Community Forums
Connect with us on LinkedIn
Community Notice
+ Reply to Thread
Results 1 to 13 of 13
  1. #1
    Member
    Join Date
    Dec 2003
    Posts
    33

    Default mod_security problems

    It appears after something has been written to the audit_log when running
    10.8.1-R21 when you click on mod_security in WHM it shows up with the header
    saying mod_security and the page blank.

    http://bugzilla.cpanel.net/show_bug.cgi?id=3486

  2. #2
    Member bamasbest's Avatar
    Join Date
    Jan 2004
    Posts
    531

    Default

    Funny, no blank page for me 10.8.1-S23

    Is your mysql database "modsec" being updated hoursly by the modsec cron job?

  3. #3
    Member
    Join Date
    Nov 2002
    Posts
    53

    Default

    Make sure you have this in your httpd.conf

    SecAuditEngine On
    SecAuditLog logs/audit_log

    This fixed the problem for me.
    www.HostDome.com
    MSN: Sales@HostDome.com
    AIM: HDomeJosh
    EMail: Paint@HostDome.com

  4. #4
    Member
    Join Date
    Nov 2002
    Posts
    53

    Default

    Also once you do that, you need to make a slight change.
    pico /etc/cron.hourly/modsecparse.pl
    go to the $dbpassword= line and get your password. Then,

    pico /usr/local/cpanel/whostmgr/docroot/cgi/addon_modsec.cgi
    and make sure that the password for $dbpassword=" matches. If not, change it and save the file. Then it should show up fine for you.
    www.HostDome.com
    MSN: Sales@HostDome.com
    AIM: HDomeJosh
    EMail: Paint@HostDome.com

  5. #5
    Member myusername's Avatar
    Join Date
    Mar 2003
    Location
    chown -R us.us *yourbase*
    Posts
    699
    cPanel/Enkompass Access Level

    DataCenter Provider

    Default

    Not that the edit button works in Internet Explorer anyways if you do get it to show up you need to use FireFox
    GlowHost.com | Professional Managed Web Hosting Since 2002.
    >> Fully Managed Dedicated, Cloud VDS, Reseller & Semi-Dedicated
    >> Cloud Servers for Enterprise

  6. #6
    Member
    Join Date
    Jan 2004
    Posts
    21

    Default

    Quote Originally Posted by paint
    Also once you do that, you need to make a slight change.
    pico /etc/cron.hourly/modsecparse.pl
    go to the $dbpassword= line and get your password. Then,

    pico /usr/local/cpanel/whostmgr/docroot/cgi/addon_modsec.cgi
    and make sure that the password for $dbpassword=" matches. If not, change it and save the file. Then it should show up fine for you.

    Great! It worked for me.
    bye

  7. #7
    Member stugster's Avatar
    Join Date
    Apr 2002
    Location
    Edinburgh, UK
    Posts
    78
    cPanel/Enkompass Access Level

    Root Administrator

    Angry

    Sorry to exhume such an old thread, but since upgrading to mySQL 5, I have been having this issue with the hourly cron too.

    ----------

    /etc/cron.hourly/modsecparse.pl:

    DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19 Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.

    ----------


    Also, on top of this error, a few clients are complaining that Horde is now giving the error:

    "A fatal error has occured, could not connect to database for sql sessionhandler".


    mySQL however appears to be working and querying the database through PHP or directly is working fine.

  8. #8
    Member
    Join Date
    Feb 2003
    Posts
    191

    Default

    We're now experiencing the same problem here, across multiple servers. Every hour:

    Code:
    /etc/cron.hourly/modsecparse.pl:
    
    DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19
    Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.
    I've checked the two passwords as per the previous post by "paint" and they do appear to match in all cases. Also, as per paint's other post, the following lines are already included in httpd.conf by default via /usr/local/apache/conf/modsec.conf

    Code:
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    Any chance somebody might have found a fix for this?

  9. #9
    Member
    Join Date
    Oct 2002
    Posts
    67

    Default

    Following an upgrade to MySQL 5, I also have the same problem. I have checked the passwords match per the above and all is OK. I have looked at the template for modsec and find it contains
    <IfModule mod_security.c>
    SecFilterEngine On
    SecFilterCheckURLEncoding On
    SecFilterForceByteRange 0 255
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    SecFilterDebugLog logs/modsec_debug_log
    SecFilterDebugLevel 0
    SecFilterDefaultAction "deny,log,status:406"
    SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
    Include "/usr/local/apache/conf/modsec.user.conf"
    </IfModule>


    However, this material is NOT in the usr/local/apache/confhttp.conf file

    One possible way to proceed would be to use whm/plugins/Mod Security and turn it off then on again. However, that choice produces only a blank screen

    What has to be done?
    Rick Sutcliffe
    http://www.webnamehost.net
    a.k.a. The Northern Spy http://www.thenorthernspy.com

  10. #10
    Member
    Join Date
    Oct 2002
    Posts
    67

    Default

    Maybe I could ask the question this way. What are the (paths to) scripts that shut down mod security and restart it?

    Rick
    Rick Sutcliffe
    http://www.webnamehost.net
    a.k.a. The Northern Spy http://www.thenorthernspy.com

  11. #11
    Member
    Join Date
    Mar 2002
    Posts
    175

    Default

    Quote Originally Posted by rsutc View Post
    Following an upgrade to MySQL 5, I also have the same problem. I have checked the passwords match per the above and all is OK. I have looked at the template for modsec and find it contains
    <IfModule mod_security.c>
    SecFilterEngine On
    SecFilterCheckURLEncoding On
    SecFilterForceByteRange 0 255
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    SecFilterDebugLog logs/modsec_debug_log
    SecFilterDebugLevel 0
    SecFilterDefaultAction "deny,log,status:406"
    SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
    Include "/usr/local/apache/conf/modsec.user.conf"
    </IfModule>


    However, this material is NOT in the usr/local/apache/confhttp.conf file

    One possible way to proceed would be to use whm/plugins/Mod Security and turn it off then on again. However, that choice produces only a blank screen

    What has to be done?
    For anyone reading this post - the same thing happened to me. Upgraded to Apache 2.2, and mod security was producing a blank screen.

    I fixed it by emptying the *huge* (1.9GB) modsec table in mysql and recompiled apache.

  12. #12
    Member wolfy's Avatar
    Join Date
    Jul 2005
    Location
    Canada
    Posts
    45

    Default

    fyi. whm/plugins/Mod Security is now obsoliete.
    instalation of mod_security is now handled by easyapache3

  13. #13
    Member FeeL's Avatar
    Join Date
    Apr 2004
    Location
    Rio de janeiro
    Posts
    142
    cPanel/Enkompass Access Level

    Reseller Owner

    Question Upgrading mysql



    I had the same error told by stugster.
    Should I disable the whm/plugins/Mod Security ?
    Whould it prevent the error of the cron?

    Thank you.
    -----------
    FeeL Buarque
    SysAdmin.

Similar Threads & Tags
Similar threads

  1. Mod_Security to go from 2.1 to 2.5
    By daveformerlyof in forum cPanel and WHM Discussions
    Replies: 12
    Last Post: 07-24-2008, 03:36 PM
  2. Mod_security
    By procam in forum cPanel and WHM Discussions
    Replies: 18
    Last Post: 08-14-2007, 01:02 PM
  3. Anybody using mod_security 2.x yet ?
    By nyjimbo in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 07-30-2007, 08:18 AM
  4. mod_security ???
    By damainman in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 12-14-2003, 02:23 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube