The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security + Mod_Ruid2 Fix

Discussion in 'Security' started by sonicthoughts, Jul 6, 2015.

  1. sonicthoughts

    sonicthoughts Well-Known Member

    Joined:
    Apr 4, 2011
    Messages:
    61
    Likes Received:
    3
    Trophy Points:
    8
    This has been reported numerous times but still no fix. Bottom line: can modruid2 + modsecurity + geoip coexist? If so, how.
     
  2. kiwidood

    kiwidood Registered

    Joined:
    Aug 12, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Hey there,

    I use CloudLinux (CageFS) + cPanel + Apache 2.4 + mod_ruid2 + Mod Security.

    I am setting up some simple rules to help with WordPress brute forcing and due to them using the DBM file there are permission issues (as mod_ruid2 changes the user/group, and those files are normally owned by "nobody.")

    In the various threads I have read/documentation it seems as though one should simply not use DBM rules when using mod_ruid2.

    However... This is easily fixed by setting the ip.dir, ip.pag, user.dir and user.pag files to permission 777 so that any user can read/write them.

    Are there any implications that I am not aware of for this "fix"?

    The cases I can see issues are:
    These files get overwritten/deleted at some point (though this could be fixed with a cron.)
    Security implications as anyone can read/write these files, however the web server (nobody user) has always been able to do that anyway I assume.

    Any information would be appreciated.

    Cheers!
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    It honestly shouldn't be that big of a deal to have those collections world writeable. If you're just using them for WP brute rules, they don't really store sensitive data, just some IP addresses, counter names, and expire values. If setting them to world writeable makes them work with RUID2 I'd personally take that over forfeiting the WP brute force rules or other rules that need collections data.
     
    kiwidood likes this.
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,694
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    kiwidood likes this.
  5. kiwidood

    kiwidood Registered

    Joined:
    Aug 12, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Thanks very much for both of your replies, I will go ahead and try out a few of the suggested options in the link provided above.
     
  6. GrandAdmiral

    GrandAdmiral Member

    Joined:
    May 21, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I used RUID2 since my early hosting days and added mod_security as soon as it was compatible but was never able to get the brute force rules to work reliably. In theory changing the permissions to 777 should work, in practice (for me anyway) it required constant monitoring to ensure the ownership/permissions remained correct and even then there were still regular issues. One of the best looking solutions I've seen talked about isolating the database per-user using CageFS, this avoids the conflict entirely but I don't know how easy it would be in practice.

    My advice, if you want a reliable high-performance setup with brute force protection, ditch RUID2 and deploy FCGI. For all the warnings I was able to get it up and running reliably within a few hours, far less time than I spent trying to fix RUID2.
     
Loading...

Share This Page