Why Doesn't HSS Generate Alarms for Some Web Shell Files?
Symptom
HSS does not report alarms for some web shell files.
Possible Causes
The default handle usage of the HSS is 30% of the maximum handles on the server. If the number of user files exceeds the upper limit of the handles scanned by HSS, HSS will be unable to check all the web shell files. As a result, no alarm is reported for unchecked files.
Solution
- Log in to the server.
- Create the check_inotify.sh file. Copy and save the following content to the file:
#!/bin/bash # Enable the floating-point number comparison mode of Bash. shopt -s globstar nullglob # Obtain the value of sysctl fs.inotify.max_user_watches. max_user_watches=$(sysctl -n fs.inotify.max_user_watches) # Calculate the value multiplied by 30%. threshold=$(echo "$max_user_watches * 0.3" | awk '{print int($1)}') # Calculate the number of files in the /opt/app directory. app_files_count=$(find /opt/app -type f | wc -l) # Compare and output the result. if [[ "$app_files_count" -gt "$threshold" ]]; then echo "Current value of fs.inotify.max_user_watches: $max_user_watches" echo "Number of files in the /opt/app directory: $app_files_count" echo "Handle usage problem exists." else echo "Current value of fs.inotify.max_user_watches: $max_user_watches" echo "Number of files in the /opt/app directory: $app_files_count" echo "There are no handle usage problems." fi
- Run the following command to execute the check_inotify.sh file:
chmod +x check_inotify.sh./check_inotify.sh
If the command output shows Handle usage problem exists, in the upper right corner of the Huawei Cloud console, choose Service Tickets > Create Service Ticket and submit a service ticket to contact technical support.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot