ModSecuirty "/var/cpanel/secdatadir/ip"

Serra

Well-Known Member
Oct 27, 2005
267
18
168
Florida
ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied
So, this error is a bit weird. First, just to be clear, "/var/cpanel/secdatadir/ip" is not a file. So, if you go looking for it, you will not find it. There is a directory "/var/cpanel/secdatadir/"

The solution appears to be to remove mod_ruid2 or disable every IP rule in mod_security.

An alternate solution is to make a fix with the permissions. secdatadir needs to be some place that apache (nobody) had execute to, so it can see the directory.

I created /home/secdatadir and chowned it to nobody:nobody. Then I chmoded the files that were created in there to 777. I udpated mod_security to:

Code:
##SecDataDir "/var/cpanel/secdatadir"
SecDataDir "/home/secdatadir"
This allows this functionality to start working again. The log works fine.

Not happy about the 777 files, but at least the log and IP scanning is working again.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,224
463
So, this error is a bit weird. First, just to be clear, "/var/cpanel/secdatadir/ip" is not a file. So, if you go looking for it, you will not find it. There is a directory "/var/cpanel/secdatadir/"
Hello,

Could you verify the specific error message you are referring to?

Thanks!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,224
463
Hello,

Thank you for clarifying. Note that for your workaround, you should be able to define the custom path for the "SecGeoLookupDb" directive via the following option if you prefer to use the WHM UI:

"WHM Home » Security Center » ModSecurity™ Configuration » Configure Global Directives"

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
It's been long known there are issues with RUID and any rules using collections (ip.pag, ip.dat, user.pag etc). due to the multiple user IDs running apache trying to write the same log file.

Thankfully not that many rules really need these aside from counters / brute force / tracking rules. You can still run a pretty solid WAF without this feature.