The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AppConfig and Mod Security

Discussion in 'Security' started by BillyS, Jul 13, 2013.

  1. BillyS

    BillyS Active Member

    Joined:
    Mar 22, 2013
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    When working in WHM, in Home > Server Configuration > Tweak settings, if I set:

    Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM

    To Off (since I'm assuming this is a more secure setting and the reason the feature was added...)

    The Mod Security Add On Provides the following error:

    I'm not sure if the above really means Mod Security was turned off or it just wasn't accessable to me. I had just run EasyApache, so the Mod Security log was empty when I noticed the problem.

    Is the above telling me the solution is as easy as running?:

    Code:
    /usr/local/cpanel/bin/register_appconfig /cgi/addon_modsec.cgi
    Bill
     
  2. Daky

    Daky Well-Known Member

    Joined:
    May 22, 2005
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    I would like to know how to register this as well.


    HTTP error 401
    cgi/addon_modsec.cgi

    WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL. To enable this functionality you must do one of the following: Register this addon using /usr/local/cpanel/bin/register_appconfig (AppConfig), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to /var/cpanel/cpanel.config, and run /usr/local/cpanel/etc/init/startcpsrvd


    Please advise!
     
  3. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    ModSecurity was not turned off, but you could not access addon_modsec.


    No, to register it you need a config file, see here:
    AppConfig
     
  4. BillyS

    BillyS Active Member

    Joined:
    Mar 22, 2013
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    quietFinn -

    That's where I was looking... I'm on 11.38.1+, so I'm looking at these instructions:

    Once 11.38.1+ is available, you should refrain from installing your app config manually. You should use the new tools available:

    /usr/local/cpanel/bin/register_appconfig <appconfig_file>


    That's why I was suggestion this:
    Code:
    /usr/local/cpanel/bin/register_appconfig /cgi/addon_modsec.cgi
     
  5. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    <appconfig_file> is the configuration file for the application you are registering.
     
  6. Daky

    Daky Well-Known Member

    Joined:
    May 22, 2005
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    and what would be the conf file for this application?

    thnx
     
  7. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    This should work, file addon_modsec.conf in /var/cpanel/apps:
    Code:
    # name
    name=addon_modsec
    
    # Service that will serve this app
    service=whostmgr
     
    # Physical path: /usr/local/cpanel/3rdparty/Foo.php
    # Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
    url=/cgi/addon_modsec.cgi
     
    # System user to run process as
    user=root
    
    # Required acls
    acls=any
    
    # Display name as show in the service ui
    displayname=addon_modsec
    
    then just run:
    Code:
    /usr/local/cpanel/bin/register_appconfig addon_modsec.conf
    
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,682
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, the example in the previous post will register the Mod_Security plugin with AppConfig. I tested this on a server and confirmed it works as expected. To note, there is an internal case open to address the AppConfig registration of plugins that are distributed with cPanel/WHM. For reference, the case number is 72993. It's not yet been determined if any changes in the behavior will be implemented.

    Thank you.
     
  9. Daky

    Daky Well-Known Member

    Joined:
    May 22, 2005
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Thank you!

    That worked.

    I am having issue with clamv as well.

    cgi/addon_clamavconnector.cgi

    WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL. To enable this functionality you must do one of the following: Register this addon using /usr/local/cpanel/bin/register_appconfig (AppConfig), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to /var/cpanel/cpanel.config, and run /usr/local/cpanel/etc/init/startcpsrvd

    Could you PLEASE help with this one?

    Thanks
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,682
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You should be able to use the same method for registering the ClamAV plugin that was used for Mod_Security. Simply update the file names to match the ClamAV plugin.

    Thank you.
     
  11. Daky

    Daky Well-Known Member

    Joined:
    May 22, 2005
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Worked, thanks
     
  12. BillyS

    BillyS Active Member

    Joined:
    Mar 22, 2013
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks quietFinn and CPanelMichael, I'll give this a try too.
     
  13. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    This solves the problem. Thanks.
     
  14. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Hello QuietFinn,
    I am trying to create an addon_rvsitebuilder.conf with the following commands in the file:
    But now it shows:
    HTTP error 401
    cgi/rvsitebuilder/index.php

    What I have missed here?

    Thanks in advance for your help.

    Regards,

    Sergio
     
  15. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You have the line:
    Is that correct?

    entryurl is optional key so you could try without it.
     
  16. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Hello QuietFinn,
    finally I managed to set the correct conf file for RVSBuilder, just in case someone needs it:

    Thanks to the RVSB team for giving me all the URLs needed for this to work.

    Sergio
     
    #16 Secmas, Aug 2, 2013
    Last edited: Aug 2, 2013
  17. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Just in case someone needs the conf file for RVSKIN, here are the commands:

    Thanks to the RVSB team for giving me all the URLs needed for this to work.

    Now I just need the Fantastico commands...

    Sergio
     
  18. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    When I try to run

    Code:
    /usr/local/cpanel/bin/register_appconfig addon_modsec.conf
    I get
    Anyone else getting this?
     
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,682
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  20. did-vmonroig

    did-vmonroig Active Member

    Joined:
    Feb 6, 2012
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I've solved it using:

    Code:
    /usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/addon_modsec.conf
     
Loading...

Share This Page