Server suexec cmd: ea-php70 in: /var/log/secure

[mariusfv]

Hi,

The log from: /var/log/secure start to show suddenly this values:

Dec 12 20:33:38 server suexec[5263]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:05:50 server suexec[13756]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:05:53 server suexec[13773]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:05:55 server suexec[13880]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:06:33 server suexec[13940]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:10:48 server suexec[15080]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:12:43 server suexec[15254]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:13:01 server suexec[15284]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70

I have many accounts on that server, but only for "account10" I have this log in /var/log/secure.

In the last days I've installed & configured Cloudlinux, Kernelcare & CageFS but I choose to use PHP-FPM with Easyapache 4 and to not install PHP Selector from Cloudlinux because is not need users to choose theirs PHP handler (Cloudlinux team confirm me that PHP Selector isn't mandatory and I can continue use PHP-FPM with Easyapache 4 on cPanel).

Have anyone any idea what is about this log?

 

[cPanelMichael]

Hello,

It's normal to see suexec entries logged to the /var/log/secure file. Are you sure this account is using the same PHP handler and PHP version as all of your other accounts? If so, feel free to open a support ticket if you'd like us to take a closer look.

Thank you.