In this thread the Service Status page showing all services down (when they are actually not) is solved by switching OFF RESTRICT_SYSLOG in CSF -- a very risky idea.
What if I don't want to disable RESTRICT_SYSTLOG since that's an important security measure. I want the highest setting for this which is: 3 = Restrict syslog/rsyslog access to RESTRICT_SYSLOG_GROUP ** RECOMMENDED **
There is another way to fix this issue, and that's by adding the USER of whatever process is to generating cPanel's SERVICE STATUS to /etc/csf/csf.syslogusers as follows:
Ergo, the question for those of us who want to run RESTRICT_SYSLOG at the sensible maximum setting:
What USER actually runs the process that is generating the SERVICE STATUS page in WHM? (Process would be good to know also.)
Having some trouble pinning it down in cP documentation. (Is the process chkservd ?)
Can you provide the process and user cPanel runs to create this page, please?
Then I can whitelist that user (is it "nobody"?) and keep the safety, a far better solution than disabling log protection so that any intruder on any username can't go in and modify my system logs and thereby thwart the warnings generated from those logs.
What if I don't want to disable RESTRICT_SYSTLOG since that's an important security measure. I want the highest setting for this which is: 3 = Restrict syslog/rsyslog access to RESTRICT_SYSLOG_GROUP ** RECOMMENDED **
There is another way to fix this issue, and that's by adding the USER of whatever process is to generating cPanel's SERVICE STATUS to /etc/csf/csf.syslogusers as follows:
"You can add users to this group by changing /etc/csf/csf.syslogusers and then
restarting lfd afterwards. This will create the system group and add the
users from csf.syslogusers if they exist to that group and will change the
permissions on the syslog/rsyslog unix socket(s)."
restarting lfd afterwards. This will create the system group and add the
users from csf.syslogusers if they exist to that group and will change the
permissions on the syslog/rsyslog unix socket(s)."
Ergo, the question for those of us who want to run RESTRICT_SYSLOG at the sensible maximum setting:
What USER actually runs the process that is generating the SERVICE STATUS page in WHM? (Process would be good to know also.)
Having some trouble pinning it down in cP documentation. (Is the process chkservd ?)
Can you provide the process and user cPanel runs to create this page, please?
Then I can whitelist that user (is it "nobody"?) and keep the safety, a far better solution than disabling log protection so that any intruder on any username can't go in and modify my system logs and thereby thwart the warnings generated from those logs.