The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_Security to go from 2.1 to 2.5

Discussion in 'Security' started by DaveUsedToWorkHere, Jun 9, 2008.

  1. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    We will be upgrading to Mod_Securtiy 2.5 in the near future. This is a thread for questions, comments, feedback, concerns, etc.

    Upgrading from ModSecurity 2.1 to 2.5

    Using 2.1 Rules on 2.5

    So far it appears that 2.1 format rules work on 2.5. However, the ModSecurity team has made no official announcement of compatibility. You will need to verify that any custom rulesets work with 2.5 to ensure no interruption of service due to the upgrade. The rules included by cpanel for 2.1 will work on 2.5.

    ModSecurity 2.5 Rule Scripting - Lua

    ModSecurity version 2.5 adds support for rule scripting via lua. Lua is known to have difficulties building. Lua build failures will not cause an Apache build to halt but will provide errors in the build log upon build failure and lua support will not be enabled. If you wish to use lua in your custom ruleset, you should read carefully on the proper usage of lua and ensure that the lua build was a success.

    More information on ModSecurity 2.5 can be found here: http://www.modsecurity.org/blog/archives/2007/12/initial_release.html
     
    #1 DaveUsedToWorkHere, Jun 9, 2008
    Last edited by a moderator: Jun 9, 2008
  2. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    4
    Trophy Points:
    18
    #2 cPDan, Jun 9, 2008
    Last edited: Jun 9, 2008
  3. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    4
    Trophy Points:
    18
    Also, the way /usr/local/apache needs to be handled (IE wiped clean) for a build dictates that you should put the lua scripts your rules will use in /usr/local/apache/conf/ somewhere, say /usr/local/apache/conf/modsec_lua/

    that will keep the lua scripts available at any point an apache config test or restart happens, plus it organizes them in the same area as the mod sec configuration that reference them. This also facilitates Apache being able to read them on startup.

    Failure to do this could result in a spuriously failed build and/or a broken mod sec configuration.
     
    #3 cPDan, Jun 9, 2008
    Last edited: Jun 9, 2008
  4. 10101

    10101 Well-Known Member

    Joined:
    Sep 4, 2003
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    When you add Mod_security when compiling apache, does it add v2.5?
     
  5. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    4
    Trophy Points:
    18
    If you're doing apache 2.x yes.
     
  6. sebby

    sebby Well-Known Member

    Joined:
    Jun 15, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Since when? I have not seen that in any cpanel changelogs...
     
  7. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    4
    Trophy Points:
    18
    #7 cPDan, Jul 19, 2008
    Last edited: Jul 19, 2008
  8. sebby

    sebby Well-Known Member

    Joined:
    Jun 15, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Wow! Can't believe I missed that one! Will upgrade promptly.

    I know this has been discussed on multiple occasions on this forum but I have seen no final/complete solution. Can we rely on the default rule set provided by cPanel or should we immediately install the latest rule set from http://gotroot.com/ ? I have read the later would break cPanel upon installation and one would have to trim down the rules until everything gets back to normal... Looks like a lot of work to me.... Any suggestion for a brick wall rule set that would integrate seamlessly with cpanel?


    Thanks!
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Once you've upgraded and set the cPanel default ruleset to be used, open it from within WHM and copy/save to file. Then grab someone elses default ruleset and use a compare tool (like compareIT for windows) to see the differences. They are not much different only cPanel has stripped out several things to make it more compatable with cPanel servers.

    The cPanel default ruleset is a good place to start for sure. :)
     
  10. wemail

    wemail Well-Known Member

    Joined:
    Nov 28, 2006
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    GB
    cPanel Access Level:
    Root Administrator
    We had user complaints in May and June that Mod_Security (used since our new server was configured in March) was giving an Apache Error 406 - Not Acceptable - apparently because it considered that legitimate users were either "injecting commands" or engaging in "hacking" activities.

    This was found with browsers Lynx (any) [rule id "990011"], Opera (v8.65 mobile) [rule id "950006"] and Fresco (v2.13) [rule id "990011"]. I have more log details if anybody wants them.

    The Lynx problem was discussed in the WHM Forum some months ago, but there was no apparent conclusion.

    There was pressure from some users to water down the relevant rules to circumvent this, but I am now wondering whether this new Mod_Security version (2.5) may have addressed these problems, making further action pointless at the present time.

    TIA
     
    #10 wemail, Jul 24, 2008
    Last edited: Jul 24, 2008
  11. bls24

    bls24 Well-Known Member

    Joined:
    May 12, 2007
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    My version of mod security was installed outside of whm, will this still be upgraded on my system, or will I need to do a manual upgrade via ssh?
     
  12. wolfy

    wolfy Well-Known Member

    Joined:
    Jul 20, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Canada
    so am i to assume that this easyapache update is NOT dependant on the cpanel build? (stable,release,edge) I had asked cpanel support about this before and they told us it was not available in the stable build.
     
  13. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    4
    Trophy Points:
    18
    Correct

    Probably they meant at the time it was still in testing
     
Loading...

Share This Page