I have a couple freshly installed cPanel servers on Alma8, pretty baseline only softaculous added. Completed the Security Advisor (enabled mod Ruid2, Jailshell, etc.) running Nginx front end cache, Apache and PHP-FPM.
OWASP CRS v3.x for ModSec 2.9 (via pkg) ruleset installed on both. No hits showing in ModSec tools. Actual ModSec logs in /var/logs/apache2 are there, and it "seems" to be working (saw a bunch of xmlrpc brute forcing driving up lavg, added custom rule and it went away fairly quickly.
One of the servers did have some Hits from a few days ago (I think before I had enabled Ruid2 -- so might be related to that would be my guess).
How do I fix this? I saw that there was a conditional rule for different log types in the /etc/ apache config directory so I'm assuming it's "supposed" to work?
Thanks in advance!
OWASP CRS v3.x for ModSec 2.9 (via pkg) ruleset installed on both. No hits showing in ModSec tools. Actual ModSec logs in /var/logs/apache2 are there, and it "seems" to be working (saw a bunch of xmlrpc brute forcing driving up lavg, added custom rule and it went away fairly quickly.
One of the servers did have some Hits from a few days ago (I think before I had enabled Ruid2 -- so might be related to that would be my guess).
How do I fix this? I saw that there was a conditional rule for different log types in the /etc/ apache config directory so I'm assuming it's "supposed" to work?
Thanks in advance!