The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecurity Tools Hits List is empty

Discussion in 'Security' started by robertjw, Nov 23, 2016.

Tags:
  1. robertjw

    robertjw Member

    Joined:
    Oct 18, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    ModSecurity has recently been installed on the server using EA4. Server is standard cPanel configuration, nothing unusual. /usr/local/apache/logs/modsec_audit.log is logging data and looks correct.

    COMODO ModSecurity Apache Rule Set is installed as a vendor and enabled.

    /etc/apache2/conf.d/modsec/modsec2.cpanel.conf does not show any SecAuditLog entry.

    Why is
    HomeHome »Security Center »ModSecurity™ Tools »Hits List
    empty?
     
    #1 robertjw, Nov 23, 2016
  2. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    599
    Likes Received:
    90
    Trophy Points:
    103
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    SecAuditLog is located in /etc/apache2/conf.d/modsec2.conf.

    Could you post what configurations are in the /etc/apache2/conf.d/modsec/modsec2.cpanel.net? For example:

    Code:
    SecAuditEngine "RelevantOnly"
SecRuleEngine "On"
     
    #2 cPJacob, Nov 28, 2016
  3. robertjw

    robertjw Member

    Joined:
    Oct 18, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    OK, found the SecAuditLog in /etc/apache2/conf.d/modsec2.conf and it's set to:

    Code:
        SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug.log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"
    Data is being logged to modsec_audit.log

    Sure, here's what's in /etc/apache2/conf.d/modsec/modsec2.cpanel.net

    Code:
    SecDataDir "/var/cpanel/secdatadir"
SecAuditEngine "On"
SecConnEngine "On"
SecRuleEngine "On"

    And a bunch of include lines like this one

    Code:
    Include "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/00_Init_Initialization.conf"
    All for comodo_apache - I can post them if you want.
     
    #3 robertjw, Nov 28, 2016
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,037
    Likes Received:
    1,278
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    #4 cPanelMichael, Nov 29, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - ModSecurity Tools Hits
  1. JerryB

    SOLVED ModSecurity™ Tools The following exception has occurred: API failure

    JerryB, Dec 7, 2016, in forum: Security
    Replies:
    7
    Views:
    423
    cPanelMichael
    Dec 15, 2016
  2. Masimo

    Error on ModSecurity™ Tools

    Masimo, Apr 4, 2016, in forum: Security
    Replies:
    7
    Views:
    760
    cPanelMichael
    Apr 7, 2016
  3. Valetia

    ModSecurity Tools - missing Action Description and Justification

    Valetia, Feb 2, 2016, in forum: Security
    Replies:
    3
    Views:
    493
    Infopro
    Feb 3, 2016
  4. schoeps

    SOLVED OWASP ModSecurity v3 and v1?

    schoeps, Jul 31, 2017, in forum: Security
    Replies:
    2
    Views:
    84
    schoeps
    Jul 31, 2017
  5. Federico Barcelo

    cxs ModSecurity Scanning (disabled)

    Federico Barcelo, Jul 27, 2017, in forum: Security
    Replies:
    2
    Views:
    69
    cPanelMichael
    Jul 28, 2017

Share This Page