cxs ModSecurity Scanning (disabled)

[Federico Barcelo]

Hi People.

I was looking on my cPanel server, and I found that the modsec scanning was disabled, when I tried to enable the server, I received that message, but the service is not changing to enabled....

Any idea what is happening?

Regards

Federico.


[Removed - Included Real Domain Names]

 

[Federico Barcelo]

[2017-07-28 15:06:53 +0100] warn [modsec_vendor] The system failed to add the vendor from the URL “https://download.configserver.com/waf/meta_configserver.yaml”: You have already installed that vendor. at /scripts/modsec_vendor line 95.
    scripts::modsec_vendor::add("https://download.configserver.com/waf/meta_configserver.yaml") called at /scripts/modsec_vendor line 39
    scripts::modsec_vendor::run("add", "https://download.configserver.com/waf/meta_configserver.yaml") called at /scripts/modsec_vendor line 24
[2017-07-28 15:07:00 +0100] info [modsec_vendor] You have enabled the vendor “configserver”.
Waiting for “httpd” to restart gracefully …AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/conf/httpd.conf:21411
waiting for “httpd” to initialize ………finished.

Service Status
    httpd (/usr/sbin/httpd -k start) is running as root with PID 23664 (systemd check method).
    httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31490 (systemd check method).
    httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31530 (systemd check method).
    httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31566 (systemd check method).
    httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31598 (systemd check method).
    httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31652 (systemd check method).
    httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31744 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as iaadmin with PID 52127 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as wildgoose with PID 52140 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as wildgoose with PID 52165 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as muladmin with PID 52167 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as tourhnadmin with PID 52168 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as wildgoose with PID 52172 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as downcottage with PID 52202 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as diadmin with PID 52213 (systemd check method).
    httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as tourhnadmin with PID 52216 (systemd check method).

Startup Log
    Jul 27 19:43:02 en2.supercali.net systemd[1]: Starting Apache web server managed by cPanel EasyApache...
    Jul 27 19:43:03 en2.supercali.net restartsrv_httpd[23622]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/conf/httpd.conf:21567
    Jul 27 19:43:03 en2.supercali.net systemd[1]: PID file /run/apache2/httpd.pid not readable (yet?) after start.
    Jul 27 19:43:04 en2.supercali.net systemd[1]: Started Apache web server managed by cPanel EasyApache.

   

httpd restarted successfully.

 

[cPanelMichael]

[2017-07-28 15:06:53 +0100] warn [modsec_vendor] The system failed to add the vendor from the URL “https://download.configserver.com/waf/meta_configserver.yaml”: You have already installed that vendor. at /scripts/modsec_vendor line 95.

Hello,

I was able to successfully add that third-party ModSec vendor using the instructions on their website:

cPanel ModSecurity Vendor for cxs | ConfigServer Services Blog

Are you sure that vendor is not already enabled? Also, could you let us know the specific steps you are taking to reproduce that error message?

Thanks!