Good day,
My version is 8.7.11_GA_1854
OS Ubuntu 16.04 lts
I see in cron.log file these lines:
Feb 27 15:56:01 zimbrapastas CRON[406]: Authentication failure
Feb 27 15:58:01 zimbrapastas CRON[1168]: Authentication failure
Feb 27 16:00:01 zimbrapastas CRON[1708]: Authentication failure
Feb 27 16:00:01 zimbrapastas CRON[1711]: Authentication failure
Feb 27 16:00:01 zimbrapastas CRON[1709]: Authentication failure
Feb 27 16:00:01 zimbrapastas CRON[1710]: Authentication failure
Feb 27 16:02:01 zimbrapastas CRON[2492]: Authentication failure
Feb 27 16:04:01 zimbrapastas CRON[3290]: Authentication failure
My cron looks like this:
# Only executes on zimbraVersionCheckInterval. min 2h interval
#
18 */2 * * * /opt/zimbra/libexec/zmcheckversion -c >> /dev/null 2>&1
#
# Invoke "ComputeAggregateQuotaUsageRequest" periodically
#
15 2 * * * /opt/zimbra/libexec/zmcomputequotausage > /dev/null 2>&1
#
# Invoke "client_usage_report.py" periodically to process /opt/zimbra/log/access_log* files
#
55 1 * * * /opt/zimbra/libexec/client_usage_report.py > /dev/null 2>&1
#
# Run zmgsaupdate util to trickeSync galsync accounts
#
49 0 * * 7 /opt/zimbra/libexec/zmgsaupdate > /dev/null 2>&1
#
# crontab.logger
#
# process logs
#
00,10,20,30,40,50 * * * * /opt/zimbra/libexec/zmlogprocess > /tmp/logprocess.out 2>&1
#
# Graph generation
#
10 * * * * /opt/zimbra/libexec/zmgengraphs >> /tmp/gengraphs.out 2>&1
#
# Daily reports
#
30 23 * * * /opt/zimbra/libexec/zmdailyreport -m
#
# crontab.mta
#
#
# Queue logging
#
0,10,20,30,40,50 * * * * /opt/zimbra/libexec/zmqueuelog
#
# Spam training
#
0 22 * * * /opt/zimbra/bin/zmtrainsa >> /opt/zimbra/log/spamtrain.log 2>&1
#
# Spam training cleanup
#
45 23 * * * /opt/zimbra/bin/zmtrainsa --cleanup >> /opt/zimbra/log/spamtrain.log 2>&1
#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate
#
# Spam Bayes auto-expiry
#
20 23 * * * /opt/zimbra/common/bin/sa-learn --dbpath /opt/zimbra/data/amavisd/.spamassassin --force-expire --sync > /dev/null 2>&1
#
# Clean up amavisd/tmp
#
15 5,20 * * * find /opt/zimbra/data/amavisd/tmp -maxdepth 1 -type d -name 'amavis-*' -mtime +1 -exec rm -rf {} \; > /dev/null 2>&1
#
# Clean up the quarantine dir
#
0 1 * * * find /opt/zimbra/data/amavisd/quarantine -type f -mtime +7 -exec rm -f {} \; > /dev/null 2>&1
#
#
#
35 3 * * * /opt/zimbra/bin/zmcbpadmin --cleanup >/dev/null 2>&1
# ZIMBRAEND -- DO NOT EDIT ANYTHING BETWEEN THIS LINE AND ZIMBRASTART
For example when i run by su zimbra
/opt/zimbra/libexec/zmstatuslog
iget status: in stats.log file filled lines, but not by cron
Tried permision fix, any other suggestions is welcome
Errors in cron files and no stats
Re: Errors in cron files and no stats
Updated to 8.8.6 error is still here
-
JDunphy
- Outstanding Member
- Posts: 901
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: Errors in cron files and no stats
Have you verified that sudo looks good. Here is what I have for 8.7.11
Code: Select all
mail:/etc/sudoers.d:44> ls
01_zimbra 02_zimbra-ldap 02_zimbra-proxy
02_zimbra-core 02_zimbra-mta 02_zimbra-store
Re: Errors in cron files and no stats
Thank you for suggestion.
Yes it is the same
persmissions 440
owner user root
owner group root
:/etc/sudoers.d$ ls
01_zimbra 02_zimbra-ldap 02_zimbra-proxy README
02_zimbra-core 02_zimbra-mta 02_zimbra-store
Yes it is the same
persmissions 440
owner user root
owner group root
:/etc/sudoers.d$ ls
01_zimbra 02_zimbra-ldap 02_zimbra-proxy README
02_zimbra-core 02_zimbra-mta 02_zimbra-store
-
JDunphy
- Outstanding Member
- Posts: 901
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: Errors in cron files and no stats
I don't see this in your output from your cron entry.
