[CPANEL-19869] Apache mod_evasive permissions

Otávio Serra

Active Member
Apr 27, 2015
36
9
58
Brazil
cPanel Access Level
Root Administrator
Hi,

I have enabled mod_evasive in EasyApache 4 and Apache 2.4 and etc. But when I try to restart Apache via command line it throws a lot of permission's denied errors messages like:

[[email protected] apache2]# /scripts/restartsrv_apache
...
Sep 24 12:09:04 server.tld mod_evasive[7963]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-xxx.xxx.xxx.xxx: Permission denied
...
[[email protected] apache2]#

So I went to specific folder and it appear to have the correct permissions or I'm wrong?

[[email protected] apache2]# pwd
/var/log/apache2
[[email protected] apache2]# ls -la
...
drwxrwx---. 2 root nobody 6 Sep 24 12:06 mod_evasive
...
[[email protected] apache2]#
 

Otávio Serra

Active Member
Apr 27, 2015
36
9
58
Brazil
cPanel Access Level
Root Administrator

Otávio Serra

Active Member
Apr 27, 2015
36
9
58
Brazil
cPanel Access Level
Root Administrator
When you originally installed it, did the installation complete properly?
No apparent errors was show. mod_evasive is working too. I changed some times in EasyAPache 4 with mod_evasive and without mod_evasive and all works normally. The problem is only with permissions on log's folder of mod_evasive I think.

Do you think I need one support ticket or can I change the permissions of this folder to solve the problem? If I need to change permission, I need know what group and user and permission code to change it by myself
 

Otávio Serra

Active Member
Apr 27, 2015
36
9
58
Brazil
cPanel Access Level
Root Administrator
Here the total output of /scripts/restartsrv_apache

Code:
[[email protected] apache2]# /scripts/restartsrv_apache
Waiting for “httpd” to restart gracefully …waiting for “httpd” to initialize ………finished.

Service Status
        httpd (/usr/sbin/httpd -k start) is running as nobody with PID 9751 (systemd+/proc check method).
        httpd (/usr/sbin/httpd -k start) is running as nobody with PID 10332 (systemd+/proc check method).
        httpd (/usr/sbin/httpd -k start) is running as root with PID 20684 (systemd+/proc check method).
        httpd (/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.tld --suffix=-bytes_log) is running as root with PID 28436 (systemd+/proc check method).
        httpd (/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.tld --mainout=/etc/apache2/logs/access_log) is running as root with PID 28437 (systemd+/proc check method).

Startup Log
        Sep 24 14:49:55 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
        Sep 24 14:49:55 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
        Sep 24 14:49:56 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
        Sep 24 14:49:56 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
        Sep 24 15:02:56 server.tld mod_evasive[26733]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 15:02:56 server.tld mod_evasive[26733]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 15:02:56 server.tld mod_evasive[26984]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 17:33:42 server.tld mod_evasive[7823]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 17:33:42 server.tld mod_evasive[8437]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 17:33:42 server.tld mod_evasive[7823]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied

Log Messages
        [Mon Sep 24 16:51:18.404731 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:43:32.976593 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:41:20.832258 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:36:18.426412 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:34:44.291316 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:34:33.236847 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:29:04.410000 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:28:53.523135 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:16:14.084655 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:07:33.999276 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:07:23.102997 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:07:02.730260 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 14:43:44.297225 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 14:43:43.849362 2018] [:notice] [pid 20681] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.

httpd restarted successfully.
[[email protected] apache2]#
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,272
313
Houston
Hi @Otávio Serra

I checked in on this ticket and it appears the analyst found that the issue is related to mod_ruid2 and there is currently an open case on this behavior: CPANEL-19869 Updates to this case will be added to our changelogs when they're available. You can check them here: Change Logs - Change Logs - cPanel Documentation

Thanks!
 

Nurs1927

Well-Known Member
Nov 22, 2015
92
7
58
Spain
cPanel Access Level
Root Administrator
Hi @Otávio Serra

I checked in on this ticket and it appears the analyst found that the issue is related to mod_ruid2 and there is currently an open case on this behavior: CPANEL-19869 Updates to this case will be added to our changelogs when they're available. You can check them here: Change Logs - Change Logs - cPanel Documentation

Thanks!
Hello, I have this problem too, with this errors:
Code:
[Wed Oct 10 15:06:05.295265 2018] [:notice] [pid 10967] mod_ruid2/0.9.8 enabled
[Wed Oct 10 15:06:05.295919 2018] [mpm_prefork:notice] [pid 10967] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
Is this issue solved?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,272
313
Houston
Hello @Nurs1927

This issue is not resolved but will be added to our ChangeLogs when it is as indicated previously. Furthermore, we'll update this thread when it is resolved as of right now the case is not fixed and is still being monitored.

Right now the only workaround available is to change the permissions of /var/log/apache2/mod_evasive to 1777 or stop using the two in conjunction.

Thanks!
 
  • Like
Reactions: Nurs1927

rhm.geerts

Well-Known Member
Jul 29, 2008
147
15
68
Maastricht
cPanel Access Level
Root Administrator
Is there any insight when this can be solved?
This is an issue since end september 2018 so (in a couple of days) already 7 months ago.

The funny thing is that a couple of logs did get written. But when looking at the httpd status we got the permission denied.
So at this moment we're using the temp workaround too, but it would be nice if this could really be fixed.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,272
313
Houston
Hello @rhm.geerts

As of right now, the case is assigned to a team, the team has it on their backlog but it is not fixed and I do not have an ETA on when it will be resolved.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,272
313
Houston
Hello,

Unfortunately this case was marked as "Won't Fix" due to security concerns with having to modify permissions. The issue being the resolution for this when using mod_ruid2 is to modify the permissions of /var/log/apache2/mod_evasive to 1777