The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security problems

Discussion in 'Security' started by gal3ler, Nov 8, 2005.

  1. gal3ler

    gal3ler Active Member

    Joined:
    Dec 7, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    It appears after something has been written to the audit_log when running
    10.8.1-R21 when you click on mod_security in WHM it shows up with the header
    saying mod_security and the page blank.

    http://bugzilla.cpanel.net/show_bug.cgi?id=3486
     
  2. bamasbest

    bamasbest Well-Known Member

    Joined:
    Jan 10, 2004
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    16
    Funny, no blank page for me 10.8.1-S23

    Is your mysql database "modsec" being updated hoursly by the modsec cron job?
     
  3. paint

    paint Well-Known Member

    Joined:
    Nov 10, 2002
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    Make sure you have this in your httpd.conf

    SecAuditEngine On
    SecAuditLog logs/audit_log

    This fixed the problem for me.
     
  4. paint

    paint Well-Known Member

    Joined:
    Nov 10, 2002
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    Also once you do that, you need to make a slight change.
    pico /etc/cron.hourly/modsecparse.pl
    go to the $dbpassword= line and get your password. Then,

    pico /usr/local/cpanel/whostmgr/docroot/cgi/addon_modsec.cgi
    and make sure that the password for $dbpassword=" matches. If not, change it and save the file. Then it should show up fine for you.
     
  5. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Not that the edit button works in Internet Explorer anyways if you do get it to show up you need to use FireFox :)
     
  6. kapOcha

    kapOcha Member

    Joined:
    Jan 13, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1

    Great! It worked for me.
    bye
     
  7. stugster

    stugster Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Edinburgh, UK
    cPanel Access Level:
    Root Administrator
    Sorry to exhume such an old thread, but since upgrading to mySQL 5, I have been having this issue with the hourly cron too.

    ----------

    /etc/cron.hourly/modsecparse.pl:

    DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19 Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.

    ----------


    Also, on top of this error, a few clients are complaining that Horde is now giving the error:

    "A fatal error has occured, could not connect to database for sql sessionhandler".


    mySQL however appears to be working and querying the database through PHP or directly is working fine.
     
  8. HostIt

    HostIt Well-Known Member

    Joined:
    Feb 22, 2003
    Messages:
    151
    Likes Received:
    1
    Trophy Points:
    18
    We're now experiencing the same problem here, across multiple servers. Every hour:

    Code:
    /etc/cron.hourly/modsecparse.pl:
    
    DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19
    Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.
    I've checked the two passwords as per the previous post by "paint" and they do appear to match in all cases. Also, as per paint's other post, the following lines are already included in httpd.conf by default via /usr/local/apache/conf/modsec.conf

    Code:
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    Any chance somebody might have found a fix for this?
     
  9. rsutc

    rsutc Well-Known Member

    Joined:
    Oct 8, 2002
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Following an upgrade to MySQL 5, I also have the same problem. I have checked the passwords match per the above and all is OK. I have looked at the template for modsec and find it contains
    <IfModule mod_security.c>
    SecFilterEngine On
    SecFilterCheckURLEncoding On
    SecFilterForceByteRange 0 255
    SecAuditEngine RelevantOnly
    SecAuditLog logs/audit_log
    SecFilterDebugLog logs/modsec_debug_log
    SecFilterDebugLevel 0
    SecFilterDefaultAction "deny,log,status:406"
    SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
    Include "/usr/local/apache/conf/modsec.user.conf"
    </IfModule>


    However, this material is NOT in the usr/local/apache/confhttp.conf file

    One possible way to proceed would be to use whm/plugins/Mod Security and turn it off then on again. However, that choice produces only a blank screen

    What has to be done?
     
  10. rsutc

    rsutc Well-Known Member

    Joined:
    Oct 8, 2002
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Maybe I could ask the question this way. What are the (paths to) scripts that shut down mod security and restart it?

    Rick
     
  11. jsnape

    jsnape Well-Known Member

    Joined:
    Mar 11, 2002
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    16
    For anyone reading this post - the same thing happened to me. Upgraded to Apache 2.2, and mod security was producing a blank screen.

    I fixed it by emptying the *huge* (1.9GB) modsec table in mysql and recompiled apache.
     
  12. wolfy

    wolfy Well-Known Member

    Joined:
    Jul 20, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Canada
    fyi. whm/plugins/Mod Security is now obsoliete.
    instalation of mod_security is now handled by easyapache3 :)
     
  13. FeeL

    FeeL Well-Known Member

    Joined:
    Apr 17, 2004
    Messages:
    135
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Rio de janeiro
    cPanel Access Level:
    Reseller Owner
    Upgrading mysql

    :rolleyes:

    I had the same error told by stugster.
    Should I disable the whm/plugins/Mod Security ?
    Whould it prevent the error of the cron?

    Thank you.
     
Loading...

Share This Page