Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecurity Tools Hits List is empty

Discussion in 'Security' started by robertjw, Nov 23, 2016.

Tags:
  1. robertjw

    robertjw Member

    Joined:
    Oct 18, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    ModSecurity has recently been installed on the server using EA4. Server is standard cPanel configuration, nothing unusual. /usr/local/apache/logs/modsec_audit.log is logging data and looks correct.

    COMODO ModSecurity Apache Rule Set is installed as a vendor and enabled.

    /etc/apache2/conf.d/modsec/modsec2.cpanel.conf does not show any SecAuditLog entry.

    Why is
    HomeHome »Security Center »ModSecurity™ Tools »Hits List
    empty?
     
  2. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    605
    Likes Received:
    94
    Trophy Points:
    103
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    SecAuditLog is located in /etc/apache2/conf.d/modsec2.conf.

    Could you post what configurations are in the /etc/apache2/conf.d/modsec/modsec2.cpanel.net? For example:

    Code:
    SecAuditEngine "RelevantOnly"
    SecRuleEngine "On"
    
     
  3. robertjw

    robertjw Member

    Joined:
    Oct 18, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    OK, found the SecAuditLog in /etc/apache2/conf.d/modsec2.conf and it's set to:

    Code:
        SecAuditLog logs/modsec_audit.log
        SecDebugLog logs/modsec_debug.log
        SecDebugLogLevel 0
        SecDefaultAction "phase:2,deny,log,status:406"
    
    Data is being logged to modsec_audit.log

    Sure, here's what's in /etc/apache2/conf.d/modsec/modsec2.cpanel.net

    Code:
    SecDataDir "/var/cpanel/secdatadir"
    SecAuditEngine "On"
    SecConnEngine "On"
    SecRuleEngine "On"

    And a bunch of include lines like this one

    Code:
    Include "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/00_Init_Initialization.conf"
    All for comodo_apache - I can post them if you want.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page