modsec_vendor update error

[verdon]

Hi,

I am getting an error in my panel update logs

"[2019-01-11 09:07:04 -0500] E [/usr/local/cpanel/scripts/modsec_vendor] The “/usr/local/cpanel/scripts/modsec_vendor update --auto” command (process 113123) reported error number 1 when it ended."

When I run '/usr/local/cpanel/scripts/modsec_vendor update --auto' manually, I get the following and can see the error is getting the Comodo yaml file

# /usr/local/cpanel/scripts/modsec_vendor update --auto
info [modsec_vendor] Updates are in progress for all of the installed ModSecurity vendors with automatic updates enabled.
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
info [modsec_vendor] The vendor “configserver” is already up to date.
warn [modsec_vendor] The system could not add the vendor: The system could not download the file “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: curl: (7) couldn't connect to host


info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: The system could not download the file “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: curl: (7) couldn't connect to host

Is anybody else seeing this? I am getting it on two servers.

 

[rpvw]

I gave up on the Comodo rules.

Every time I tried to get the waf.comodo.com URL in a browser, it errors out with a temporarily unavailable or too busy message - I wonder if this has anything to do with the purchase of Comodo by Sectigo

 

[verdon]

I gave up on the Comodo rules.

Every time I tried to get the waf.comodo.com URL in a browser, it errors out with a temporarily unavailable or too busy message - I wonder if this has anything to do with the purchase of Comodo by Sectigo

That's too bad. I had so many problems with the OWASP rules and the Comodo set has been mostly OK... been using them for years.

 

[rpvw]

Don't be surprised if it doesn't resurface as a paid only service - with all the corporate takeovers going on, the boards of directors will only have one thing on their minds - how to make larger dividends for their shareholders !

 

[verdon]

The Comodo site is a mess. I've been bounced through 3 different support departments now, broken links all over the place, everywhere is a come-on to sell services... looking like I'll have to go back to OWASP

 

[cPanelLauren]

Hello @verdon

This is unfortuntely an issue with https://waf.comodo.com - we've had a few reports of this internally as well. The site has to be reachable in order to get the yaml file. Right now it looks like the site is not resolving at all:

# curl -vv https://waf.comodo.com
* About to connect() to waf.comodo.com port 443 (#0)
*   Trying 178.255.86.135...
* No route to host
* Failed connect to waf.comodo.com:443; No route to host
* Closing connection 0
curl: (7) Failed connect to waf.comodo.com:443; No route to host

If you're unable to get assistance you might disable it and try again in a couple of days, I'm assuming they're aware of the issue at this point.

 

[verdon]

Thanks @cPanelLauren ,

That's the conclusion I was coming to as well. Their site(s) are a real mess right now, and the couple of support areas I was shuttled around to didn't seem to be aware of what they were trying to support. I suppose for a few days it's just noise in my logs. I hope it gets sorted out soon. I do mostly like the Comodo rules, but it may be time to look elsewhere.

 

[cPanelLauren]

Thanks @cPanelLauren ,

That's the conclusion I was coming to as well. Their site(s) are a real mess right now, and the couple of support areas I was shuttled around to didn't seem to be aware of what they were trying to support. I suppose for a few days it's just noise in my logs. I hope it gets sorted out soon. I do mostly like the Comodo rules, but it may be time to look elsewhere.

I'm really sorry to hear that, I do hope that once the dust settles a bit things will go back to normal.

 

[Datacenter1]

Looks like is working again

 

[verdon]

Looks like is working again

Yup. For me as well.

 

[Greg M]

I have had this a number times over the past 8 months. It's generally not a huge problem as it resolves usually within a day or two. I did at one point contact comodo support. (There is a support link in the portal where you sign up to receive the rules) And they managed to fix the problem (no doubt kicked the server) and replied and asked me to update again and it worked.

You may just find that they are experiencing overloads if too many users are updating their WAF rules at the same time. Remember it's not just cPanel users that can get these free rules. Anyone can so it's likely they would have load issues now and again.

I personally find the comodo rules to be far superior to OWASP. the owasp rules had so many false positives I had no choice but to remove them, installed comodo and never looked back, I think I disabled 1 comodo rule that was being triggered by a wordpress plugin and that was it.

Lets hope the speculation about sectigo charging for comodos free services is just that - speculation. I love the fact that comodo are providing essential things like WAF rules and SSL certs for free en mass, saves a fortune for those of us who are not rich, or don't have rich clients