[CPANEL-19869] Apache mod_evasive permissions

[Otávio Serra]

Hi,

I have enabled mod_evasive in EasyApache 4 and Apache 2.4 and etc. But when I try to restart Apache via command line it throws a lot of permission's denied errors messages like:

[[email protected] apache2]# /scripts/restartsrv_apache
...
Sep 24 12:09:04 server.tld mod_evasive[7963]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-xxx.xxx.xxx.xxx: Permission denied
...
[[email protected] apache2]#

So I went to specific folder and it appear to have the correct permissions or I'm wrong?

[[email protected] apache2]# pwd
/var/log/apache2
[[email protected] apache2]# ls -la
...
drwxrwx---. 2 root nobody 6 Sep 24 12:06 mod_evasive
...
[[email protected] apache2]#

 

[Infopro]

Check to see if this thread is helpful:
setting up mod_evasive with easyapache4 on cloudlinux 7

 

[Otávio Serra]

Check to see if this thread is helpful:
setting up mod_evasive with easyapache4 on cloudlinux 7

No, because mod_evasive is on EasyApache 4. Look...



I didn't install this mod by myself. It's on WHM default EasyApache 4 settings.

The problem is a misconfiguration on permissions of mod_evasive's log folder. So, I want to know what permission I need to change for it works correctly.

 

[Infopro]

When you originally installed it, did the installation complete properly?

 

[Otávio Serra]

When you originally installed it, did the installation complete properly?

No apparent errors was show. mod_evasive is working too. I changed some times in EasyAPache 4 with mod_evasive and without mod_evasive and all works normally. The problem is only with permissions on log's folder of mod_evasive I think.

Do you think I need one support ticket or can I change the permissions of this folder to solve the problem? If I need to change permission, I need know what group and user and permission code to change it by myself

 

[Infopro]

Yes, please feel free to open a ticket to cPanel Technical Support about this. Thanks!

 

[Otávio Serra]

Here the total output of /scripts/restartsrv_apache

[[email protected] apache2]# /scripts/restartsrv_apache
Waiting for “httpd” to restart gracefully …waiting for “httpd” to initialize ………finished.

Service Status
        httpd (/usr/sbin/httpd -k start) is running as nobody with PID 9751 (systemd+/proc check method).
        httpd (/usr/sbin/httpd -k start) is running as nobody with PID 10332 (systemd+/proc check method).
        httpd (/usr/sbin/httpd -k start) is running as root with PID 20684 (systemd+/proc check method).
        httpd (/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.tld --suffix=-bytes_log) is running as root with PID 28436 (systemd+/proc check method).
        httpd (/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.tld --mainout=/etc/apache2/logs/access_log) is running as root with PID 28437 (systemd+/proc check method).

Startup Log
        Sep 24 14:49:55 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
        Sep 24 14:49:55 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
        Sep 24 14:49:56 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
        Sep 24 14:49:56 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
        Sep 24 15:02:56 server.tld mod_evasive[26733]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 15:02:56 server.tld mod_evasive[26733]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 15:02:56 server.tld mod_evasive[26984]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 17:33:42 server.tld mod_evasive[7823]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 17:33:42 server.tld mod_evasive[8437]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
        Sep 24 17:33:42 server.tld mod_evasive[7823]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied

Log Messages
        [Mon Sep 24 16:51:18.404731 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:43:32.976593 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:41:20.832258 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:36:18.426412 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:34:44.291316 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:34:33.236847 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:29:04.410000 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:28:53.523135 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:16:14.084655 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:07:33.999276 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:07:23.102997 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 16:07:02.730260 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 14:43:44.297225 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
        [Mon Sep 24 14:43:43.849362 2018] [:notice] [pid 20681] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.

httpd restarted successfully.
[[email protected] apache2]#

 

[Otávio Serra]

Yes, please feel free to open a ticket to cPanel Technical Support about this. Thanks!

Ok thanks,

I opened this ticket:
10364981

 

[cPanelLauren]

Hi @Otávio Serra

I checked in on this ticket and it appears the analyst found that the issue is related to mod_ruid2 and there is currently an open case on this behavior: CPANEL-19869 Updates to this case will be added to our changelogs when they're available. You can check them here: Change Logs - Change Logs - cPanel Documentation

Thanks!

 

[Nurs1927]

Hi @Otávio Serra

I checked in on this ticket and it appears the analyst found that the issue is related to mod_ruid2 and there is currently an open case on this behavior: CPANEL-19869 Updates to this case will be added to our changelogs when they're available. You can check them here: Change Logs - Change Logs - cPanel Documentation

Thanks!

Hello, I have this problem too, with this errors:

[Wed Oct 10 15:06:05.295265 2018] [:notice] [pid 10967] mod_ruid2/0.9.8 enabled
[Wed Oct 10 15:06:05.295919 2018] [mpm_prefork:notice] [pid 10967] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations

Is this issue solved?

 

[cPanelLauren]

Hello @Nurs1927

This issue is not resolved but will be added to our ChangeLogs when it is as indicated previously. Furthermore, we'll update this thread when it is resolved as of right now the case is not fixed and is still being monitored.

Right now the only workaround available is to change the permissions of /var/log/apache2/mod_evasive to 1777 or stop using the two in conjunction.

Thanks!

 

[rhm.geerts]

Is there any insight when this can be solved?
This is an issue since end september 2018 so (in a couple of days) already 7 months ago.

The funny thing is that a couple of logs did get written. But when looking at the httpd status we got the permission denied.
So at this moment we're using the temp workaround too, but it would be nice if this could really be fixed.

 

[cPanelLauren]

Hello @rhm.geerts

As of right now, the case is assigned to a team, the team has it on their backlog but it is not fixed and I do not have an ETA on when it will be resolved.

 

[Ronald070]

So… is it is solved? Or is there a solution available? Same problem here.

 

[cPanelLauren]

Hello,

Unfortunately this case was marked as "Won't Fix" due to security concerns with having to modify permissions. The issue being the resolution for this when using mod_ruid2 is to modify the permissions of /var/log/apache2/mod_evasive to 1777