Try to save the script in your root directory or any other directory that is not inside "/conf/modsec_rules"
Regards,
Sergio
Regards,
Sergio
I will be updating the blacklisted domain file every Sunday night.
The last update contains 2,620 domains used to spam any kind of post, you can use this file with my autoupdater or you can add the content of this file to your own "domain-blacklist.txt" from GotRoot.
Regards,
Sergio
The last update contains 2,620 domains used to spam any kind of post, you can use this file with my autoupdater or you can add the content of this file to your own "domain-blacklist.txt" from GotRoot.
Regards,
Sergio
New mod security 2.5.12 issued by cpanel
NEW MOD SECURITY 2.5.12 ISSUED BY CPANEL
If you have already installed 2.5.12 chances are that you will have the following error in your MODSEC:
1. Add to your PHP.INI the following commands:
Regards,
Sergio
NEW MOD SECURITY 2.5.12 ISSUED BY CPANEL
If you have already installed 2.5.12 chances are that you will have the following error in your MODSEC:
To fix this error you need to do the following:
1. Add to your PHP.INI the following commands:
2. Add to your MODSEC2.USER.CONF file the following commands:
This will fix any issues with the new 2.5.12
Regards,
Sergio
Hi Ikillbill,
what errors are you facing? Are you still continue to receive the PCRE limit error?
If you still continue with this error, please run the following command from root:
This will fix any error in your perl installation and will help to fix the PCRE error.
Sergio
Did you run the script a few times?
This is what I did:
1. Run the script until it uploaded all the modules that perl needs.
2. I modified PHP.INI and added the two command lines as I wrote before and each one with a number of 10,000,000 if you fail to add this lines PCRE will continue with the error.
3. Then I modified MODSEC2.USER.CONF to add the other two lines
4. Restarted APACHE and everything was working again.
You will see a lot of PCRE errors in your WHM ModSecurity GUI but don't worry, they will dissapear.
Regards,
Sergio
For the PCRE commands, I searched here:
PHP: Runtime Configuration - Manual
For the ModSecurity commands, I searched here:
https://www.modsecurity.org/documen.../html-multipage/configuration-directives.html
Sergio
Hi,
First of all thanks, it looks like you put some work into this and I appreciate you giving it to us for free.
The only bug I've found so far (I just installed it), is the script moves itself to the httpd conf directory after running. It also moves any files and directories that happen to be in the same folder as it is in. Luckily my /root directory wasn't very full.
Also, I was wondering what the uninstall process would be in case something does end up not working correctly. I'm using the default config in modsec2.user.conf that cPanel carries, but I appended what you wrote to the top. It seems to be working. The modsec2.conf file also had one line of change from the original cPanel version, which was the line with 127.0.0.1 in it.
Will there be a problem with simply appending all that stuff to the top?
Also, Apache wouldn't start because there was no /etc/asl/whitelist file which is required by some config file. This possibly caused my first downtime on the server. It would be nice if you would specify we need to create certain directories before running the install scripts, as I didn't see any mention of this on your original thread, or on the website.
And lastly, is there any way to confirm this is or is not working? If I still have the default rules running under the cPanel mod sec config, will all of these run concurrently? Will there be any conflicts? If you can fix the couple of bugs that would be great, as then I could add this to a cron.
Thanks again, and in case you missed it above please list the uninstall steps just in case. I'm not 100% sure what this script did, which was probably not a wise move from me as the server admin for my VPS.
-Tony
Starcraft 2 Maps | BlizzMaps.com
http://www.freeguildwebsite.com
First of all thanks, it looks like you put some work into this and I appreciate you giving it to us for free.
The only bug I've found so far (I just installed it), is the script moves itself to the httpd conf directory after running. It also moves any files and directories that happen to be in the same folder as it is in. Luckily my /root directory wasn't very full.
Also, I was wondering what the uninstall process would be in case something does end up not working correctly. I'm using the default config in modsec2.user.conf that cPanel carries, but I appended what you wrote to the top. It seems to be working. The modsec2.conf file also had one line of change from the original cPanel version, which was the line with 127.0.0.1 in it.
Will there be a problem with simply appending all that stuff to the top?
Also, Apache wouldn't start because there was no /etc/asl/whitelist file which is required by some config file. This possibly caused my first downtime on the server. It would be nice if you would specify we need to create certain directories before running the install scripts, as I didn't see any mention of this on your original thread, or on the website.
And lastly, is there any way to confirm this is or is not working? If I still have the default rules running under the cPanel mod sec config, will all of these run concurrently? Will there be any conflicts? If you can fix the couple of bugs that would be great, as then I could add this to a cron.
Thanks again, and in case you missed it above please list the uninstall steps just in case. I'm not 100% sure what this script did, which was probably not a wise move from me as the server admin for my VPS.
-Tony
Starcraft 2 Maps | BlizzMaps.com
http://www.freeguildwebsite.com
Hello Tony,
thanks a lot for your feed back, I will add some text and / or code to my script to help you on this.
I just want to mention that if you read at the posts in this thread, in one of them I wrote that the AUTOUPDATER is in fact to help you "update" the rules from GotRoot that you have installed in your VPS/Server.
My script is not an "installer" and that is why it doesn't creates any directories at all. But you are right, I will mention that in the first post so people don't be confused.
On the other hand and answering to your questions:
1. CPanel has a very special way of handling HTTPD via include files. ModSecurity is one of that things and that is why CPanel has created two files a)MODSEC2.CONF and b)MODSEC2.USER.CONF
Don't write anything to MODSEC2.CONF only use MODSEC2.USER.CONF to handling all the rules that you will be using on your server.
2. CPanel has a specialized structure about MODSEC and it has a directory located in /usr/local/apache/conf/modsec_rules and is in here that you have to save your modsec rules as the name of the directory suggests.
My script saves in there the new rules that you are updating and the old ones are saved in your /tmp directory in a directory called MODSECOLD. So, if you want to have everything as it was before the update, you only need to restore the MODSECOLD contents to the /usr/local/apache/conf/modsec_rules directory and restart apache. It is not hard to do a restore from the last update, even in my first post I have wrote directions about this.
3. If you are planning to use the modsec rules that CPanel has, don't use it, they are just a starting point and are not as good as the ones that GotRoot has.
Finally, I really appreciate your comments and I will proceed to have a revisited version of the script. Also, I suggest that you create the following folders in your server in order for GotRoot rules to work:
These directories will not be used for saving any data at all, they only are used because some of the rules checks for them.
Best Regards,
Sergio
There are some error log in apache error log,
Please help in this regards.
Code:
ModSecurity: Failed to access DBM file "/var/asl/data/msa/global": Permission denied
ModSecurity: Failed to access DBM file "/var/asl/data/msa/ip": Permission deniedYou have to create 3 directories in order for GotRoot rules to work, they are:
/var/asl/data/msa/
/var/asl/data/audit/
/var/asl/data/suspicious/
all of them use chmod 770
It's maybe due to that you are still using old verson of MOD_SECURITY.
Recompile with latest easyapache build and let see.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| A | ModSecurity to disable for Wordpress | Security | 8 | |
| K | Modsecurity and cpanel questions | Security | 3 | |
| C | OWASP ModSecurity Core Rule Set 3.3.5 [Security Fix] | Security | 1 | |
| L | ModSecurity Rule Triggered by autodiscover | Security | 3 | |
| M | Automatic modsecurity rules updater | Security | 0 |