If you run zmstatuslog as the zimbra user, you should see STATUS lines in /var/log/zimbra-stats.log ... You said earlier you did. So thinking cron errors are unrelated to this problem.
Code: Select all
[zimbra@mail ~]$ crontab -l |grep /opt/zimbra/libexec/zmstatuslog
*/2 * * * * /opt/zimbra/libexec/zmstatuslog > /dev/null 2>&1
Re: Errors in cron files and no stats
JDunphy wrote:I don't see this in your output from your cron entry.If you run zmstatuslog as the zimbra user, you should see STATUS lines in /var/log/zimbra-stats.log ... You said earlier you did. So thinking cron errors are unrelated to this problem.Code: Select all
[zimbra@mail ~]$ crontab -l |grep /opt/zimbra/libexec/zmstatuslog */2 * * * * /opt/zimbra/libexec/zmstatuslog > /dev/null 2>&1
As zimbra user crontab lines exist, i see same output:
# ZIMBRAEND -- DO NOT EDIT ANYTHING BETWEEN THIS LINE AND ZIMBRASTART
zimbra@zimbrapastas:/home/itt$ crontab -l |grep /opt/zimbra/libexec/zmstatuslog
*/2 * * * * /opt/zimbra/libexec/zmstatuslog > /dev/null 2>&1
zimbra@zimbrapastas:/home/itt$
Yes correct, if i run manualy, zmstatuslog i see STATUS lines.
If cron is correct, then when it runs these commands it uses zimbra uses and it does not have enought rigts, maybe it is the reason ?
I have ssh, here is my config:
Code: Select all
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel VERBOSE
# Authentication:
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
AllowUsers zimbra itt
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile<---->%h/.ssh/authorized_keys #PAD20170822
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no-
JDunphy
- Outstanding Member
- Posts: 901
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: Errors in cron files and no stats
Cron running as root is going to switch to zimbra user before running that crontab entry. Generally, when scripts don't work from cron but from a shell, it is because of environment.
Perhaps do this (remove sending output and errors to /dev/null in your crontab entry so you have some output.
/opt/zimbra/libexec/zmstatuslog
Then look for errors after it runs. Do you have a multi-server environment install? I have been looking at the single server install case.
Curious indeed.
Perhaps do this (remove sending output and errors to /dev/null in your crontab entry so you have some output.
/opt/zimbra/libexec/zmstatuslog
Then look for errors after it runs. Do you have a multi-server environment install? I have been looking at the single server install case.
Curious indeed.
-
JDunphy
- Outstanding Member
- Posts: 901
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: Errors in cron files and no stats
You could add this to zimbra's cron entry to see what is happening.
* * * * * env > /tmp/env.output
* * * * * env > /tmp/env.output
-
JDunphy
- Outstanding Member
- Posts: 901
- Joined: Fri Sep 12, 2014 11:18 pm
- Location: Victoria, BC
- ZCS/ZD Version: 9.0.0_P39 NETWORK Edition
Re: Errors in cron files and no stats
cron is where I would be focusing... If you have added /etc/cron.allow or /etc/cron.deny to your distribution ... More in the man pages about how they work and here is a link https://techglimpse.com/solution-cron-s ... ror-solve/
Re: Errors in cron files and no stats
I don't have cron.allow or cron.deny. As I read also in Ubuntu info:
"In the case where neither file exists, the default on current Ubuntu (and Debian, but not some other Linux and UNIX systems) is to allow all users to run jobs with crontab"
My server is single set-up.
Also adding your suggested line in crontab or deleting didnt help, i dont see any more info in logs.
Here is my changes, maybe i put it in wrong ?
Also my /etc/pam.d/cron file looks like this, can you post yours ? maybe also there some errors in my config...
"In the case where neither file exists, the default on current Ubuntu (and Debian, but not some other Linux and UNIX systems) is to allow all users to run jobs with crontab"
My server is single set-up.
Also adding your suggested line in crontab or deleting didnt help, i dont see any more info in logs.
Here is my changes, maybe i put it in wrong ?
