
17
58
Australia
cPanel Access Level
Root Administrator
Hi All

I know this thread is over a year old, but it appears to be unanswered, and I have a potential issue.

I am just configuring a brand new VM on a hypervisor host server (XCP-ng which should not impact this) with AlmaLinux latest and CPanel DNSOnly latest.

2022-03-27 21_54_51-XCP-ng Center 20.04.01.png

So I am perplexed as to why a script that looks related to Wordpress Tools is running on DNS Only. It is running via a cron job as it is popping up in top every 5 minutes, maybe. I've not checked specifically.

Just to confirm cpanel version 102 build 8. Was only installed in the last 24 hours, on new install of Almalinux 8.5.

I do not think it is impacting anything other than annoying my sense of logic.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,569
2,612
363
cPanel Access Level
Root Administrator
@thowden - I wasn't able to reproduce this on my end. I setup an AlmaLinux 8.5 system and installed DNSOnly from our guide here:


After that, I confirmed there were no WordPress Toolkit packages installed, and no odd processes running.

Can you post the output of this command?

Code:
# rpm -qa | grep toolkit
cpanel-perl-532-template-toolkit-3.010-1.cp1198.x86_64
 

thowden

Well-Known Member
May 17, 2013
92
17
58
Australia
cPanel Access Level
Root Administrator
Hi

I blew the old server away and started fresh. New Almalinux 8.5 with basic server selected. CPanel DNSOnly standard install instructions. Have yet to check the GUI but from a CLI I can get 'top' showing the same wp-tool+ script on a cron cycle.

I can run your command

rpm -qa | grep toolkit
1648524875064.png

Ok. So given that you get a different outcome, there must be a difference in my process, and I expect it is due to me asking Alma Linux to provide a basic Web server in order to test internet / web from the server before installing DNS Only. DNSOnly is then detecting the web server and assuming a full server configuration and installing the wp-tools option as well.

With that in mind I will kill it and start again, skipping the webserver load and see what happens.