The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Current mod_security with cPanel how to?

Discussion in 'Security' started by ne0shell, Jun 10, 2010.

  1. ne0shell

    ne0shell Well-Known Member

    Joined:
    Oct 9, 2003
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    Is there an up to date, current how to available somewhere for using mod_security with cPanel? All the one's I've found are a few years old and details things that don't seem to be there anymore (ability to install and enable it via the add-ons section for example).

    I managed to get it installed and I think I have some rules enabled but I'm not sure and I'm not receiving any alerts from it so far.
     
  2. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    Sorry if you are already aware... but life is a bit easier by installing ConfigServer ModSecurity Control

    I have been running it for a few months now, and it really takes a lot of the headache out of configuring it. A nice interface, and allows user level granularity for rule dropping.
     
  3. ne0shell

    ne0shell Well-Known Member

    Joined:
    Oct 9, 2003
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    Yes, I installed it but it doesn't help with actually installing mod_security. I simply checked the mod_security box in easyapache but I don't know if that's enough.

    I think I have it installed but I'm not seeing any log files or email notifications.

    From the configserver plugin, it appears to be installed and has a couple of the basic rules files enabled but I have a strong suspicion it's not completely installed and functioning despite appearing to be.

    Why was the cPanel addon for this removed?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Once you have compiled Easy Apache with modesecurity, in your WHM, at bottom of menu find the link to Mod Security and click. On the next page click Edit Config. Is that textarea blank/empty? If yes, Click the link for Default Configuration there, and then scroll down and save. This puts those rules into action.

    cPanel adds a cron called modsecparse to move the log but you can use CMC to disable that with a click using the button in CMC called Disable modsecparse.pl

    In doing so, the next time you visit WHM > Plugins > Mod Security you should see logs of hits agaist the rules. If there are any.

    CMC does not add any rules, it only gives you access to the rules you use and options for disabling or more precisely fine tuning them to your needs.

    If you want to check to make sure modsecurity has been installed properly, in your CMC page, find the area near bottom for editing the files. Click modsec2.conf to edit and open it up.

    You should find several items there, including this line:

    Include "/usr/local/apache/conf/modsec2.user.conf"

    That line, calls that Default Config we just enabled above earlier in my post.
     
  5. nxweb

    nxweb Active Member

    Joined:
    Oct 29, 2008
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
  6. ne0shell

    ne0shell Well-Known Member

    Joined:
    Oct 9, 2003
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    That's a lot closer to what I'm looking for but on restarting apache I get the following error:

    ModSecurity: Invalid argument separator: \xe2\x80\x9c&\xe2\x80\x9d

    (argument as listed is "&")

    Something weird on the webpage I guess, I re-typed it and it worked.
     
    #6 ne0shell, Jun 14, 2010
    Last edited: Jun 14, 2010
Loading...

Share This Page