systemd processes keep spawning

[butikhosting]

I started getting these systemd processes for every account on the system. I found this : Excessive resource usage Executable: /usr/lib/systemd/systemd Command Line: (sd-pam) where someone at the end said it could be jail shell related. But I tried setting shell to jailed and disabled and that didnt change anything.

Any idea whats causing this and how I can get rid of them ?

Things I did recently :
- upgraded to almalinux
- enabled mod_ruid2 ( now disabled )
- installed redis, varnish, memcached



also


oh and of course I get these annoying csf notifications as well every other hour

 

[butikhosting]

Any idea what these are ? I ve disabled all the installed modules - redis, memcached, varnish but I still have these and they respawn after killing. I also experience high serverloads ever since upgrading to almalinux I wonder if these processes might cause them, they seem like they dont use a lot but

 

[cPRex]

Hey there! It's important to note that CSF isn't created or distributed by cPanel. That notification is just letting you know a process has been running longer than the 1800-second threshold set in that product.

If all the jailshell tools have been disabled, it might be best to submit a ticket to our team so we can take a look at this for you.

 

[butikhosting]

Thanks for the reply, the main problem is not the CSF notifications but the fact that these processes keep spawning.
Per the topic mentioned in the previous post, I disabled mod_ruid2, set all user to shell "none" but the result iis the same.
Honestly creating a ticket is too much of a hassle and I dont wanna bother support people if its something I can solve.
Do you have any other suggestions I might try ? If not I ll just create a ticket

Hey there! It's important to note that CSF isn't created or distributed by cPanel. That notification is just letting you know a process has been running longer than the 1800-second threshold set in that product.

If all the jailshell tools have been disabled, it might be best to submit a ticket to our team so we can take a look at this for you.

 

[cPRex]

I don't have any other suggestions on my end, as in the past disabling the jailshell users has taken care of those processes.

 

[quietFinn]

...
Honestly creating a ticket is too much of a hassle and I dont wanna bother support people if its something I can solve.
Do you have any other suggestions I might try ? If not I ll just create a ticket

I'd suggest you create a ticket, you can give link to this thread so they know what it's about, They might not be very fast, but they (and some others) might learn something also.

 

[butikhosting]

I'll try creating a ticket but it seems the link in your signature and the main website is not working

I don't have any other suggestions on my end, as in the past disabling the jailshell users has taken care of those processes.

 

[cPRex]

There were some issues with the cPanel Store around the time you posted, but those have since been resolved and I would expect things to work well now.

 

[butikhosting]

Still getting this, but I guess I ll try tomorrow

There were some issues with the cPanel Store around the time you posted, but those have since been resolved and I would expect things to work well now.

 

[cPRex]

Do you still get that if you try a different browser?

 

[butikhosting]

Yes it was the firefox cache. But now I cant figure out how to give out SSH access to create a ticket. I normally disable root login via pw and login with a ppk, I've now enabled Password Authentication back so they can access, logs in via WHM but it says "Access denied" when trying to SSH via putty. Any idea ?

Do you still get that if you try a different browser?

 

[quietFinn]

This is what I do:
For cPanel support to access the server I add a user, for ex. clsupport, I add it to wheel group, give them the username & password, and root password.
Password Authentication enabled, root login (always) disabled.

 

[butikhosting]

Thanks for the advice, I did create a new user with wheel and passed that. Btw what do you mean with the " root login (always) disabled" ? is it the " Accounts that can access a cPanel user account:" under tweak settings or something else ?

This is what I do:
For cPanel support to access the server I add a user, for ex. clsupport, I add it to wheel group, give them the username & password, and root password.
Password Authentication enabled, root login (always) disabled.

 

[cPRex]

I believe he's referring to the SSH setting, which would be in /etc/ssh/sshd_config

 

[quietFinn]

Yes, PermitRootLogin no in /etc/ssh/sshd_config

 

[vacancy]

I had this problem on some servers on well.

dozens of systemd processes started and stopped at the same time and running processes were waiting in sleep state after a while causing thousands of sleep processes to accumulate.

When I made a detailed examination, I saw that these processes matched the cron times, when I looked at the cron logs, I found that the wp-cron.php file of the wordpress sites was triggered periodically. When I talked to my customer, I learned that he opened the wp-cron.php feature via wp-toolkit, and the problem started after this time. After disabling the wp-cron.php function and restarting the server, we never saw the processes.

This can be the case not only for wp-cron.php but also for different cron processes, if such processes are returning too often, the first thing to look for is the cron processes.

Good luck