The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_sec / OWASP database config location

Discussion in 'Security' started by edigest, Aug 9, 2015.

  1. edigest

    edigest Active Member

    Joined:
    Nov 24, 2010
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    S. Pole
    cPanel Access Level:
    Root Administrator
    I installed the OWASP engine & rules in CPanel on a server with a remote MySQL server enabled. Mod_sec uses the remote server for its DB.

    I would like to use the local modsec DB. Can't find where CPanel hides the DB configuration for mod_sec.

    Where can I configure the db host for mod_sec and will that configuration survive upcp?
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I know this doesn't directly answer your question, but if you don't care about seeing hits in WHM (i.e. you can just look at the error_log or audit log) it's probably not a big deal.

    The ModSecurity module on it's own generally doesn't use a database (like MySQL). The "modsec" MySQL database on cPanel servers simply stores information about triggered rule events, which is just parsed from the Apache logs. It is not technically critical to the operation of ModSecurity itself.

    I do hope someone at cPanel can answer your actual question though. Looking through /scripts/setup_modsec_db and /usr/local/cpanel/bin/modsecpass I'm not seeing any clues jump out at me.
     
  3. edigest

    edigest Active Member

    Joined:
    Nov 24, 2010
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    S. Pole
    cPanel Access Level:
    Root Administrator
    You're quite correct that one of the main drivers for using the local server is to segregate data from different servers.

    Anybody from CPanel care to weigh in?
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Like I said I still hope cPanel weighs in for you, but what I'm saying is each individual server will still have its modsec log info for itself regardless (unless you have a crazy syslog setup or something). Literally the only purpose of the modsec DB is to view the hits in WHM.
     
  5. edigest

    edigest Active Member

    Joined:
    Nov 24, 2010
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    S. Pole
    cPanel Access Level:
    Root Administrator
    I'm well aware of that but it is not relevant to why I want to use the local server database.

    Since this may have gotten lost in off-topic responses, I'll repost in case anybody from CPanel reads this:

    I would like to configure a specific host before installing OWASP mod_sec in WHM. Where can I find the configuration file?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    There are no native features that will allow you to enable or disable the use of a remote MySQL server on a per-database basis. I suggest opening a feature request for this via:

    Submit A Feature Request

    Thank you.
     
Loading...

Share This Page