Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_Security DBM Question in 2018

Discussion in 'Security' started by feldon27, Feb 5, 2018.

Tags:
  1. feldon27

    feldon27 Well-Known Member

    Joined:
    Mar 12, 2003
    Messages:
    115
    Likes Received:
    11
    Trophy Points:
    168
    Location:
    Houston, TX
    I'm forced to create a new thread because this forum disallows replying to threads after 1 year (what a strange rule!).

    This problem still exists after many years:

    Change secdatadir
    Mod_Security DBM Question
    ModSecurity: Rule processing failed.
    cPanel confirmed - Modsecurity incompatibility with Mod_ruid2 · Issue #1334 · SpiderLabs/ModSecurity · GitHub
    ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied
    Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied - ConfigServer Community Forum
    Apache with modsec "collections_remove_stale: Failed to access DBM file"
    Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied - ConfigServer Community Forum


    I found a possible fix:
    Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied | {0,1,2,3,4}

    I tried applying the change to /etc/apache2/conf.d/modsec/modsec2.user.conf

    but apparently that file cannot override directives in /etc/apache2/conf.d/modsec/modsec2.cpanel.conf


    I applied the change directly to modsec2.cpanel.conf and mercy be, the messages have stopped!! Too bad they'll start again when cPanel rewrites this file. :( I weep for the future of my SSD drive as thousands of these messages are logged.
     
  2. Bulent Tekcan

    Bulent Tekcan Well-Known Member

    Joined:
    May 11, 2004
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    166
    Hello,

    This problem is gone, I think I found a solution like this way

    1- Edit modsec/modsec2.cpanel.conf and put SecDataDir "/var/log/secdatadir" than save and exit
    2- Make this step with SSH root access

    cp -R /var/cpanel/secdatadir /var/log/
    chmod 1733 /var/log/secdatadir
    chown -R nobody:nobody /var/log/secdatadir
    chmod ugo+rw /var/log/secdatadir/ip.*
    chmod ugo+rw /var/log/secdatadir/user.*
    chmod ugo+rw /var/log/secdatadir/global.*

    And restart https deamon. Finaly my "ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied" problem is gone

    I hope other users happy for this solutions :)
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,437
    Likes Received:
    1,608
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I believe the workaround you are looking for is discussed on the following thread:

    ModSecurity - SecDataDir

    You should be able to simply define the custom path for the "SecGeoLookupDb" directive via the following option:

    "WHM Home » Security Center » ModSecurity™ Configuration » Configure Global Directives"

    Let us know if that helps.

    Thank you.
     
Loading...

Share This Page