AppConfig and Mod Security

[BillyS]

When working in WHM, in Home > Server Configuration > Tweak settings, if I set:

Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM

To Off (since I'm assuming this is a more secure setting and the reason the feature was added...)

The Mod Security Add On Provides the following error:

HTTP error 401

cgi/addon_modsec.cgi

WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL.

To enable this functionality you must do one of the following: Register this addon using /usr/local/cpanel/bin/register_appconfig (AppConfig), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to /var/cpanel/cpanel.config, and run /usr/local/cpanel/etc/init/startcpsrvd

I'm not sure if the above really means Mod Security was turned off or it just wasn't accessable to me. I had just run EasyApache, so the Mod Security log was empty when I noticed the problem.

Is the above telling me the solution is as easy as running?:

/usr/local/cpanel/bin/register_appconfig /cgi/addon_modsec.cgi

Bill

 

[Daky]

I would like to know how to register this as well.


HTTP error 401
cgi/addon_modsec.cgi

WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL. To enable this functionality you must do one of the following: Register this addon using /usr/local/cpanel/bin/register_appconfig (AppConfig), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to /var/cpanel/cpanel.config, and run /usr/local/cpanel/etc/init/startcpsrvd


Please advise!

 

[quietFinn]

I'm not sure if the above really means Mod Security was turned off or it just wasn't accessable to me.

ModSecurity was not turned off, but you could not access addon_modsec.

Is the above telling me the solution is as easy as running?:

/usr/local/cpanel/bin/register_appconfig /cgi/addon_modsec.cgi

No, to register it you need a config file, see here:
AppConfig

 

[BillyS]

quietFinn -

That's where I was looking... I'm on 11.38.1+, so I'm looking at these instructions:

Once 11.38.1+ is available, you should refrain from installing your app config manually. You should use the new tools available:

/usr/local/cpanel/bin/register_appconfig <appconfig_file>


That's why I was suggestion this:

/usr/local/cpanel/bin/register_appconfig /cgi/addon_modsec.cgi

 

[quietFinn]

/usr/local/cpanel/bin/register_appconfig <appconfig_file>

<appconfig_file> is the configuration file for the application you are registering.

 

[Daky]

and what would be the conf file for this application?

thnx

 

[quietFinn]

and what would be the conf file for this application?

This should work, file addon_modsec.conf in /var/cpanel/apps:

# name
name=addon_modsec

# Service that will serve this app
service=whostmgr
 
# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_modsec.cgi
 
# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=addon_modsec

then just run:

/usr/local/cpanel/bin/register_appconfig addon_modsec.conf

 

[cPanelMichael]

Yes, the example in the previous post will register the Mod_Security plugin with AppConfig. I tested this on a server and confirmed it works as expected. To note, there is an internal case open to address the AppConfig registration of plugins that are distributed with cPanel/WHM. For reference, the case number is 72993. It's not yet been determined if any changes in the behavior will be implemented.

Thank you.

 

[Daky]

This should work, file addon_modsec.conf in /var/cpanel/apps:

# name
name=addon_modsec

# Service that will serve this app
service=whostmgr
 
# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_modsec.cgi
 
# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=addon_modsec

then just run:

/usr/local/cpanel/bin/register_appconfig addon_modsec.conf

Thank you!

That worked.

I am having issue with clamv as well.

cgi/addon_clamavconnector.cgi

WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the "all" ACL. To enable this functionality you must do one of the following: Register this addon using /usr/local/cpanel/bin/register_appconfig (AppConfig), Enable the "Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM" option in "Tweak Settings", or add permit_unregistered_apps_as_root=1 to /var/cpanel/cpanel.config, and run /usr/local/cpanel/etc/init/startcpsrvd

Could you PLEASE help with this one?

Thanks

 

[cPanelMichael]

You should be able to use the same method for registering the ClamAV plugin that was used for Mod_Security. Simply update the file names to match the ClamAV plugin.

Thank you.

 

[Daky]

Worked, thanks

 

[BillyS]

Thanks quietFinn and CPanelMichael, I'll give this a try too.

 

[SuperBaby]

This should work, file addon_modsec.conf in /var/cpanel/apps:

# name
name=addon_modsec

# Service that will serve this app
service=whostmgr
 
# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_modsec.cgi
 
# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=addon_modsec

then just run:

/usr/local/cpanel/bin/register_appconfig addon_modsec.conf

This solves the problem. Thanks.

 

[Secmas]

Hello QuietFinn,
I am trying to create an addon_rvsitebuilder.conf with the following commands in the file:

# name
name=rvsitebuilder

# Service that will serve this app
service=whostmgr

# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_rvsitebuilder.cgi

# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=RVSiteBuilder

# Url to show in the service ui (relative to install path for whm this is cgi/)
entryurl=rvsitebuilder/index.php

But now it shows:
HTTP error 401
cgi/rvsitebuilder/index.php

What I have missed here?

Thanks in advance for your help.

Regards,

Sergio

 

[quietFinn]

You have the line:

entryurl=rvsitebuilder/index.php

Is that correct?

entryurl is optional key so you could try without it.

 

[Secmas]

Hello QuietFinn,
finally I managed to set the correct conf file for RVSBuilder, just in case someone needs it:

# name
name=rvsitebuilder

# Service that will serve this app
service=whostmgr

# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/addon_rvsitebuilder.cgi
url2=/cgi/rvsitebuilder/setup.php
url3=/cgi/rvsitebuilder/index.php
url4=/cgi/rvsitebuilder/optimizer.php
url5=/cgi/rvsitebuilder/themes/default/sitebuilder/css/style.php
url6=/cgi/rvsitebuilder/themes/default_admin/sitebuilder/css/style.php
url7=/cgi/rvsitebuilderinstaller/index.php
url8=/cgi/rvsitebuilderinstaller/templates/installer.php
url9=/cgi/rvsitebuilder/themes/default/css/installer.php

# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=RVSiteBuilder

Thanks to the RVSB team for giving me all the URLs needed for this to work.

Sergio

 

[Secmas]

Just in case someone needs the conf file for RVSKIN, here are the commands:

# name
name=rvskin

# Service that will serve this app
service=whostmgr

# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/cgi/rvskinmanager/index.cgi
url2=/cgi/rvskinmanager/Rvbranding.cgi
url3=/cgi/rvskinmanager/rvDisableCpanelpackageFeatures.cgi
url4=/cgi/rvskinmanager/rvMainFtp.cgi
url5=/cgi/rvskinmanager/rvskinclearcache.cgi
url6=/cgi/rvskinmanager/Rvskinmanager.cgi
url7=/cgi/rvskinmanager/rvskinnewsmysql.cgi
url8=/cgi/addon_rvskinmanager.cgi

# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=RVSkin

Thanks to the RVSB team for giving me all the URLs needed for this to work.

Now I just need the Fantastico commands...

Sergio

 

[yamaharr1]

When I try to run

/usr/local/cpanel/bin/register_appconfig addon_modsec.conf

I get

The 'conf_file' must be readable and a plain file.

Anyone else getting this?

 

[cPanelMichael]

Have you created the addon_modsec.conf file in the /var/cpanel/apps directory?

Thank you.

 

[did-vmonroig]

When I try to run

/usr/local/cpanel/bin/register_appconfig addon_modsec.conf

I get

Anyone else getting this?

I've solved it using:

/usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/addon_modsec.conf