Issue
- User can't login into the Imunify UI on stand-alone installation due to the error:
"Can't connect to agent. Check php part of application."
- Users see the blank page or product installation page instead of the UI:
- In the webserver's logs there are errors like this:
Uncaught Error: Call to undefined function Imunify360\panels\json_decode()
Environment
- Imunify360 stand-alone
- ImunifyAV stand-alone
- Any OS
Solution
There are several causes of this issue:
- Wrong ui_path or ui_path_owner in /etc/sysconfig/imunify360/integration.conf
- Wrong permissions of ui_path directory.
- File {ui_path}/bin/execute.py is not executable.
- PHP proc_open placed in disable_functions.
- On server with CageFS directory /var/run/defence360agent is not maped in /etc/cagefs/cagefs.mp.
- There is a problem with authorization at the agent level.
- The problems are related to SELinux running on the server.
- Not all the necessary PHP modules to run the UI are installed on the server.
Resolution and troubleshooting.
1. Check /etc/sysconfig/imunify360/integration.conf - ui_path, ui_path_owner and service_name should persist and have valid values. Additional details about configuration available here: https://docs.imunify360.com/installation/#imunify360-stand-alone-non-panel-generic-panel-integration
2. Check permissions of files in the ui_path - owner should be the same, as setup in ui_path_owner. Directories should have 755, files 644 permissions.
3. File {ui_path}/bin/execute.py should be executable.
cd /path/to/installation/directory/
chmod +x ./bin/execute.py
chmod +x ./sbin/execute.py
4. Create phpinfo() in the ui_path and check disable_functions - if proc_open will be disabled, remove it from the disable functions list and restart webserver.
5. To allow non-root user in CageFS access to the socket, this workaround from our docs should be applied: https://docs.imunify360.com/installation/#there-are-four-main-steps-in-general-required-for-having-imunify360-stand-alone-running-on-your-server
# create directory for moun-point
mkdir /imunify-ui-shared
# add symlink for user which belong to UI backend `imunify-web` in this example)
ln -s /var/run/defence360agent /imunify-ui-shared/imunify-web
# add symlink to cagefs skeleton
rm -f /usr/share/cagefs-skeleton/var/run/defence360agent
ln -s /imunify-ui-shared/imunify-web /usr/share/cagefs-skeleton/var/run/defence360agent
# add mount point to cagefs
echo "%/imunify-ui-shared" >> /etc/cagefs/cagefs.mp
# remount all
cagefsctl --remount-all
Note that the user name (in the example above it is imunify-web) must match the symlink name. And cagefs for the user is enabled:
# cagefsctl --user-status imunify-web
Enabled
Additional info about cagefs.mp available here https://docs.cloudlinux.com/cloudlinux_os_components/#mount-points
If user the user is not escaping cage, UI may not react to clicks that represents commands and stuck on installation for example:
{command: "installation", method: ["start"], params: {}}
6. Check agent authorization from CLI. Additional details available here: https://docs.imunify360.com/command_line_interface/#login
imunify360-agent login pam --username root --password mySup3rpass
This command should return auth token, if authorization works fine.
7. SELinux support should be installed on server, or SELinux should be disabled (for the duration of testing).
- SELinux Support installation in our docs.
- A command to shut down SELinux:
setenforce 0
- A command to check SELinux status:
sestatus
8. Prerequisites for Imunify installation available in our docs here https://docs.imunify360.com/installation/#_1-prerequisites.
In case php-json is not installed and the UI is not available, the following steps can be taken:
a) In the directory with the UI files on the server, create a file that outputs phpinfo();
b) Find out which version of PHP is used to handle the domain that hosts the UI on the server.
c) Install the php-json extension for the correct version of PHP. For example, for the basic version of PHP on a CentOS server, just execute:
yum install php-json
d) Restart the service responsible for handling PHP (usually Apache or PHP-FPM).
Comments
0 comments
Please sign in to leave a comment.