service portsentry and iptables restarts not in cron
Additionally, we've done the following to determine what mechanism is causing this issue. We have an identically-configured server running centos5.4: both installed within the past week, the only difference being the one we're concerned about also has cpanel/whm 11.25 installed through the prescribed method.
[email protected] [~]# chkconfig --list | grep ip
ip6tables 0
ff 1
ff 2
ff 3
ff 4
ff 5
ff 6
ff
iptables 0
ff 1
ff 2
ff 3
ff 4
ff 5
ff 6
ff
[email protected] [~]# chkconfig --list | grep ports
portsentry 0
ff 1
ff 2
ff 3
ff 4
ff 5
ff 6
ff
Because this process / service / implementation has been disabling our designed firewall, we chmod-ded /etc/init.d/iptables 000:
[email protected] [~]# ls -lrt /etc/init.d/ | grep iptables
---------- 1 root root 7460 Nov 2 07:18 iptables
This service has now been throwing the following error with subject line at 3, 23, and 43 minutes after the hour:
Subject: Cron <
[email protected]> /sbin/service portsentry restart >/dev/null && /sbin/service iptables restart >/dev/null
iptables: unrecognized service
[email protected] [~]# grep -E 'portsentry|iptables' -rl /var/spool/cron
[email protected] [~]# crontab -l | grep -E 'portsentry|iptables'
There are no references in /etc/crontab or any other cronjob entries to jobs that start at 3, 23, and 43 minutes after the hour, but we're quite positive it is a cpanel cronjob that is doing this.
Our custom firewall runs fine. The only rules in existence that we have not flushed are the following:
Chain acctboth (0 references)
pkts bytes target prot opt in out source destination
99 5927 tcp -- !lo *
www.xxx.yyy.zzz 0.0.0.0/0 tcp dpt:80
62 10583 tcp -- !lo * 0.0.0.0/0
www.xxx.yyy.zzz tcp spt:80
What causes this job to run? How do we disable it as we consider deploying additional cpanel hosts? Where is the documentation for the portsentry implementation on whm/cpanel 11.25?
