In Progress [CPANEL-27532] /scripts/modsec_vendor update failed

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
Hi guys,

Thanks in part to your findings with this we have an internal case open for this CPANEL-27532 - ModSecurity rule download logic needs to support fallbacks to default rulesets and we'll also be updating documentation. Right now the workaround for this is as you found - switch to OWASP3 but we're working on a fix for this and we'll update here when the issue is resolved.

Thanks!
 

kamaok

Registered
Jun 8, 2019
3
0
1
Ukraine
cPanel Access Level
Root Administrator
Could you please provide the steps to do this, thanks.
1.Disable OWASP ModSecurity Core Rule Set and Install OWASP ModSecurity Core Rule Set v3.0


WHM->Security Center->Modsecurity Vendors->

OWASP ModSecurity Core Rule Set – Disable

OWASP ModSecurity Core Rule Set v3.0 – Install



2.Enable rule set for OWASP ModSecurity Core Rule Set v3.0

WHM->Security Center->Modsecurity Vendors->

OWASP ModSecurity Core Rule Set v3.0 -> Edit->Enable all(rules)


3. Enable OWASP ModSecurity Core Rule Set v3.0 and enable update fot this modsec vendor


WHM->Security Center->Modsecurity Vendors->

OWASP ModSecurity Core Rule Set v3.0 –Enable-On, Updates-On


4.Check you current status modsec vendors

It may something like it

# /scripts/modsec_vendor list

[OWASP] OWASP ModSecurity Core Rule Set

…..

enabled 0

…..




[OWASP3] OWASP ModSecurity Core Rule Set V3.0

…….

enabled 1

…..



Then you can delete [OWASP] OWASP ModSecurity Core Rule Set

After try to update rule set for [OWASP3] OWASP ModSecurity Core Rule Set V3.0

via command

# /usr/local/cpanel/scripts/modsec_vendor update --auto
 

jndawson

Well-Known Member
Aug 27, 2014
303
32
78
Western US
cPanel Access Level
DataCenter Provider
I'm the OP and we updated our OWASP rule sets to 3.0 over a year ago, so updating is not an option. On the other hand, we haven't gotten the error in quite some time, so whatever was causing it, it's been corrected somehow. Maybe.
 

Cloud9

Well-Known Member
Sep 17, 2012
60
1
58
UK
cPanel Access Level
Root Administrator
I think this may be similar to above problems, just started getting this error regarding modes and Comodo ruleset

[2021-04-17 03:00:22 +0100] - Processing command `/usr/l[/usr/local/cpanel/scripts/modsec_vendor] The system failed to update the vendor from the URL “Free ModSecurity Rules from Comodo: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.3”. The only versions of ModSecurity this rule set supports are “”.
[2021-04-17 03:00:27 +0100] E [/usr/local/cpanel/scripts/modsec_vendor] The “/usr/local/cpanel/scripts/modsec_vendor update --auto” command (process 2164) reported error number 1 when it ended.
[2021-04-17 03:00:27 +0100] The Administrator will be notified to review this output when this script completes
[2021-04-17 03:00:27 +0100] - Finished command `/usr/local/cpanel/scripts/modsec_vendor update --auto` in 4.658 seconds
[2021-04-17 03:00:27 +0100] 95% complete
 

fuzzylogic

Well-Known Member
Nov 8, 2014
154
93
78
cPanel Access Level
Root Administrator
@Cloud9
During the 3 days you had problems the uri...
waf.comodo.com/doc/meta_comodo_litespeed.yaml
and
waf.comodo.com/doc/meta_comodo_apache.yaml
have been redirecting to...
waf.comodo.com/user
This caused the issue you were seeing.

The 2 .yaml files are now publicly accessible again, so this issue show be resolved if you try to update the rules again.