Apparently I'm receiving this error because mod_sec providers are not providing updates. Is there a solution to this? Can I safely ignore it?
What @quietFinn said - we'll need some more details, or you can also manually run the command to see if you get additional output.
COMODO ModSecurity Apache Rule Set and OWASP CRS v3.x for ModSec 2.9 (via pkg)
What are the commands for manual?
What are the commands for manual?
You'll want to run this command to get the vendor_id field for each provider:
That will give you output similar to this:
Then, take that vendor_id and run the update command and see if there is any helpful output. Here is an example:
Code:
/usr/local/cpanel/scripts/modsec_vendor list
Code:
[[email protected] ~]# /usr/local/cpanel/scripts/modsec_vendor list
[OWASP3] OWASP CRS v3.x for ModSec 2.9
configs (33)
cpanel_provided 1
description OWASP ModSecurity 2.9 Core Rule Set v3.3.4
enabled 1
in_use 33
installed 1
installed_from https://httpupdate.cpanel.net/fake-URL-to-show-vendor-correctly-with-pkg/with-pkgs-this-field-is-irrelevant/meta_OWASP3.yaml
is_pkg ea-modsec2-rules-owasp-crs
name OWASP CRS v3.x for ModSec 2.9
path /etc/apache2/conf.d/modsec_vendor_configs/OWASP3
supported_versions (0)
update 1
vendor_id OWASP3
vendor_url https://go.cpanel.net/modsecurityowasp
Code:
# /usr/local/cpanel/scripts/modsec_vendor update OWASP3
Dependencies resolved.
Nothing to do.
Complete!Thank you. Results below:
[[email protected] ~]# /usr/local/cpanel/scripts/modsec_vendor update OWASP3
No packages marked for update
[[email protected] ~]# /usr/local/cpanel/scripts/modsec_vendor update comodo_apache
warn [modsec_vendor] The system could not add the vendor: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.6”. The only versions of ModSecurity this rule set supports are “2.7.5”, “2.7.7”, “2.8.0”, “2.9.0”, “2.9.1”, “2.9.2”, and “2.9.3”.
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.6”. The only versions of ModSecurity this rule set supports are “2.7.5”, “2.7.7”, “2.8.0”, “2.9.0”, “2.9.1”, “2.9.2”, and “2.9.3”.
warn [modsec_vendor] The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.6”. The only versions of ModSecurity this rule set supports are “2.7.5”, “2.7.7”, “2.8.0”, “2.9.0”, “2.9.1”, “2.9.2”, and “2.9.3”.
[[email protected] ~]# /usr/local/cpanel/scripts/modsec_vendor update OWASP3
No packages marked for update
[[email protected] ~]# /usr/local/cpanel/scripts/modsec_vendor update comodo_apache
warn [modsec_vendor] The system could not add the vendor: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.6”. The only versions of ModSecurity this rule set supports are “2.7.5”, “2.7.7”, “2.8.0”, “2.9.0”, “2.9.1”, “2.9.2”, and “2.9.3”.
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.6”. The only versions of ModSecurity this rule set supports are “2.7.5”, “2.7.7”, “2.8.0”, “2.9.0”, “2.9.1”, “2.9.2”, and “2.9.3”.
warn [modsec_vendor] The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.6”. The only versions of ModSecurity this rule set supports are “2.7.5”, “2.7.7”, “2.8.0”, “2.9.0”, “2.9.1”, “2.9.2”, and “2.9.3”.
There you go - it seems like removing that vendor is the beset approach since they haven't applied an update in a while.
I see. But wouldn't disabling it affect security because although the server hasn't received updates, there are still threats out there which could still be caught nevertheless by keeping it enabled?
I suppose it's possible, but it would be even better to switch to a provider that offers support ad updates.
Comodo and on their website they say they have an updated rules set. They advertise on their website: "Modsecurity Rules - Free from Comodo. Sign up free." So I login in with my previous account credentials. They show - correctly - that my current rule set has expired. Great - glad ot know they are on top of that - but they don't offer any way to get the *new* rules set. At least I couldn't find it.
I must say it seems a bit misleading for cpanel to offer the toggle on/off feature in whm for mod_security without any notice for the COMODO ModSecurity Apache Rule Set as being outdated. And further, when I click on the link in that entry to https://waf.comodo.com/ it reports a bad getway.
cPanel has nothing to do with Comodo ModSecurity rules, but it allows you to install 3rd party rules.
cPanel provides OWASP ModSecurity rules.
cPanel provides OWASP ModSecurity rules.
Okay thanks for that. I guess what I'm asking is it redundant to have two rule sets - the OWASP's and Comodo? Are either one of them acting on different attack surfaces or are they both all about web interactions with the server, albeit with code that fills in where the other one lacks?
You can have more than one rule set installed, but as far as I know you must not have more than one enabled.
Comodo and OWASP ModSecurity rules & ModSecurity itself are doing the same job, as a Web Application Firewall.
Comodo and OWASP ModSecurity rules & ModSecurity itself are doing the same job, as a Web Application Firewall.
