The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Root was logged into pam using following authentication service: system (sudo)

Discussion in 'General Discussion' started by fomistoklus, Jan 15, 2015.

  1. fomistoklus

    fomistoklus Member

    Joined:
    Aug 16, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi there,
    every 30 minutes cpanel alerts me to email about root login.
    I'm using RAID on the server and nagios plugin for monitoring it.
    So, each nagios check performs script execution via sudo.
    About what I can see in /var/log/secure log file.

    I found the corresponding thread, but an old one, from 2012
    http://forums.cpanel.net/f185/keep-getting-root-login-emails-268701.html

    Yesterday I've upgraded cpanel up to WHM 11.44.2 (build 3), but I keep getting these messages to my inbox.
    How I can stop these alerts?

    Thank you!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can browse to "WHM Home » Security Center » cPHulk Brute Force Protection" and ensure the option to receive a notification when root successfully logs in from an IP address that is not white listed is disabled.

    Thank you.
     
  3. fomistoklus

    fomistoklus Member

    Joined:
    Aug 16, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello cPanel Staff ,

    logins are without IP address, they are from system users.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. fomistoklus

    fomistoklus Member

    Joined:
    Aug 16, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    yes :(

    Thank you.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  7. caisc

    caisc Active Member

    Joined:
    Oct 5, 2011
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Is CSF firewall installed and running on your server?
     
  8. Ben A. Hilleli

    Ben A. Hilleli Registered

    Joined:
    Jan 16, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Toronto, Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Yes we do (note: it's my server, fomistoklus is a contractor who keeps it on "good behaviour")

    I'm almost certain we've had cpHulk on for ages and did not always recieve these incessant, every 30 minute alert -- which is why it's somewhat concerning.
     
Loading...

Share This Page