Code: Select all
# ZIMBRASTART -- DO NOT EDIT ANYTHING BETWEEN THIS LINE AND ZIMBRAEND
SHELL=/bin/bash
#
# Log pruning
#
30 2 * * * find /opt/zimbra/log/ ! -name 'zmsetup*.log' -type f -name '*.log?*' -mtime +8 -exec rm {} \; > /dev/null 2>&1
35 2 * * * find /opt/zimbra/log/ -type f -name '*.out.????????????' -mtime +8 -exec rm {} \; > /dev/null 2>&1
#
# compress logs manually to avoid application pauses when
# handled through the log4j thread
#
50 2 * * * /opt/zimbra/libexec/zmcompresslogs > /dev/null 2>&1
#
# tmp dir cleaning
#
40 2 * * * /opt/zimbra/libexec/zmcleantmp
#
# Status logging
#
#PAD20180301 */2 * * * * /opt/zimbra/libexec/zmstatuslog > /dev/null 2>&1
* * * * * env > /tmp/env.output
*/2 * * * * /opt/zimbra/libexec/zmstatuslog
#*/10 * * * * /opt/zimbra/libexec/zmdisklog > /dev/null 2>&1
#
# SSL Certificate Expiration Checks
#
0 0 1 * * /opt/zimbra/libexec/zmcheckexpiredcerts -days 30 -email
#
# Backups
#
# BACKUP BEGIN
# BACKUP END
#
# crontab.ldap
#
# Monitor MDB database size
*/30 * * * * /opt/zimbra/libexec/zmldapmonitordb > /dev/null 2>&1
#
#
# crontab.store
#
# Log pruning
#
30 2 * * * find /opt/zimbra/mailboxd/logs/ -type f -name \*log\* -mtime +8 -exec rm {} \; > /dev/null 2>&1
30 2 * * * find /opt/zimbra/log/ -type f -name stacktrace.\* -mtime +8 -exec rm {} \; > /dev/null 2>&1
#
# Report on any database inconsistencies
#
0 23 * * 7 /opt/zimbra/libexec/zmdbintegrityreport -m
#
# Monitor for multiple mysqld to prevent corruption
#
#*/5 * * * * /opt/zimbra/libexec/zmcheckduplicatemysqld -e > /dev/null 2>&1
#
# Check zimbraVersionCheckURL for new update.
# Only runs if this server matches zimbraVersionCheckServer
# Only executes on zimbraVersionCheckInterval. min 2h interval
#
18 */2 * * * /opt/zimbra/libexec/zmcheckversion -c >> /dev/null 2>&1
#
# Invoke "ComputeAggregateQuotaUsageRequest" periodically
#
15 2 * * * /opt/zimbra/libexec/zmcomputequotausage > /dev/null 2>&1
#
# Invoke "client_usage_report.py" periodically to process /opt/zimbra/log/access_log* files
#
55 1 * * * /opt/zimbra/libexec/client_usage_report.py > /dev/null 2>&1
#
# Run zmgsaupdate util to trickeSync galsync accounts
#
49 0 * * 7 /opt/zimbra/libexec/zmgsaupdate > /dev/null 2>&1
#
# crontab.logger
#
# process logs
#
00,10,20,30,40,50 * * * * /opt/zimbra/libexec/zmlogprocess > /tmp/logprocess.out 2>&1
#
# Graph generation
#
#10 * * * * /opt/zimbra/libexec/zmgengraphs >> /tmp/gengraphs.out 2>&1
#
# Daily reports
#
30 23 * * * /opt/zimbra/libexec/zmdailyreport -m
#
# crontab.mta
#
#
# Queue logging
#
0,10,20,30,40,50 * * * * /opt/zimbra/libexec/zmqueuelog
#
# Spam training
#
0 22 * * * /opt/zimbra/bin/zmtrainsa >> /opt/zimbra/log/spamtrain.log 2>&1
#
# Spam training cleanup
#
45 23 * * * /opt/zimbra/bin/zmtrainsa --cleanup >> /opt/zimbra/log/spamtrain.log 2>&1
#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate
#
# Spam Bayes auto-expiry
#
20 23 * * * /opt/zimbra/common/bin/sa-learn --dbpath /opt/zimbra/data/amavisd/.spamassassin --force-expire --sync > /dev/null 2>&1
#
# Clean up amavisd/tmp
#
15 5,20 * * * find /opt/zimbra/data/amavisd/tmp -maxdepth 1 -type d -name 'amavis-*' -mtime +1 -exec rm -rf {} \; > /dev/null 2>&1
#
# Clean up the quarantine dir
#
0 1 * * * find /opt/zimbra/data/amavisd/quarantine -type f -mtime +7 -exec rm -f {} \; > /dev/null 2>&1
#
#
#
35 3 * * * /opt/zimbra/bin/zmcbpadmin --cleanup >/dev/null 2>&1
# ZIMBRAEND -- DO NOT EDIT ANYTHING BETWEEN THIS LINE AND ZIMBRASTARTCode: Select all
/etc/pam.d/cron 606/606 100%
# The PAM configuration file for the cron daemon
@include common-auth
# Sets the loginuid process attribute
session required pam_loginuid.so
# Read environment variables from pam_env's default files, /etc/environment
# and /etc/security/pam_env.conf.
session required pam_env.so
# In addition, read system locale information
session required pam_env.so envfile=/etc/default/locale
@include common-account
@include common-session-noninteractive
# Sets up user limits, please define limits for cron tasks
# through /etc/security/limits.conf
session required pam_limits.so