Mod RUID 2 and ModSecurity

I'm a bit puzzled here... cPanelKurtN mentions that the mod_security incompatibility has case number 76493.

The changelog on EasyApache < AllDocumentation/ChangeLog < TWiki mentions case 76493 has been "implemented" in EasyApache 3.22.28

Does this mean that the compatibility issues has already (silently) been resolved in 3.22.28?

 

I have a new server build with Easy::Apache v3.24.11 on

CENTOS 6.5 x86_64 standard – rs11
WHM 11.40.1 (build 11)
Apache 2.4 with Ruid2 and mod_security

Just discovered that mod_security is still throwing these errors:

Audit log: Failed to lock global mutex: Permission denied

Is this a show stopper? Do I need to rebuild and remove mod_security? We assumed this was fixed because EasyApache no longer disabled mod_security when selecting Ruid2

 

Anithing new here ...It's strage how wheel of history is spinning...

several years ago my site ot my server was defaced cause of dso and old version of wordpress and i stop using it now dso (ruid2) become the most secure option for cPanel and it's steel blazing fast... if somebody told me a year ago I'll never believe it

pls cpanel released this mod security fix soon need to beta test

 

It was promised for a long time that EasyApache 3.24 would resolve the Ruid2 / mod_security issue. Sure enough, I built a new server that came with 3.24 and EA no longer unselected mod_security when you chose Ruid2 as it had in previous versions; and the on screen warning messages were gone. It does build Apache with both, but the mutex errors continue.

So, while as Kurt points out, the documentation still states that it is incompatible, the EA allows the conflict to be built unlike before. So, looks like there was a mistake and it was not fixed as promised. My system still shows 3.24 and allows mod_security and Ruid2 to be built together. Mistakes happen... I'm sure it will be fixed soon enough.

 

Hi everybody,

The EasyApache team is targeting early next week to release the compatibility fix for mod_ruid2 and mod_security that's being discussed in this thread. Should we not be able to release this bug fix I'll update this thread.

Thanks all for the discussion and questions!

 

Hello again,

The EasyApache team has released version 3.24.12 and with that the long rumored and discussed compatibility fix for mod_ruid2 and mod_security is now available. Please view the change log and let us know if there are any questions.

Thanks!

 

Still have the ModSecurity: Audit log: Failed to unlock global mutex: Permission denied if you set the logging to SecAuditLogType Concurrent you get permission denied to create logs

 

Just updated. Still getting this:

[Tue Mar 11 11:30:02 2014] [error] [client xxx.xxx.xxx.xxx] ModSecurity: collection_store: Failed to access DBM file "/tmp/ip": Permission denied [hostname "www.somewebsite.com"] [uri "/wp-login.php"] [unique_id "Ux86CmAeILYAACsfEsAAAAAO"]

Moving it out of tmp and into a strictly nobody owned directory has the same effect:

Failed to access DBM file "/var/asl/data/msa/ip": Permission denied

# stat /var/asl/data/msa
File: `/var/asl/data/msa'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 806h/2054d Inode: 523467 Links: 2
Access: (0777/drwxrwxrwx) Uid: ( 99/ nobody) Gid: ( 99/ nobody)

 

Working fine for me on several servers.

Steps I took

/scripts/upcp --force
/scripts/easyapache

WHM >> Mod Security >> Reset configuration to: Default Configuration >> Save
Added back custom rules.

No other custom changes to apache.

And it's working fine, no errors, no issues.

 

are you using the gotroot ruleset ??

 

No, just some custom rules from here and there.

 

Hello Kurt,

We are using CloudLinux with CageFS and have same problem:
Message: collection_store: Failed to access DBM file "/tmp/ip": Permission denied

how can I fix this issue?