The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecurity - SecDataDir

Discussion in 'EasyApache' started by Patrice Bechard, Sep 24, 2016.

Tags:
  1. Patrice Bechard

    Patrice Bechard Registered

    Joined:
    Sep 24, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi everyone,

    2016 and still no fix from cPanel. We need thoses brute force rules to work with ruid2 because we need the security of ruid2, and we are hosting lots of Wordpress sites and we need to protect /wp-login from brute force attack. We made it work by appliying the workarround we found on this forum

    getting permission denied in ModSecurity error_log · Issue #919 · SpiderLabs/ModSecurity · GitHub

    The workarround is to change the SecDataDir from /var/cpanel/secdatadir to /var/log/secdatadir and set the right permissions in that directory. The problem is that the SecDataDir directive is set in the modsec2.cpanel.conf file and that file is overwritten by cPanel every time there is an update or we use the UI to change the config. If we set the SecDataDir in our modsec2.user.conf file, it is ignored because it is overwritten by the cpanel file that is called after in the modsec2.conf file and since the calls to the OWASP rules are in that cpanel file also, there is no way to rewrite that directive between the two calls.

    Cpanel: Is there a way to change a master file somewhere so when cpanel rewrites the modsec2.cpanel.conf file, you use our SecDataDir or have an advanced setting in the UI to set that folder ?? Or more drastically, why are you not putting that folder in this location by default with the cpanel install with the right permission ?? What are the security risks of that solution ?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I've moved this post into it's own thread.

    Could you verify if you are using EasyApache 4? If so, could you let us know if defining a custom path for the "SecGeoLookupDb" directive works for this purpose? The option is configurable via:

    "WHM Home » Security Center » ModSecurity™ Configuration » Configure Global Directives"

    Thank you.
     
  3. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    83
    Likes Received:
    15
    Trophy Points:
    8
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I know the OP needs to verify it on his own installation, but I can verify that a custom path saved for SecGeoLookupDb in EA4 did not get overwritten when updating from cPanel 58.0.30 to 58.0.31 on mine.
     
    cPanelMichael likes this.
Loading...

Share This Page