Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_Security DBM Question in 2018

Discussion in 'Security' started by feldon27, Feb 5, 2018.

Tags:
  1. feldon27

    feldon27 Well-Known Member

    Joined:
    Mar 12, 2003
    Messages:
    118
    Likes Received:
    12
    Trophy Points:
    168
    Location:
    Houston, TX
    I'm forced to create a new thread because this forum disallows replying to threads after 1 year (what a strange rule!).

    This problem still exists after many years:

    Change secdatadir
    Mod_Security DBM Question
    ModSecurity: Rule processing failed.
    cPanel confirmed - Modsecurity incompatibility with Mod_ruid2 · Issue #1334 · SpiderLabs/ModSecurity · GitHub
    ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied
    Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied - ConfigServer Community Forum
    Apache with modsec "collections_remove_stale: Failed to access DBM file"
    Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied - ConfigServer Community Forum


    I found a possible fix:
    Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied | {0,1,2,3,4}

    I tried applying the change to /etc/apache2/conf.d/modsec/modsec2.user.conf

    but apparently that file cannot override directives in /etc/apache2/conf.d/modsec/modsec2.cpanel.conf


    I applied the change directly to modsec2.cpanel.conf and mercy be, the messages have stopped!! Too bad they'll start again when cPanel rewrites this file. :( I weep for the future of my SSD drive as thousands of these messages are logged.
     
  2. Bulent Tekcan

    Bulent Tekcan Well-Known Member

    Joined:
    May 11, 2004
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    166
    Hello,

    This problem is gone, I think I found a solution like this way

    1- Edit modsec/modsec2.cpanel.conf and put SecDataDir "/var/log/secdatadir" than save and exit
    2- Make this step with SSH root access

    cp -R /var/cpanel/secdatadir /var/log/
    chmod 1733 /var/log/secdatadir
    chown -R nobody:nobody /var/log/secdatadir
    chmod ugo+rw /var/log/secdatadir/ip.*
    chmod ugo+rw /var/log/secdatadir/user.*
    chmod ugo+rw /var/log/secdatadir/global.*

    And restart https deamon. Finaly my "ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied" problem is gone

    I hope other users happy for this solutions :)
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,763
    Likes Received:
    1,710
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I believe the workaround you are looking for is discussed on the following thread:

    ModSecurity - SecDataDir

    You should be able to simply define the custom path for the "SecGeoLookupDb" directive via the following option:

    "WHM Home » Security Center » ModSecurity™ Configuration » Configure Global Directives"

    Let us know if that helps.

    Thank you.
     
  4. linuxman1

    linuxman1 Member

    Joined:
    Aug 25, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    I read on a post that this solution is temporarily, as Cpanel when it runs cpup it will overwrite this change!
     
  5. linuxman1

    linuxman1 Member

    Joined:
    Aug 25, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    This workaround didn't work on my server, still have the same errors on logs, what worked only is chmod 777 the whole secdatadir directory and not only ip.* files!
    I read before at Cpanel forums that this issue should be solved when mod security version 3 is available, and as I checked online recently it's finally available, when Cpanel will use it instead of version 2.9 which is currently used by Cpanel?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,763
    Likes Received:
    1,710
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There's currently no time frame on it's inclusion with cPanel & WHM, but I encourage you to vote and add feedback to the existing feature request at:

    ModSecurity V.3 Support

    We'll update the feature request with more information on the status of it's inclusion with cPanel & WHM as it becomes available.

    Thank you.
     
Loading...

Share This Page