Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecurity Tools Hits List is empty

Discussion in 'Security' started by robertjw, Nov 23, 2016.

Tags:
  1. robertjw

    robertjw Member

    Joined:
    Oct 18, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    ModSecurity has recently been installed on the server using EA4. Server is standard cPanel configuration, nothing unusual. /usr/local/apache/logs/modsec_audit.log is logging data and looks correct.

    COMODO ModSecurity Apache Rule Set is installed as a vendor and enabled.

    /etc/apache2/conf.d/modsec/modsec2.cpanel.conf does not show any SecAuditLog entry.

    Why is
    HomeHome »Security Center »ModSecurity™ Tools »Hits List
    empty?
     
    #1 robertjw, Nov 23, 2016
  2. JacobPerkins

    JacobPerkins cPanel Product Owner

    Joined:
    May 2, 2014
    Messages:
    619
    Likes Received:
    96
    Trophy Points:
    103
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    SecAuditLog is located in /etc/apache2/conf.d/modsec2.conf.

    Could you post what configurations are in the /etc/apache2/conf.d/modsec/modsec2.cpanel.net? For example:

    Code:
    SecAuditEngine "RelevantOnly"
SecRuleEngine "On"
     
    #2 JacobPerkins, Nov 28, 2016
  3. robertjw

    robertjw Member

    Joined:
    Oct 18, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    OK, found the SecAuditLog in /etc/apache2/conf.d/modsec2.conf and it's set to:

    Code:
        SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug.log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"
    Data is being logged to modsec_audit.log

    Sure, here's what's in /etc/apache2/conf.d/modsec/modsec2.cpanel.net

    Code:
    SecDataDir "/var/cpanel/secdatadir"
SecAuditEngine "On"
SecConnEngine "On"
SecRuleEngine "On"

    And a bunch of include lines like this one

    Code:
    Include "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/00_Init_Initialization.conf"
    All for comodo_apache - I can post them if you want.
     
    #3 robertjw, Nov 28, 2016
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,763
    Likes Received:
    1,710
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    #4 cPanelMichael, Nov 29, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - ModSecurity Tools Hits
  1. jlucho

    path log of ModSecurity Tools

    jlucho, Oct 29, 2017, in forum: General Discussion
    Replies:
    3
    Views:
    233
    cPanelMichael
    Oct 31, 2017
  2. JerryB

    SOLVED ModSecurity™ Tools The following exception has occurred: API failure

    JerryB, Dec 7, 2016, in forum: Security
    Replies:
    7
    Views:
    786
    cPanelMichael
    Dec 15, 2016
  3. Clixer

    ModSecurity Configuration

    Clixer, Mar 5, 2018, in forum: Security
    Replies:
    1
    Views:
    158
    cPanelMichael
    Mar 6, 2018
  4. osirion

    ModSecurity SecResponseBodyLimit & SecResponseBodyLimitAction

    osirion, Feb 9, 2018, in forum: Security
    Replies:
    3
    Views:
    153
    cPanelMichael
    Feb 12, 2018
  5. ::Gomez::

    Why are modsecurity rules not installed by default?

    ::Gomez::, Jan 24, 2018, in forum: Security
    Replies:
    6
    Views:
    223
    quizknows
    Jan 24, 2018

Share This Page