The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Modsecurity date problem

Discussion in 'Security' started by nisse, Jul 19, 2005.

  1. nisse

    nisse Well-Known Member

    Joined:
    Nov 11, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Since I updated to 10.2.0-CURRENT_131, modesecurity has been writing entries into its database with blank dates.

    Anyone know of a fix?
     
  2. gupi

    gupi Well-Known Member

    Joined:
    Apr 27, 2004
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    I confirm a similar issue in WHM 10.1.0 cPanel 10.2.0-S83, too:

    Code:
    IP              Date            Time            Handler                  ....
    at.ac.ck.er	0000-00-00	15:33:43	cgi-script
     
  3. adapter

    adapter Well-Known Member
    PartnerNOC

    Joined:
    Sep 17, 2003
    Messages:
    391
    Likes Received:
    0
    Trophy Points:
    16
    I use modesecurity but i dont have any database for it:) where is?
     
  4. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    /var/lib/mysql/modsec
    In WHM under heading SQL Services/phpMyAdmin/Database/modsec
    In WHM you should also have a menu option under Add-ons down at the bottom of the left hand menu panel called Mod Security. Clicking on it will give you the current db entries with search controls and other controls for this mod.
    HTH :)
     
    #4 Izzee, Jul 20, 2005
    Last edited: Jul 20, 2005
  5. adapter

    adapter Well-Known Member
    PartnerNOC

    Joined:
    Sep 17, 2003
    Messages:
    391
    Likes Received:
    0
    Trophy Points:
    16
    umm i dont have it, maybe bcs i have install it from source?

    what it store in the db?
     
  6. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    Your questions are not relevant to this thread but if it helps, this is what it will show in the WHM link I gave above ;).
    This info is collected from /usr/local/apache/logs/audit_log - stored in the db and then the log file is emptied.

    IP
    Date
    Time
    Handler
    GET
    Host
    Mod_Security-Message
    Mod_Security-Action
     
  7. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    I am missing valid dates on last several days entries across all servers also.
     
  8. jeroman8

    jeroman8 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    410
    Likes Received:
    0
    Trophy Points:
    16
    same here: date is 0000-00-00
     
  9. gupi

    gupi Well-Known Member

    Joined:
    Apr 27, 2004
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    I'm not skilled in Perl, but could.t be an issue in the cron function which extracts info from audit_log and pokes it into the database ?
     
  10. pizzaman

    pizzaman Well-Known Member
    PartnerNOC

    Joined:
    Oct 1, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    a typo

    It's a typo in "/etc/cron.hourly/modsecparse.pl"

    change from:
    if ($month =~ "Jal") { $nmonth = "07"; }

    to:
    if ($month =~ "Jul") { $nmonth = "07"; }

    Somebody was doing overtime during the coding, perhaps. :)
    Note that this may or may not survive cPanel's update. I'll submit a bug after this.

    While at it, I'm not a good coder, but wouldn't it be nicer to change this line too, from

    getmysqldate($date);

    to

    $mysqldate = getmysqldate($date);

    [bugzilla ID: 2902]
     
    #10 pizzaman, Jul 26, 2005
    Last edited: Jul 26, 2005
  11. gupi

    gupi Well-Known Member

    Joined:
    Apr 27, 2004
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    pizzaman, you deserve a box of beer!
    works great.
     
Loading...

Share This Page