SOLVED DNSOnly wp-toolkit

[WaldoPepper]

Starting with the update of DNSOnly to v92.0.5 the following entries occur hourly in the secure log:

/var/log/secure:
Dec 16 00:28:39 hs5 sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:39 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:39 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:39 xyz sudo: pam_unix(sudo:session): session closed for user root
Dec 16 00:28:40 xyz sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Dec 16 00:28:40 xyz sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 16 00:28:40 xyz sudo: pam_unix(sudo:session): session closed for user root

Is this a bug or a feature?

This does not occur in the WHM secure log :-/

 

[cPRex]

Hey there! That's interesting - I'll do some testing and get back with you soon.

 

[cPRex]

I created a new CentOS 7 machine and installed the DNSOnly software on that, and after having that up and running for two hours I'm not seeing any entries about WPT in the /var/log/secure file. Do you have the RPM installed? You can run this command to check:

# rpm -qa | grep toolk
wp-toolkit-cpanel-5.2.3-1959.x86_64

If so, is it possible that this machine was converted from a full WHM install at some point?

 

[kawasakai]

I noticed the same. I have some DNSOnly servers abd all off them informed me via mai about a "AppConfig Registration Notification":

The application “whm-wp-toolkit” has registered with AppConfig for the service: whostmgr

 

[cPRex]

@kawasakai - was "AppConfig Registration Notification" the subject of the email? In general, we aren't expecting this tool to be installed on DNSOnly systems, so I'm looking into this now, but any other details you or @WaldoPepper have would be helpful.

 

[kawasakai]

@cPRex yes indeed, 3 different DNSOnly Servers send that mail. The subject was

The application “whm-wp-toolkit” has been registered with AppConfig for the service: whostmgr

. I suppose that the lastest update triggered this behavior. They are all on the "stable" branch. The date of the notification matches the update:

[2021-01-04 03:39:10 +0100] Completed update 11.90.0.19 -> 11.92.0.6

The update log contains:

Running Task: “11.92_install_wordpress_toolkit_if_wpm”.

---> Package wp-toolkit-cpanel.x86_64 0:5.2.4-2025 will be installed
--> Processing Dependency: sw-engine >= 2 for package: wp-toolkit-cpanel-5.2.4-2025.x86_64
--> Processing Dependency: sw-cp-server >= 2 for package: wp-toolkit-cpanel-5.2.4-2025.x86_64
--> Processing Dependency: libc-client for package: wp-toolkit-cpanel-5.2.4-2025.x86_64

The package wp-toolkit-cpanel had 22 dependencies, most of them with plesk in their name… Additionally the process sw-cp-server is now running…

 

[cPRex]

Thanks for the additional details. This indicates the packages was automatically installed because the update detected WordPress Manager existed on the machine.

Is it possible these systems were converted from a full WHM installation to DNSOnly? That would explain the presence of the WordPress Manager tool on the system(s), but normally that is not something that gets installed on a DNSOnly machine.

 

[kawasakai]

No, they were all DNSOnly from the beginning.

 

[cPRex]

Thanks for the clarification. Do you have any details on how the WordPress Manager tool would have been installed on those machines? Since the server would not be used for any web content, I wouldn't expect that package to have been installed through any of our automated tools.

 

[kawasakai]

I am wondering as much as you, I haven't used these VM's for nothing else than their intended purposes, which is DNS. They were installed only for this purpose, so they have been vanilla CentOS before the installation of cPanel DNSOnly. Only thing I can say for sure is that the packages were installed during the automatic update from 11.90.0.19 -> 11.92.0.6. I only did the cluster configuration on them, as far as I can recall.

 

[cPRex]

I do agree that's when they would have been installed, as WordPress Toolkit gets installed automatically when WordPress Manager packages are detected. It's more interesting to me how the Manager packages were installed in the first place.

 

[thowden]

Hi All

I know this thread is over a year old, but it appears to be unanswered, and I have a potential issue.

I am just configuring a brand new VM on a hypervisor host server (XCP-ng which should not impact this) with AlmaLinux latest and CPanel DNSOnly latest.



So I am perplexed as to why a script that looks related to Wordpress Tools is running on DNS Only. It is running via a cron job as it is popping up in top every 5 minutes, maybe. I've not checked specifically.

Just to confirm cpanel version 102 build 8. Was only installed in the last 24 hours, on new install of Almalinux 8.5.

I do not think it is impacting anything other than annoying my sense of logic.

 

[techAMIGO]

Hi,
Since it's a DNSOnly server wp-toolkit have no role in it. so you can safely remove it
by using

dnf remove wp-toolkit-cpanel

 

[cPRex]

@thowden - let me do some testing with this on my end.

 

[cPRex]

@thowden - I wasn't able to reproduce this on my end. I setup an AlmaLinux 8.5 system and installed DNSOnly from our guide here:

cPanel DNSOnly® Installation | cPanel & WHM Documentation

This document describes how to install cPanel DNSOnly on your server.

docs.cpanel.net

After that, I confirmed there were no WordPress Toolkit packages installed, and no odd processes running.

Can you post the output of this command?

# rpm -qa | grep toolkit
cpanel-perl-532-template-toolkit-3.010-1.cp1198.x86_64

 

[thowden]

Hi

I blew the old server away and started fresh. New Almalinux 8.5 with basic server selected. CPanel DNSOnly standard install instructions. Have yet to check the GUI but from a CLI I can get 'top' showing the same wp-tool+ script on a cron cycle.

I can run your command

rpm -qa | grep toolkit


Ok. So given that you get a different outcome, there must be a difference in my process, and I expect it is due to me asking Alma Linux to provide a basic Web server in order to test internet / web from the server before installing DNS Only. DNSOnly is then detecting the web server and assuming a full server configuration and installing the wp-tools option as well.

With that in mind I will kill it and start again, skipping the webserver load and see what happens.

 

[thowden]

Hi

Just to confirm, if the base OS is configured with a web server, the CPanel DNSOnly install will add the wp-toolkit during the installation.

Removing it with

dnf remove wp-toolkit-cpanel

works if needed.

Thanks to both cPRex and @techAMIGO

 

[cPRex]

Interesting - and that's good to know. A typical "minimal" install of the OS would not include that, but we do install additional tools if the webserver is detected. I'm glad that's working how you expect now!