Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Modsecurity after EasyApache3 to EasyApache4 transition

Discussion in 'EasyApache' started by smess, Apr 7, 2019.

  1. smess

    smess Registered

    Joined:
    Apr 7, 2019
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Toronto, Canada
    cPanel Access Level:
    Reseller Owner
    Modsecurity stopped working after the transition from EasyApache3 to EasyApache4. The old EasyApache3 setup included Mod_ruid2 and the Mod_Security plugin.

    When trying to install a ModSecurity Vendor (OWASP CRS V3.0) on the "WHM/ModSecurity Vendors" page, I get the following error message:
    --------------
    Error: The system experienced the following error when it attempted to install the “OWASP ModSecurity Core Rule Set V3.0” vendor: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: AH00526: Syntax error on line 53 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: SecRuleRemoveById requires at least one argument, rule ID for removal
    --------------
    When I inspect /etc/apache2/conf.d/modsec/modsec2.cpanel.conf the file is completely empty. There is no line 53.

    I have tried using EasyApache4 to uninstall and reinstall ModSecurity but that made no difference. I believe the problem may be related to files or settings left over from the old ModSecurity plug-in install under easyapache3.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @smess


    If you move that file and then rebuild the apache configuration with:

    Code:
    /scripts/rebuildhttpdconf
    Then attempt to restart apache again does the issue persist?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. smess

    smess Registered

    Joined:
    Apr 7, 2019
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Toronto, Canada
    cPanel Access Level:
    Reseller Owner
    Thanks for the response but that did not work. I got the following error messages:

    Code:
    # /scripts/rebuildhttpdconf
    Initial configuration generation failed with the following message:
    The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.d5177d3c.cfgcheck -C Include "/etc/apache2/conf.modules.d/*.conf"” command (process 20739) reported error number 1 when it ended.
    httpd: Syntax error on line 253 of /etc/apache2/conf/httpd.conf.work.d5177d3c.cfgcheck: Syntax error on line 31 of /etc/apache2/conf.d/modsec2.conf: Could not open configuration file /etc/apache2/conf.d/modsec/modsec2.user.conf: No such file or directory
    Rebuilding configuration without any local modifications.
    Failed to generate a syntactically correct Apache configuration.
    Bad configuration file located at /etc/apache2/conf/httpd.conf.work.d5177d3c
    Error:
    The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.d5177d3c.cfgcheck -C Include "/etc/apache2/conf.modules.d/*.conf"” command (process 20740) reported error number 1 when it ended.
    httpd: Syntax error on line 253 of /etc/apache2/conf/httpd.conf.work.d5177d3c.cfgcheck: Syntax error on line 31 of /etc/apache2/conf.d/modsec2.conf: Could not open configuration file /etc/apache2/conf.d/modsec/modsec2.user.conf: No such file or directory
    I found another version of modsec2.cpanel.conf at /usr/local/apache.ea3/conf/modsec2.cpanel.conf. Line 53 in that file has the SecRuleRemoveById error, so I commented line 53 out but did not move the file. Still got the original "line 53" error message.

    It looks like the files needed are in /usr/local/apache.ea3/conf/ but I don't know if it is safe to move them, they may be an old version. The /etc/apache2/conf.d/modsec/ directory currently only has two empty files in it: modsec2.cpanel.conf and modsec2.user.conf.
     
    #3 smess, Apr 9, 2019
    Last edited: Apr 9, 2019
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    It's doing that because they're noted as includes elsewhere. Can you please open a ticket using the link in my signature? Also since you're not able to start apache this would be considered an emergency and I'd suggest you mark it as such so it gets immediate attention.

    Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. smess

    smess Registered

    Joined:
    Apr 7, 2019
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Toronto, Canada
    cPanel Access Level:
    Reseller Owner
    Apache is working and WHM/EasyApache 4 builds with the mod_security2 and mod_ruid2 options enabled without reporting any errors. Apache restarts without issue through WHM. The problem is ModSecuity is not working and I get errors when I try to change the setup to get it working.

    I will open the ticket and post the ID.

    Thanks.
     
    cPanelLauren likes this.
  6. smess

    smess Registered

    Joined:
    Apr 7, 2019
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Toronto, Canada
    cPanel Access Level:
    Reseller Owner
    Tickets ID# 11916435

    Thanks for your help.
     
  7. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @smess


    It looks I checked in on that ticket this morning and it would appear that the issue was specific to a line in the /var/cpanel/modsec_cpanel_conf_datastore - once that line was removed ModSecurity was able to be installed successfully and Apache was able to be rebuilt.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice