Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Progress [CPANEL-19869] Apache mod_evasive permissions

Discussion in 'General Discussion' started by Otávio Serra, Sep 24, 2018.

  1. Otávio Serra

    Otávio Serra Active Member

    Joined:
    Apr 27, 2015
    Messages:
    33
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hi,

    I have enabled mod_evasive in EasyApache 4 and Apache 2.4 and etc. But when I try to restart Apache via command line it throws a lot of permission's denied errors messages like:

    [root@server apache2]# /scripts/restartsrv_apache
    ...
    Sep 24 12:09:04 server.tld mod_evasive[7963]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-xxx.xxx.xxx.xxx: Permission denied
    ...
    [root@server apache2]#

    So I went to specific folder and it appear to have the correct permissions or I'm wrong?

    [root@server apache2]# pwd
    /var/log/apache2
    [root@server apache2]# ls -la
    ...
    drwxrwx---. 2 root nobody 6 Sep 24 12:06 mod_evasive
    ...
    [root@server apache2]#
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Otávio Serra

    Otávio Serra Active Member

    Joined:
    Apr 27, 2015
    Messages:
    33
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    No, because mod_evasive is on EasyApache 4. Look...

    Capturar.PNG

    I didn't install this mod by myself. It's on WHM default EasyApache 4 settings.

    The problem is a misconfiguration on permissions of mod_evasive's log folder. So, I want to know what permission I need to change for it works correctly.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When you originally installed it, did the installation complete properly?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Otávio Serra

    Otávio Serra Active Member

    Joined:
    Apr 27, 2015
    Messages:
    33
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    No apparent errors was show. mod_evasive is working too. I changed some times in EasyAPache 4 with mod_evasive and without mod_evasive and all works normally. The problem is only with permissions on log's folder of mod_evasive I think.

    Do you think I need one support ticket or can I change the permissions of this folder to solve the problem? If I need to change permission, I need know what group and user and permission code to change it by myself
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, please feel free to open a ticket to cPanel Technical Support about this. Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Otávio Serra

    Otávio Serra Active Member

    Joined:
    Apr 27, 2015
    Messages:
    33
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Here the total output of /scripts/restartsrv_apache

    Code:
    [root@server apache2]# /scripts/restartsrv_apache
    Waiting for “httpd” to restart gracefully …waiting for “httpd” to initialize ………finished.
    
    Service Status
            httpd (/usr/sbin/httpd -k start) is running as nobody with PID 9751 (systemd+/proc check method).
            httpd (/usr/sbin/httpd -k start) is running as nobody with PID 10332 (systemd+/proc check method).
            httpd (/usr/sbin/httpd -k start) is running as root with PID 20684 (systemd+/proc check method).
            httpd (/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.tld --suffix=-bytes_log) is running as root with PID 28436 (systemd+/proc check method).
            httpd (/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.tld --mainout=/etc/apache2/logs/access_log) is running as root with PID 28437 (systemd+/proc check method).
    
    Startup Log
            Sep 24 14:49:55 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
            Sep 24 14:49:55 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
            Sep 24 14:49:56 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
            Sep 24 14:49:56 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied
            Sep 24 15:02:56 server.tld mod_evasive[26733]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
            Sep 24 15:02:56 server.tld mod_evasive[26733]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
            Sep 24 15:02:56 server.tld mod_evasive[26984]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
            Sep 24 17:33:42 server.tld mod_evasive[7823]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
            Sep 24 17:33:42 server.tld mod_evasive[8437]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
            Sep 24 17:33:42 server.tld mod_evasive[7823]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied
    
    Log Messages
            [Mon Sep 24 16:51:18.404731 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:43:32.976593 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:41:20.832258 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:36:18.426412 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:34:44.291316 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:34:33.236847 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:29:04.410000 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:28:53.523135 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:16:14.084655 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:07:33.999276 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:07:23.102997 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 16:07:02.730260 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 14:43:44.297225 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
            [Mon Sep 24 14:43:43.849362 2018] [:notice] [pid 20681] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
    
    httpd restarted successfully.
    [root@server apache2]#
    
     
    #7 Otávio Serra, Sep 24, 2018
    Last edited: Sep 24, 2018
  8. Otávio Serra

    Otávio Serra Active Member

    Joined:
    Apr 27, 2015
    Messages:
    33
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Ok thanks,

    I opened this ticket:
    10364981
     
    Infopro likes this.
  9. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Otávio Serra

    I checked in on this ticket and it appears the analyst found that the issue is related to mod_ruid2 and there is currently an open case on this behavior: CPANEL-19869 Updates to this case will be added to our changelogs when they're available. You can check them here: Change Logs - Change Logs - cPanel Documentation

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Nurs1927

    Nurs1927 Well-Known Member

    Joined:
    Nov 22, 2015
    Messages:
    79
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hello, I have this problem too, with this errors:
    Code:
    [Wed Oct 10 15:06:05.295265 2018] [:notice] [pid 10967] mod_ruid2/0.9.8 enabled
    [Wed Oct 10 15:06:05.295919 2018] [mpm_prefork:notice] [pid 10967] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations
    Is this issue solved?
     
  11. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @Nurs1927

    This issue is not resolved but will be added to our ChangeLogs when it is as indicated previously. Furthermore, we'll update this thread when it is resolved as of right now the case is not fixed and is still being monitored.

    Right now the only workaround available is to change the permissions of /var/log/apache2/mod_evasive to 1777 or stop using the two in conjunction.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Nurs1927 likes this.
  12. rhm.geerts

    rhm.geerts Well-Known Member

    Joined:
    Jul 29, 2008
    Messages:
    99
    Likes Received:
    8
    Trophy Points:
    58
    Location:
    Maastricht
    cPanel Access Level:
    Root Administrator
    Is there any insight when this can be solved?
    This is an issue since end september 2018 so (in a couple of days) already 7 months ago.

    The funny thing is that a couple of logs did get written. But when looking at the httpd status we got the permission denied.
    So at this moment we're using the temp workaround too, but it would be nice if this could really be fixed.
     
  13. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @rhm.geerts

    As of right now, the case is assigned to a team, the team has it on their backlog but it is not fixed and I do not have an ETA on when it will be resolved.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice