The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

failed to lock global mutex

Discussion in 'Security' started by keat63, Jun 20, 2017.

Tags:
  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    875
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I've spent a good few hours trying to find an answer to this, but I'm struggling.

    Can anyone explain what this meas in apache logs.

    [Tue Jun 20 14:13:28.316922 2017] [:error] [pid 18909] [client xxx.xxx.xxx.xxx] ModSecurity: Audit log: Failed to lock global mutex: Invalid argument [hostname "mydomain.com"] [uri "/cgi-sys/ea-php56/index.php"] [unique_id "WUkfdwhdWs2BJ4nkeYY4RAAAAAE"]
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,029
    Likes Received:
    1,277
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    875
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    These are similar to the ones I found. Unfortunately, they all appear to be related to Ruid2, which I don't currently use.
    Also, they mention "Permission denied" whereas I'm seeing "Invalid Argument"
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,029
    Likes Received:
    1,277
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you using MPM ITK?

    Thank you.
     
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    875
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I'm not using that either, I'm using SUExec
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,029
    Likes Received:
    1,277
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look at the affected system.

    Thank you.
     
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    875
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Ticket 8634193
     
  8. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    875
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    support says:

    It appears that this is occurring when too many multiple entries are trying to be added to the modsec_audit log simultaneously and one cannot receive a file lock.

    This doesn't appear to be happening all the time. Based on what I see it's likely when a traffic spike happens.

    I checked the configuration in Home >> Security Center >>ModSecurity Configuration >> Configure Global Directives and it looks like you are logging all mod_security events to the Audit log.

    If you reduce the logging level you will likely see this error less ( if at all) since Apache won't be consistently writing to the mod_security audit log.

    Logging only noteworthy transactions would be the recommended setting in my opinion. You can always turn up the logging level later if you ever need it. In my experience the audit logs are only needed when troubleshooting an issue.
     
    cPanelMichael likes this.
Loading...

Share This Page