Parallels Plesk and Atomic Secured Linux

If you are experiencing HTTP 500 Internal Server Error messages from the license management part of the Parallels Plesk control panel when running on Atomic Secured Linux, then you are probably running into some buggy anti-reverse engineering code that Parallels have built into the Plesk software.

It seems that Parallels are using ptrace to determine if someone has attached a debugger to Plesk in order to reverse engineer it. The problem is that AtomiCorp have implemented GRSecurity ptrace protection in the Atomic Secured Linux kernel in order to prevent malicious software such as TTY sniffers and Parallels Plesk is incorrectly interpreting it’s inability to ptrace as suspicious debugging behaviour.

Until Parallels fix this behaviour in Plesk (and there is no sign that they will, given that it has been a known issue for many months), then the only thing that you can to is disable the GRSecurity ptrace feature in the Atomic Secured Linux kernel. This can be done whilst the system is running using sysctl:

sysctl -w kernel.grsecurity.harden_ptrace=0

In order to make this change permanent so that it doesn’t disappear every time you reboot your server, you will need to edit /etc/sysctl.conf and add the following line:

kernel.grsecurity.harden_ptrace = 0

Now restart the Parallels Plesk service and enjoy your error free license management 🙂

Share

1 Response

Leave a Reply