The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Modsecparse.pl and new modsecurity...

Discussion in 'Security' started by 4u123, Apr 22, 2015.

  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    I noticed recently on our new servers that the modsecurity log was increasing in size to the point where it was causing problems. I looked for the modsecparse cron job and it wasn't there in /etc/cron.hourly on any of our new servers.

    I'm presuming that this is happening because the old modsecurity plugin no longer exists and cpanel have done away with the modsecparse script?

    If that isn't the case - could it be that the file isn't there because we have been compiling Apache via a saved easyapache build? Does this miss out the process of setting up the modsecparse script? Do we need to compile all the servers manually from WHM to make this work?

    If I click on the new "Modsecurity Tools" option, I see a full 7 days of modescurity history. I presume the log is getting parsed somehow and this tool is querying the modsec database?

    Confused...
     
    #1 4u123, Apr 22, 2015
    Last edited: Apr 23, 2015
  2. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    So it turns out that modsecparse script is no longer used, but having made changes to their modsec plugin, cPanel didn't add modsec_audit.log to logrotate and it now simply grows in size until you remove it.

    You can ether add it to logrotate or set a cron to delete the file periodically.

    There is a feature request here...

    http://features.cpanel.net/responses/add-log-rotation-for-mod-security-logs

    Due to be implemented in 11.50.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Thank you for taking the time to update this thread with the URL to the feature request. That feature is included with cPanel version 11.50, as you mentioned.
     
Loading...

Share This Page