Modsecurity date problem

nisse

Well-Known Member
Nov 11, 2003
87
0
156
Since I updated to 10.2.0-CURRENT_131, modesecurity has been writing entries into its database with blank dates.

Anyone know of a fix?
 

gupi

Well-Known Member
Apr 27, 2004
125
0
166
I confirm a similar issue in WHM 10.1.0 cPanel 10.2.0-S83, too:

Code:
IP              Date            Time            Handler                  ....
at.ac.ck.er	0000-00-00	15:33:43	cgi-script
 

adapter

Well-Known Member
PartnerNOC
Sep 17, 2003
391
0
166
I use modesecurity but i dont have any database for it:) where is?
 

Izzee

Well-Known Member
Feb 6, 2004
469
0
166
adapter said:
I use modesecurity but i dont have any database for it:) where is?
/var/lib/mysql/modsec
In WHM under heading SQL Services/phpMyAdmin/Database/modsec
In WHM you should also have a menu option under Add-ons down at the bottom of the left hand menu panel called Mod Security. Clicking on it will give you the current db entries with search controls and other controls for this mod.
HTH :)
 
Last edited:

adapter

Well-Known Member
PartnerNOC
Sep 17, 2003
391
0
166
umm i dont have it, maybe bcs i have install it from source?

what it store in the db?
 

Izzee

Well-Known Member
Feb 6, 2004
469
0
166
adapter said:
umm i dont have it, maybe bcs i have install it from source?

what it store in the db?
Your questions are not relevant to this thread but if it helps, this is what it will show in the WHM link I gave above ;).
This info is collected from /usr/local/apache/logs/audit_log - stored in the db and then the log file is emptied.

IP
Date
Time
Handler
GET
Host
Mod_Security-Message
Mod_Security-Action
 

rpmws

Well-Known Member
Aug 14, 2001
1,787
9
318
back woods of NC, USA
I am missing valid dates on last several days entries across all servers also.
 

gupi

Well-Known Member
Apr 27, 2004
125
0
166
I'm not skilled in Perl, but could.t be an issue in the cron function which extracts info from audit_log and pokes it into the database ?
 

pizzaman

Well-Known Member
PartnerNOC
Oct 1, 2003
70
0
156
a typo

It's a typo in "/etc/cron.hourly/modsecparse.pl"

change from:
if ($month =~ "Jal") { $nmonth = "07"; }

to:
if ($month =~ "Jul") { $nmonth = "07"; }

Somebody was doing overtime during the coding, perhaps. :)
Note that this may or may not survive cPanel's update. I'll submit a bug after this.

While at it, I'm not a good coder, but wouldn't it be nicer to change this line too, from

getmysqldate($date);

to

$mysqldate = getmysqldate($date);

[bugzilla ID: 2902]
 
Last edited:

gupi

Well-Known Member
Apr 27, 2004
125
0
166
pizzaman said:
It's a typo in "/etc/cron.hourly/modsecparse.pl"
change from:
if ($month =~ "Jal") { $nmonth = "07"; }
to:
if ($month =~ "Jul") { $nmonth = "07"; }

Somebody was doing overtime during the coding, perhaps. :)
Note that this may or may not survive cPanel's update. I'll submit a bug after this.

While at it, I'm not a good coder, but wouldn't it be nicer to change this line too, from

getmysqldate($date);

to

$mysqldate = getmysqldate($date);

[bugzilla ID: 2902]
pizzaman, you deserve a box of beer!
works great.