The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod RUID 2 and ModSecurity

Discussion in 'EasyApache' started by Solokron, Jan 18, 2014.

  1. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    Has anyone made any headway into the logging issue which occurs when RUID is in place?

    I have about 10% of the rules working properly. By properly, I mean they are detected AND logged properly which allows for ConfigServer Firewall to pick off the bad bots etc. This I suspect because it occurs before the PHP layer. What I do not have is brute force attacks to scripts such as WordPress and Joomla being blocked off because although picked up by ModSecuriy, it is unable to write to the log file because of RUIDs influence at the account level when PHP is involved and it's attempt to write back as the user.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    There are scheduled resolutions for Mod_Security and Mod_Ruid2 incompatibilities in EasyApache version 3.24. Here is a quote from one of our EasyApache team members on another thread:

    Thank you.
     
  3. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    Thank you Michael!!

    - - - Updated - - -

    That is exactly what I thought was going on contrary to popular consensus! Great news!
     
  4. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    Hello Michael,

    Any eta on that update? Thank you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There are no additional updates at this time. You can monitor the EasyApache change log for version 3.24:

    EasyApache Change Log

    Thank you.
     
  6. Ebridge

    Ebridge Member

    Joined:
    May 3, 2012
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I'm a bit puzzled here... cPanelKurtN mentions that the mod_security incompatibility has case number 76493.

    The changelog on EasyApache < AllDocumentation/ChangeLog < TWiki mentions case 76493 has been "implemented" in EasyApache 3.22.28

    Does this mean that the compatibility issues has already (silently) been resolved in 3.22.28?

     
    #6 Ebridge, Feb 15, 2014
    Last edited: Feb 15, 2014
  7. cPanelKurtN

    cPanelKurtN Well-Known Member
    Staff Member

    Joined:
    Jan 29, 2013
    Messages:
    95
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Thanks for incidentally spotting the incorrect case number in the ChangeLog. We will fix this. The case that SHOULD be here is, 85957.

    We have not released this fix yet because we found some issues during QA testing.
     
  8. vicos

    vicos Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    I have a new server build with Easy::Apache v3.24.11 on

    CENTOS 6.5 x86_64 standard – rs11
    WHM 11.40.1 (build 11)
    Apache 2.4 with Ruid2 and mod_security

    Just discovered that mod_security is still throwing these errors:

    Audit log: Failed to lock global mutex: Permission denied

    Is this a show stopper? Do I need to rebuild and remove mod_security? We assumed this was fixed because EasyApache no longer disabled mod_security when selecting Ruid2
     
  9. cPanelKurtN

    cPanelKurtN Well-Known Member
    Staff Member

    Joined:
    Jan 29, 2013
    Messages:
    95
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    If you want to continue using Mod Ruid2, then you should remove Mod Security from your Apache installation.

    It's documented in both the Mod Ruid2 and Mod Security documentation pages.
     
  10. coolice

    coolice Registered

    Joined:
    Mar 2, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Anithing new here ...It's strage how wheel of history is spinning...

    several years ago my site ot my server was defaced cause of dso and old version of wordpress and i stop using it :) now dso (ruid2) become the most secure option for cPanel and it's steel blazing fast... if somebody told me a year ago I'll never believe it

    pls cpanel released this mod security fix soon need to beta test
     
  11. vicos

    vicos Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    It was promised for a long time that EasyApache 3.24 would resolve the Ruid2 / mod_security issue. Sure enough, I built a new server that came with 3.24 and EA no longer unselected mod_security when you chose Ruid2 as it had in previous versions; and the on screen warning messages were gone. It does build Apache with both, but the mutex errors continue.

    So, while as Kurt points out, the documentation still states that it is incompatible, the EA allows the conflict to be built unlike before. So, looks like there was a mistake and it was not fixed as promised. My system still shows 3.24 and allows mod_security and Ruid2 to be built together. Mistakes happen... I'm sure it will be fixed soon enough.
     
    #11 vicos, Mar 2, 2014
    Last edited: Mar 2, 2014
  12. ScottTh

    ScottTh Well-Known Member

    Joined:
    Jan 28, 2013
    Messages:
    157
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hi everybody,

    The EasyApache team is targeting early next week to release the compatibility fix for mod_ruid2 and mod_security that's being discussed in this thread. Should we not be able to release this bug fix I'll update this thread.

    Thanks all for the discussion and questions!
     
  13. ScottTh

    ScottTh Well-Known Member

    Joined:
    Jan 28, 2013
    Messages:
    157
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hello again,

    The EasyApache team has released version 3.24.12 and with that the long rumored and discussed compatibility fix for mod_ruid2 and mod_security is now available. Please view the change log and let us know if there are any questions.

    Thanks!
     
  14. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Still have the ModSecurity: Audit log: Failed to unlock global mutex: Permission denied if you set the logging to SecAuditLogType Concurrent you get permission denied to create logs :(
     
  15. teeps

    teeps Registered

    Joined:
    Mar 11, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Just updated. Still getting this:

    [Tue Mar 11 11:30:02 2014] [error] [client xxx.xxx.xxx.xxx] ModSecurity: collection_store: Failed to access DBM file "/tmp/ip": Permission denied [hostname "www.somewebsite.com"] [uri "/wp-login.php"] [unique_id "Ux86CmAeILYAACsfEsAAAAAO"]

    Moving it out of tmp and into a strictly nobody owned directory has the same effect:

    Failed to access DBM file "/var/asl/data/msa/ip": Permission denied

    # stat /var/asl/data/msa
    File: `/var/asl/data/msa'
    Size: 4096 Blocks: 8 IO Block: 4096 directory
    Device: 806h/2054d Inode: 523467 Links: 2
    Access: (0777/drwxrwxrwx) Uid: ( 99/ nobody) Gid: ( 99/ nobody)
     
  16. Vinayak

    Vinayak Well-Known Member

    Joined:
    Jun 27, 2003
    Messages:
    267
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Bharat
    cPanel Access Level:
    Root Administrator
    Working fine for me on several servers.

    Steps I took

    /scripts/upcp --force
    /scripts/easyapache

    WHM >> Mod Security >> Reset configuration to: Default Configuration >> Save
    Added back custom rules.

    No other custom changes to apache.

    And it's working fine, no errors, no issues.
     
  17. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    are you using the gotroot ruleset ??
     
  18. Vinayak

    Vinayak Well-Known Member

    Joined:
    Jun 27, 2003
    Messages:
    267
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Bharat
    cPanel Access Level:
    Root Administrator
    No, just some custom rules from here and there.
     
  19. cPanelKurtN

    cPanelKurtN Well-Known Member
    Staff Member

    Joined:
    Jan 29, 2013
    Messages:
    95
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator

    Are you using CloudLinux with CageFS?
     
  20. colorcloud

    colorcloud Active Member

    Joined:
    Aug 14, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Hello Kurt,

    We are using CloudLinux with CageFS and have same problem:
    Message: collection_store: Failed to access DBM file "/tmp/ip": Permission denied

    how can I fix this issue?
     
Loading...

Share This Page