mod_security problem in most recent update

johnchan

Active Member
Jun 29, 2003
40
0
156
In the most recent update (rolled out today/yesterday) mod_security has stopped working properly:

=============================
/etc/cron.hourly/modsecparse.pl:

DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: NO) at /etc/cron.hourly/modsecparse.pl line 18
=============================

Every hour we're getting this now on 2 of our CPanel servers.

It was working smoothly before.

Anyone know about this or how to resolve this recent bug?
 

rpmws

Well-Known Member
Aug 14, 2001
1,787
9
318
back woods of NC, USA
I have it now on all my boxes. I also get tar errors on /scripts/cpbackup
 

henker

Well-Known Member
May 1, 2003
64
1
233
Poland
cPanel Access Level
Root Administrator
nickp666 said:
has anyone added it to bugzilla? if not I will
I must admit I haven't, but...
I uninstalled and reinstalled a couple of times via WHM until I noticed that the latest mod_security wasn't even in apache/libexec, so I had to manually apxs it and enable it manually in httpd.conf as cPanel set it up in the wrong order:


Include "/usr/local/apache/conf/modsec.conf"
AddModule mod_security.c

instead of
AddModule mod_security.c
Include "/usr/local/apache/conf/modsec.conf"

On another server, all instances of mod_security had a # at the beginning of the line,
so basically mod_security wasn't enabled at all...

Things like these should not go wrong.
 

chae

Well-Known Member
Apr 19, 2003
145
0
166
Auckland, New Zealand
rpmws said:
I have it now on all my boxes. I also get tar errors on /scripts/cpbackup
I uninstalled/reinstalled and pasted in my ruleset again and all is well.

Have also noticed several tar errors with my backups.
 

johnchan

Active Member
Jun 29, 2003
40
0
156
It seems like lots of people are having this problem.

How could this slip through into the RELEASE version? We're not running EDGE or CURRENT. :mad:
 

johnchan

Active Member
Jun 29, 2003
40
0
156
Uninstalling and reinstalling the module via the WHM interface solved this for us on our servers.
 

Izzee

Well-Known Member
Feb 6, 2004
469
0
166
henker said:
I must admit I haven't, but...
I uninstalled and reinstalled a couple of times via WHM until I noticed that the latest mod_security wasn't even in apache/libexec, so I had to manually apxs it and enable it manually in httpd.conf as cPanel set it up in the wrong order:


Include "/usr/local/apache/conf/modsec.conf"
AddModule mod_security.c

instead of
AddModule mod_security.c
Include "/usr/local/apache/conf/modsec.conf"

On another server, all instances of mod_security had a # at the beginning of the line,
so basically mod_security wasn't enabled at all...

Things like these should not go wrong.
I agree entirely. Same issues exactly. No mod_sec in apache/libexec and # at line beginning of AddModule mod_security.c and AddModule mod_security.so.
So no mod_security running. I wondered why nothing was appearing in the log files after repeated uninstall/reinstall from WHM.

Beta indeed! Poor excuse for messing with server security.

I uninstalled the cPanel Module as this can not be trusted any more and installed mod_security manually from this WemHostGear page with a few minor edits and httpd.conf tweak.

It is now fully functional and I can sleep much better now ;).

I also know that it will be updated correctly now and that it will not be broken by these consistently achy-breaky nightly nightmares.
:)
 

neonix

Well-Known Member
Oct 21, 2004
124
2
168
After the last update: within WHM, mod_scurity does not show IP Date Time for every action/message. How do I fix this?


IP Date Time Handler GET Host Mod_Security-Message
00:00:00 (null) / HTTP/1.1 www.xyz.com Access denied with code 406.

Mod_Security-Action
Pattern match "SurveyBot" at HEADER. 406

Thanks for your help!
 

asterisk

Well-Known Member
Nov 11, 2005
61
0
156
Has this bug been resolved? I got the exact same error messages but ever since I've upgraded it via WHM, I no longer get the error messages but just to be safe, am checking in with you guys. :)

PS The last version I'm at is 1.9.1-5.