ModSecuirty "/var/cpanel/secdatadir/ip"

Serra

Serra

Well-Known Member
Oct 27, 2005
267
20
168
Florida
ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied
Click to expand...
So, this error is a bit weird. First, just to be clear, "/var/cpanel/secdatadir/ip" is not a file. So, if you go looking for it, you will not find it. There is a directory "/var/cpanel/secdatadir/"

The solution appears to be to remove mod_ruid2 or disable every IP rule in mod_security.

An alternate solution is to make a fix with the permissions. secdatadir needs to be some place that apache (nobody) had execute to, so it can see the directory.

I created /home/secdatadir and chowned it to nobody:nobody. Then I chmoded the files that were created in there to 777. I udpated mod_security to:

Code: 
##SecDataDir "/var/cpanel/secdatadir"
SecDataDir "/home/secdatadir"
This allows this functionality to start working again. The log works fine.

Not happy about the 777 files, but at least the log and IP scanning is working again.
 
Last edited by a moderator:
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
Serra said:
So, this error is a bit weird. First, just to be clear, "/var/cpanel/secdatadir/ip" is not a file. So, if you go looking for it, you will not find it. There is a directory "/var/cpanel/secdatadir/"
Click to expand...
Hello,

Could you verify the specific error message you are referring to?

Thanks!
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
Hello,

Thank you for clarifying. Note that for your workaround, you should be able to define the custom path for the "SecGeoLookupDb" directive via the following option if you prefer to use the WHM UI:

"WHM Home » Security Center » ModSecurity™ Configuration » Configure Global Directives"

Thank you.
 
Q

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
It's been long known there are issues with RUID and any rules using collections (ip.pag, ip.dat, user.pag etc). due to the multiple user IDs running apache trying to write the same log file.

Thankfully not that many rules really need these aside from counters / brute force / tracking rules. You can still run a pretty solid WAF without this feature.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
leonep LFD wp-toolkit whitelist commands in /var/log/secure Security 1
S Setting .htaccess in /var/www/html/ Security 17
J SOLVED Suspicious symlink (->../../var/lib/mysql/mysql.sock) Security 5
bloatedstoat /var/log/messages analysis with awk Security 4
T Varnish cache installation Security 3
Similar threads
LFD wp-toolkit whitelist commands in /var/log/secure
Setting .htaccess in /var/www/html/
SOLVED Suspicious symlink (->../../var/lib/mysql/mysql.sock)
/var/log/messages analysis with awk
Varnish cache installation
Top Bottom