ModSecurity Tools Hits List is empty

robertjw

Member
Oct 18, 2013
14
0
1
cPanel Access Level
Root Administrator
ModSecurity has recently been installed on the server using EA4. Server is standard cPanel configuration, nothing unusual. /usr/local/apache/logs/modsec_audit.log is logging data and looks correct.

COMODO ModSecurity Apache Rule Set is installed as a vendor and enabled.

/etc/apache2/conf.d/modsec/modsec2.cpanel.conf does not show any SecAuditLog entry.

Why is
HomeHome »Security Center »ModSecurity™ Tools »Hits List
empty?
 

JacobPerkins

Well-Known Member
May 2, 2014
617
97
103
cPanel Access Level
DataCenter Provider
Twitter
Hi,

SecAuditLog is located in /etc/apache2/conf.d/modsec2.conf.

Could you post what configurations are in the /etc/apache2/conf.d/modsec/modsec2.cpanel.net? For example:

Code:
SecAuditEngine "RelevantOnly"
SecRuleEngine "On"
 

robertjw

Member
Oct 18, 2013
14
0
1
cPanel Access Level
Root Administrator
OK, found the SecAuditLog in /etc/apache2/conf.d/modsec2.conf and it's set to:

Code:
    SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug.log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"
Data is being logged to modsec_audit.log

Sure, here's what's in /etc/apache2/conf.d/modsec/modsec2.cpanel.net

Code:
SecDataDir "/var/cpanel/secdatadir"
SecAuditEngine "On"
SecConnEngine "On"
SecRuleEngine "On"

And a bunch of include lines like this one

Code:
Include "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/00_Init_Initialization.conf"
All for comodo_apache - I can post them if you want.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,902
2,227
363
cPanel Access Level
DataCenter Provider
Twitter