Possible root compromise detected: Failed to create directory /dev/null – cPanel

Hey, have you ever got this email from cPanel?

Attempts to create new directories or files whose file-names begin with numbers have failed.
This is indicative of a root compromise of the server.

The exact error encountered was:

Failed to create directory /dev/null: No such file or directory

Are you worried of this email? Hey, don’t be tensed, here is the solution. Actually, it is not a root level compromise. Try the following steps to fix this problem.

Just check the disk space of your server especially the disk space usage of /tmp using df command. Try the following:

#df -h or df -h /tmp

In most cases, there will be enough disk space in /tmp. Please see a sample output given below:

root@server [~]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3       909G   78G  785G  10% /
tmpfs           3.9G     0  3.9G   0% /dev/shm
/dev/sda1       194M  129M   56M  70% /boot
/usr/tmpMnt     7.6G  1.1G  6.1G  15% /tmp

root@server [~]# df -h /tmp
Filesystem      Size  Used Avail Use% Mounted on
/usr/tmpMnt     7.6G  1.1G  6.1G  15% /tmp

Now, try df -i

root@server [~]# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda3 60481536 709298 59772238 2% /
tmpfs 173825 1 173824 1% /dev/shm
/dev/sda1 51200 59 51141 1% /boot
/usr/tmpMnt 500960 500425 535 100% /tmp

Yes, the problem for receiving this email is /tmp has reached its inode limit. Now, you need to clear some unnecessary files from /tmp to fix this problem.

Hope this helps!!!

cPanel icon is missing from WHM’s List accounts option

Post navigation

Heba Habeeb

Working as a Linux Server Admin, Infopark, Cochin, Kerala.

One thought on “Possible root compromise detected: Failed to create directory /dev/null – cPanel

  1. Hello Heba,

    Can you please mention which files from /tmp can be delete with out any issues. Because /tmp consist many files. Which files are important and which is not important.

Leave a Reply

Your email address will not be published. Required fields are marked *