Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED [EA-8506] ModSecurity 2.9.3 results in Apache service failures

Discussion in 'EasyApache' started by cPanelMichael, May 29, 2019.

  1. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Everyone,

    The following update to the ea-apache24-mod_security2 RPM was included as part of the initial May 29 EasyApache 4 Release:

    EA-8081 - Update Mod_security2 to 2.9.3

    Upon the publication of this update, we observed reports of Apache service failures stemming from ModSecurity segmentation faults. Here's an example of the log output observed in /var/log/messages on affected systems:

    Code:
    kernel: [123456.123456] httpd[12345]: segfault at 9 ip 0000000000000000 sp 0000000000000 error 4 in mod_security2.so
    We removed the updated ea-apache24-mod_security2 RPM from the EA4 update mirrors to prevent this from affecting additional servers, however it's possible the updated RPM was installed on your server if the update was performed in the first two hours after the initial publication.

    To see which ea-apache24-mod_security2 RPM version is installed on your server, execute the following command:

    Code:
    rpm -qa|grep ea-apache24-mod_security2
    If the name of the RPM seen in the output of this command starts with ea-apache24-mod_security2-2.9.2, no additional action is required.

    If the name of the RPM seen in the output of this command starts with ea-apache24-mod_security2-2.9.3, execute the following commands to downgrade it to the previous version:

    Code:
    yum clean all
    yum downgrade ea-apache24-mod_security2
    Let us know if you have any questions.

    Thank you.
     
    vacancy likes this.
  2. SJR

    SJR Member

    Joined:
    Jan 2, 2017
    Messages:
    24
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    USA
    cPanel Access Level:
    Website Owner
    Michael, thank you for update. My server received the update to 2.9.3 but I am 'not' experiencing any problems.

    1. Do you recommend I do the downgrade anyway?
    2. Do you have eta on when this update will be fixed and re-published?

    Thank you!
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @SJR,

    Good question! I recommend downgrading the RPM on production servers even if you don't observe any issues (it's no longer supported and is removed from our EA4 YUM repo). We are definitely planning to patch the RPM and publish it again, but I don't have a firm ETA to provide at this time. I'll update the following thread with more information as soon as it's available:

    In Progress - [EA-8081] ModSecurity v2.9.3 update

    Thank you.
     
  4. SJR

    SJR Member

    Joined:
    Jan 2, 2017
    Messages:
    24
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    USA
    cPanel Access Level:
    Website Owner
    For some reason I am not able to downgrade:

    I run:
    rpm -qa|grep ea-apache24-mod_security2
    I get:
    root [/]# rpm -qa|grep ea-apache24-mod_security2
    ea-apache24-mod_security2-2.9.3-1.1.1.cpanel.x86_64
    root [/]# _

    I run:
    yum clean all
    I get:
    root [/]# yum clean all
    Loaded plugins: fastestmirror, universal-hooks
    Cleaning repos: EA4 cpanel-addons-production-feed cpanel-plugins base extras
    : mysql-connectors-community mysql-tools-community
    : mysql57-community updates
    Other repos take up 1.0 M of disk space (use --verbose for details)
    root [/]# _

    I run:
    yum downgrade ea-apache24-mod_security2
    I get:
    root [/]# yum downgrade ea-apache24-mod_security2
    Loaded plugins: fastestmirror, universal-hooks
    Determining fastest mirrors
    * EA4: 208.43.108.66
    * cpanel-addons-production-feed: 208.43.108.66
    * cpanel-plugins: 208.43.108.66
    Resolving Dependencies
    --> Running transaction check
    ---> Package ea-apache24-mod_security2.x86_64 0:2.9.2-11.11.7.cpanel will be a downgrade
    ---> Package ea-apache24-mod_security2.x86_64 0:2.9.3-1.1.1.cpanel will be erased
    --> Finished Dependency Resolution

    Dependencies Resolved

    ================================================================================
    Package Arch Version Repository
    Size
    ================================================================================
    Downgrading:
    ea-apache24-mod_security2 x86_64 2.9.2-11.11.7.cpanel EA4 253 k

    Transaction Summary
    ================================================================================
    Downgrade 1 Package

    Total download size: 253 k

    And then the server seems to hang for a very long time...
    If I now run again:
    rpm -qa|grep ea-apache24-mod_security2
    I still get:
    root [/]# rpm -qa|grep ea-apache24-mod_security2
    ea-apache24-mod_security2-2.9.3-1.1.1.cpanel.x86_64
    root [/]# _

    If I run again:
    yum clean all
    I now get this message repeating over and over:
    Another app is currently holding the yum lock; waiting for it to exit...
    The other application is: yum
    Memory : 121 M RSS (491 MB VSZ)
    Started: Thu May 30 09:51:22 2019 - 08:15 ago
    State : Sleeping, pid: 22926

    Any suggestions with this?
    Thank you!
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @SJR,

    It looks like a YUM process is hanging on your server. You can identify the hanging process ID with the following command:

    Code:
    ps auxfww | grep yum
    Use the "kill -9 $PID" command to kill any YUM processes that are hanging, and then run "yum clean all" again to see if that helps.

    Thank you.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice