mod_security problems

[gal3ler]

It appears after something has been written to the audit_log when running
10.8.1-R21 when you click on mod_security in WHM it shows up with the header
saying mod_security and the page blank.

http://bugzilla.cpanel.net/show_bug.cgi?id=3486

 

[bamasbest]

Funny, no blank page for me 10.8.1-S23

Is your mysql database "modsec" being updated hoursly by the modsec cron job?

 

[paint]

Make sure you have this in your httpd.conf

SecAuditEngine On
SecAuditLog logs/audit_log

This fixed the problem for me.

 

[paint]

Also once you do that, you need to make a slight change.
pico /etc/cron.hourly/modsecparse.pl
go to the $dbpassword= line and get your password. Then,

pico /usr/local/cpanel/whostmgr/docroot/cgi/addon_modsec.cgi
and make sure that the password for $dbpassword=" matches. If not, change it and save the file. Then it should show up fine for you.

 

[myusername]

Not that the edit button works in Internet Explorer anyways if you do get it to show up you need to use FireFox

 

[kapOcha]

Also once you do that, you need to make a slight change.
pico /etc/cron.hourly/modsecparse.pl
go to the $dbpassword= line and get your password. Then,

pico /usr/local/cpanel/whostmgr/docroot/cgi/addon_modsec.cgi
and make sure that the password for $dbpassword=" matches. If not, change it and save the file. Then it should show up fine for you.

Great! It worked for me.
bye

 

[stugster]

Sorry to exhume such an old thread, but since upgrading to mySQL 5, I have been having this issue with the hourly cron too.

----------

/etc/cron.hourly/modsecparse.pl:

DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19 Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.

----------


Also, on top of this error, a few clients are complaining that Horde is now giving the error:

"A fatal error has occured, could not connect to database for sql sessionhandler".


mySQL however appears to be working and querying the database through PHP or directly is working fine.

 

[HostIt]

We're now experiencing the same problem here, across multiple servers. Every hour:

/etc/cron.hourly/modsecparse.pl:

DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19
Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.

I've checked the two passwords as per the previous post by "paint" and they do appear to match in all cases. Also, as per paint's other post, the following lines are already included in httpd.conf by default via /usr/local/apache/conf/modsec.conf

SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

Any chance somebody might have found a fix for this?

 

[rsutc]

Following an upgrade to MySQL 5, I also have the same problem. I have checked the passwords match per the above and all is OK. I have looked at the template for modsec and find it contains
<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:406"
SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
Include "/usr/local/apache/conf/modsec.user.conf"
</IfModule>


However, this material is NOT in the usr/local/apache/confhttp.conf file

One possible way to proceed would be to use whm/plugins/Mod Security and turn it off then on again. However, that choice produces only a blank screen

What has to be done?

 

[rsutc]

Maybe I could ask the question this way. What are the (paths to) scripts that shut down mod security and restart it?

Rick

 

[jsnape]

Following an upgrade to MySQL 5, I also have the same problem. I have checked the passwords match per the above and all is OK. I have looked at the template for modsec and find it contains
<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:406"
SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
Include "/usr/local/apache/conf/modsec.user.conf"
</IfModule>


However, this material is NOT in the usr/local/apache/confhttp.conf file

One possible way to proceed would be to use whm/plugins/Mod Security and turn it off then on again. However, that choice produces only a blank screen

What has to be done?

For anyone reading this post - the same thing happened to me. Upgraded to Apache 2.2, and mod security was producing a blank screen.

I fixed it by emptying the *huge* (1.9GB) modsec table in mysql and recompiled apache.

 

[wolfy]

fyi. whm/plugins/Mod Security is now obsoliete.
instalation of mod_security is now handled by easyapache3

 

[FeeL]

Upgrading mysql



I had the same error told by stugster.
Should I disable the whm/plugins/Mod Security ?
Whould it prevent the error of the cron?

Thank you.