Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecuirty "/var/cpanel/secdatadir/ip"

Discussion in 'Security' started by Serra, Feb 27, 2018.

Tags:
  1. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    241
    Likes Received:
    12
    Trophy Points:
    168
    Location:
    Florida
    So, this error is a bit weird. First, just to be clear, "/var/cpanel/secdatadir/ip" is not a file. So, if you go looking for it, you will not find it. There is a directory "/var/cpanel/secdatadir/"

    The solution appears to be to remove mod_ruid2 or disable every IP rule in mod_security.

    An alternate solution is to make a fix with the permissions. secdatadir needs to be some place that apache (nobody) had execute to, so it can see the directory.

    I created /home/secdatadir and chowned it to nobody:nobody. Then I chmoded the files that were created in there to 777. I udpated mod_security to:

    Code:
    ##SecDataDir "/var/cpanel/secdatadir"
    SecDataDir "/home/secdatadir"
    This allows this functionality to start working again. The log works fine.

    Not happy about the 777 files, but at least the log and IP scanning is working again.
     
    #1 Serra, Feb 27, 2018
    Last edited by a moderator: Feb 28, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,247
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify the specific error message you are referring to?

    Thanks!
     
  3. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    241
    Likes Received:
    12
    Trophy Points:
    168
    Location:
    Florida
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,247
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Thank you for clarifying. Note that for your workaround, you should be able to define the custom path for the "SecGeoLookupDb" directive via the following option if you prefer to use the WHM UI:

    "WHM Home » Security Center » ModSecurity™ Configuration » Configure Global Directives"

    Thank you.
     
  5. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    241
    Likes Received:
    12
    Trophy Points:
    168
    Location:
    Florida
    Thanks, I didn't even know about that!
     
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    It's been long known there are issues with RUID and any rules using collections (ip.pag, ip.dat, user.pag etc). due to the multiple user IDs running apache trying to write the same log file.

    Thankfully not that many rules really need these aside from counters / brute force / tracking rules. You can still run a pretty solid WAF without this feature.
     
Loading...

Share This Page