The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EA4: mod_php (dso) / mod_security2 + mod_ruid2

Discussion in 'EasyApache' started by mhofer, Oct 28, 2015.

  1. mhofer

    mhofer Member

    Joined:
    May 10, 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    After trying out EasyApache 4 and its functionality, I have ran into the following issue:
    When enabling the DSO php handler, it is working but fails to load any module due to all modules being compiled as non-thread-safe, see the startup-errors below:
    Code:
    [27-Oct-2015 17:12:52 UTC] PHP Warning:  PHP Startup: bcmath: Unable to initialize module
    Module compiled with build ID=API20131226,NTS
    PHP    compiled with build ID=API20131226,TS
    These options need to match
    in Unknown on line 0
    [27-Oct-2015 17:12:52 UTC] PHP Warning:  PHP Startup: bz2: Unable to initialize module
    Module compiled with build ID=API20131226,NTS
    PHP    compiled with build ID=API20131226,TS
    These options need to match
    in Unknown on line 0
    
    this goes on and lists the same error for every php-module.

    In addition:
    - switching the PHP version which should be used with DSO does not work. I got it to work by manually changing the symlink of /etc/apache2/modules/libphp5.so and restarting apache.
    - I was able to enable the DSO handler even when using MPM event, as far as i know this should not be possible due to incompatibility.

    My questions are:
    1. Is there any way to enable mod_php (dso) with all available modules?
    2. Why is mod_security2 not compatible with mod_ruid2 or MPM ITK? Is there any way to get this to work? Or is it possible to use mod_php (running as the user) and mod_security2 in any other way?

    Thanks in advance for anyone being able to help me here.
     
  2. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    508
    Likes Received:
    64
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    We're having a bit of trouble with DSO at the moment due to the naming schema with Apache internals. We have an open case on this (EA-3711) and we're got this on our task board at the moment and are working on this.

    In regards to mod_security and ruid2/ITK, these are not compatible. ModSec generally works with these, however it cannot read nor write to the DBM files that are required for tracking. Due to this, we've added RPM conflicts until we have time to look into making this compatible.

    Let me know if this answers your questions. Also, Thanks for trying out EA4 and providing feedback!
     
  3. mhofer

    mhofer Member

    Joined:
    May 10, 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Jacob, this indeed answers all of my questions. Thank you very much.
     
  4. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    I noticed it to when messing with a DEV box
    we work around the "cannot read nor write to the DBM" with some custom scripts to clean up the DBM mess.

    I did not test ea4 extensively as it seems its not production ready is there a work around to install Modsecuity with Mod Ruid2
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There's no workaround at this time. Discussion about this topic is found at:

    Mod RUID 2 and ModSecurity

    Thank you.
     
  6. sonicthoughts

    sonicthoughts Well-Known Member

    Joined:
    Apr 4, 2011
    Messages:
    61
    Likes Received:
    3
    Trophy Points:
    8
    If modruid2 is not going to work, then please get ITK to work with EA3 + EA4 and latest apache 2.4.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Is mod_mpm_itk for Apache 2.4 not working with EasyApache 4 on your system?

    Thank you.
     
  8. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    At the risk of sounding rude, most rules don't use DBM files anyway. You still get the majority of protections from the major rule sets even without being able to use collections. Hopefully this is resolved quickly regardless :)
     
  9. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    508
    Likes Received:
    64
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hello,

    I wanted to let you know we've removed the conflict and adjusted configurations to get both RUID2 and ModSec2 working. This doesn't solve the DBM issues, but the conflict is gone. I'm syncing these packages to the mirrors now. In an hour or two yum update and you'll get the updates.

    Thanks!
     
Loading...

Share This Page