The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EA4 and Mod Security

Discussion in 'EasyApache' started by rpvw, Oct 7, 2016.

Tags:
  1. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    118
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Sorry if I missed something about this - I have spent the morning checking mod-security (I can hear you groan from here !!) and it appears to be working in that:

    * I can trigger mod sec events, and they are correctly logged in the Apache error log and in the mod sec audit log
    * Triggered mod sec events seem to be correctly redirecting or denying access
    * LFD is reading the logs and correctly banning persistent offenders.


    What isn't working is the actual display of Home » Security Center »ModSecurity™ Tools » Hits List
    The last entry is just before I converted to EA4, and is reflected as the last entry in the database 'modsec', table' hits'
    I am guessing the Hits List display gathers it's data from the modsec database, but it would seem that the data isn't being written to the database any longer.

    * I do not run mod ruid or mpm itk in the EA4 config
    * Everything is completely up-to-date

    Have I missed something ?
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    118
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hmmmmmm .....how is it you all knew if you left me long enough I'd make it work ?

    The only worry is - I don't know why it started working.

    After doing absolutely everything I could think of to no avail, I resorted to a server reboot. Now there was nothing to indicate that a server reboot would achieve anything, everything seemed to be working except the mod sec display in WHM, I restarted every daemon I could, and cPanel itself, and the /usr/bin/needs-restarting script returned nothing but, nevertheless, the ModSecurity™ Tools » Hits List started working after the reboot.

    I really object, on principle, to having to resort to reboots to solve problems, I got rid of winblows on all my servers and desktops some 15 years ago, and I feel somewhat betrayed by having to resort to a reboot to fix anything.

    Nevertheless - it DID fix the issue (mutter, mutter, grumble) - so I guess the moral of this story is:
    "When all else fails - reboot and hope for the best" :eek:

    Now I have to go and worry why I needed to resort to a reboot and couldn't find the solution the penguin way :( (need emoji for 'I need a large scotch')
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I like it. I'll see what can be done. :rolleyes:

    Without knowing the exact chain of events you went thru, hard to say what was happening but a server reboot was absolutely not needed imo. It did restart all services though, including Apache.

    Happy to hear you got it going. It's Friday, cheers! Martini_Emoji.png
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    118
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    The Martini defiantly helped :-D

    That was what was so strange, prior to the reboot I had restarted every service I could; first using the WHM interface restart services, and then using the restartsrv_* scripts (and a couple that needed init.d calls) and nothing I found worked.

    I am sure I missed something - I just don't know what (hence the requirement for large amounts of alcohol :cool: )

    The important thing to take away from all of this is still that the conversion to EA4 worked beautifully and that the developers should all award themselves a pay rise o_O
     
    cPanelMichael likes this.
Loading...

Share This Page