|
|||
|
mod_security problems
It appears after something has been written to the audit_log when running
10.8.1-R21 when you click on mod_security in WHM it shows up with the header saying mod_security and the page blank. http://bugzilla.cpanel.net/show_bug.cgi?id=3486 |
|
|||
|
Make sure you have this in your httpd.conf
SecAuditEngine On SecAuditLog logs/audit_log This fixed the problem for me.
__________________
www.HostDome.com MSN: Sales@HostDome.com AIM: HDomeJosh EMail: Paint@HostDome.com |
|
|||
|
Also once you do that, you need to make a slight change.
pico /etc/cron.hourly/modsecparse.pl go to the $dbpassword= line and get your password. Then, pico /usr/local/cpanel/whostmgr/docroot/cgi/addon_modsec.cgi and make sure that the password for $dbpassword=" matches. If not, change it and save the file. Then it should show up fine for you.
__________________
www.HostDome.com MSN: Sales@HostDome.com AIM: HDomeJosh EMail: Paint@HostDome.com |
|
|||
|
Quote:
Great! It worked for me. bye |
|
|||
|
Sorry to exhume such an old thread, but since upgrading to mySQL 5, I have been having this issue with the hourly cron too.
---------- /etc/cron.hourly/modsecparse.pl: DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19 Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19. ---------- Also, on top of this error, a few clients are complaining that Horde is now giving the error: "A fatal error has occured, could not connect to database for sql sessionhandler". mySQL however appears to be working and querying the database through PHP or directly is working fine. |
|
|||
|
We're now experiencing the same problem here, across multiple servers. Every hour:
Code:
/etc/cron.hourly/modsecparse.pl:
DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19
Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.
Code:
SecAuditEngine RelevantOnly SecAuditLog logs/audit_log |
|
|||
|
Following an upgrade to MySQL 5, I also have the same problem. I have checked the passwords match per the above and all is OK. I have looked at the template for modsec and find it contains
<IfModule mod_security.c> SecFilterEngine On SecFilterCheckURLEncoding On SecFilterForceByteRange 0 255 SecAuditEngine RelevantOnly SecAuditLog logs/audit_log SecFilterDebugLog logs/modsec_debug_log SecFilterDebugLevel 0 SecFilterDefaultAction "deny,log,status:406" SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow Include "/usr/local/apache/conf/modsec.user.conf" </IfModule> However, this material is NOT in the usr/local/apache/confhttp.conf file One possible way to proceed would be to use whm/plugins/Mod Security and turn it off then on again. However, that choice produces only a blank screen What has to be done?
__________________
Rick Sutcliffe http://www.webnamehost.net a.k.a. The Northern Spy http://www.thenorthernspy.com |
|
|||
|
Maybe I could ask the question this way. What are the (paths to) scripts that shut down mod security and restart it?
Rick
__________________
Rick Sutcliffe http://www.webnamehost.net a.k.a. The Northern Spy http://www.thenorthernspy.com |
|
|||
|
Quote:
I fixed it by emptying the *huge* (1.9GB) modsec table in mysql and recompiled apache. |
![]() |
| Thread Tools | |
| Display Modes | |
|
|