rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
Sorry if I missed something about this - I have spent the morning checking mod-security (I can hear you groan from here !!) and it appears to be working in that:

* I can trigger mod sec events, and they are correctly logged in the Apache error log and in the mod sec audit log
* Triggered mod sec events seem to be correctly redirecting or denying access
* LFD is reading the logs and correctly banning persistent offenders.


What isn't working is the actual display of Home » Security Center »ModSecurity™ Tools » Hits List
The last entry is just before I converted to EA4, and is reflected as the last entry in the database 'modsec', table' hits'
I am guessing the Hits List display gathers it's data from the modsec database, but it would seem that the data isn't being written to the database any longer.

* I do not run mod ruid or mpm itk in the EA4 config
* Everything is completely up-to-date

Have I missed something ?
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
Hmmmmmm .....how is it you all knew if you left me long enough I'd make it work ?

The only worry is - I don't know why it started working.

After doing absolutely everything I could think of to no avail, I resorted to a server reboot. Now there was nothing to indicate that a server reboot would achieve anything, everything seemed to be working except the mod sec display in WHM, I restarted every daemon I could, and cPanel itself, and the /usr/bin/needs-restarting script returned nothing but, nevertheless, the ModSecurity™ Tools » Hits List started working after the reboot.

I really object, on principle, to having to resort to reboots to solve problems, I got rid of winblows on all my servers and desktops some 15 years ago, and I feel somewhat betrayed by having to resort to a reboot to fix anything.

Nevertheless - it DID fix the issue (mutter, mutter, grumble) - so I guess the moral of this story is:
"When all else fails - reboot and hope for the best" :eek:

Now I have to go and worry why I needed to resort to a reboot and couldn't find the solution the penguin way :( (need emoji for 'I need a large scotch')
 

Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
(need emoji for 'I need a large scotch')
I like it. I'll see what can be done. :rolleyes:

Without knowing the exact chain of events you went thru, hard to say what was happening but a server reboot was absolutely not needed imo. It did restart all services though, including Apache.

Happy to hear you got it going. It's Friday, cheers! Martini_Emoji.png
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
The Martini defiantly helped :-D

That was what was so strange, prior to the reboot I had restarted every service I could; first using the WHM interface restart services, and then using the restartsrv_* scripts (and a couple that needed init.d calls) and nothing I found worked.

I am sure I missed something - I just don't know what (hence the requirement for large amounts of alcohol :cool: )

The important thing to take away from all of this is still that the conversion to EA4 worked beautifully and that the developers should all award themselves a pay rise o_O
 
  • Like
Reactions: cPanelMichael