ModSecurity Vendors Error

derek bullard

Registered
Nov 3, 2017
4
1
1
canada
cPanel Access Level
Root Administrator
Hi,

we are getting an email about an error with modesecurity vendors after automatic update. We are using 2 vendors, COMODO ModSecurity LiteSpeed Rule Set and ConfigServer Rule Set. They are both configured correctly.

Maintenance ended; however, it did not exit cleanly (256).

The 'E' tag is:
Code:
[2017-11-03 01:28:03 -0700] E    [/usr/local/cpanel/scripts/modsec_vendor] The “/usr/local/cpanel/scripts/modsec_vendor” command (process 1912) reported error number 255 when it ended.
[2017-11-03 01:28:39 -0700] E Pre Maintenance ended, however it did not exit cleanly (256). Please check the logs for an indication of what happened
thanks for helping.

I forgot to mention that the operating system is CloudLinux 7.4
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello,

Could you let us know the output when manually running the "/scripts/modsec_vendor" command?

Thank you.
 

derek bullard

Registered
Nov 3, 2017
4
1
1
canada
cPanel Access Level
Root Administrator
Hi Michael,

thanks for your answer. Here's the output when manually running the "/scripts/modsec_vendor" command

Code:
# /scripts/modsec_vendor
usage: /scripts/modsec_vendor <list | add | remove | update> ...

list
  - Lists the currently-installed vendors

add <vendor metadata YAML URL>
  - Installs a new vendor

remove <vendor_id>
  - Removes the vendor with the specified vendor id

update <vendor_id | vendor metadata YAML URL | --auto>
  - If a vendor_id is provided, this command updates the vendor specified by that id
    from the same URL that was used to install it.
  - If a URL is provided, this command updates an existing vendor from the specified URL.
    The URL need not be the same as the one used to originally install the vendor.
  - If --auto is specified, updates all installed vendors for which auto-update is enabled
    using the URLs from which they were originally installed.

enable <vendor_id>
  - Enables a vendor

disable <vendor_id>
  - Disables a vendor

enable-updates <vendor_id>
  - Enables automatic updates for a vendor

disable-updates <vendor_id>
  - Disables automatic updates for a vendor

enable-configs <vendor_id>
  - Enables all configs for a vendor

disable-configs <vendor_id>
  - Disables all configs for a vendor

Doing "/scripts/modsec_vendor list" command instead gives:

Code:
# /scripts/modsec_vendor list
[OWASP3] OWASP ModSecurity Core Rule Set V3.0 (not installed)
 cpanel_provided   1
     description   SpiderLabs OWASP V3 curated ModSecurity rule set
       installed   0
  installed_from   http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
            name   OWASP ModSecurity Core Rule Set V3.0
       vendor_id   OWASP3
      vendor_url   https://go.cpanel.net/modsecurityowasp


[comodo_litespeed] COMODO ModSecurity LiteSpeed Rule Set
     archive_url   https://waf.comodo.com/api/cpanel_litespeed_vendor
         configs   (34)
 cpanel_provided   0
     description   COMODO ModSecurity Rules for LiteSpeed
        dist_md5   d6709c7f775f0394055e717c92635580
     dist_sha512   09f926a4edf151b8230c08f5c5847f55b945fb4b05c79e10c4a5328f4144b241575336e73956901f5737c026f6ae79c2eba895a3e55b9a12886398be84169851
         enabled   1
          in_use   34
       inst_dist   comodo-litespeed-1143
       installed   1
  installed_from   https://waf.comodo.com/doc/meta_comodo_litespeed.yaml
            name   COMODO ModSecurity LiteSpeed Rule Set
            path   /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed
      report_url   https://waf.comodo.com/api/cpanel_feedback?source=1&rule_set=1.143
supported_versions   (6)
          update   1
       vendor_id   comodo_litespeed
      vendor_url   https://waf.comodo.com


[configserver] ConfigServer
     archive_url   https://download.configserver.com/waf/configserver.zip
         configs   (1)
 cpanel_provided   0
     description   ConfigServer cXs ModSecurity rule
        dist_md5   3a917adcd7eafd35d975b15bfc889d49
     dist_sha512   77f635a22c9d28109ebcb755a7cffc7696bd2a0c287cfa0b89bea9ce3d39ff6b2017f25eb3b198b55702cafb37a86b0776107db934455b133bfbce564747f235
         enabled   1
          in_use   1
       inst_dist   configserver
       installed   1
  installed_from   https://download.configserver.com/waf/meta_configserver.yaml
            name   ConfigServer
            path   /etc/apache2/conf.d/modsec_vendor_configs/configserver
supported_versions   (6)
          update   1
       vendor_id   configserver
      vendor_url   http://configserver.com
 

derek bullard

Registered
Nov 3, 2017
4
1
1
canada
cPanel Access Level
Root Administrator
when I try to update I get the following:

Code:
[[email protected] ~]# /scripts/modsec_vendor update configserver
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system failed to update the vendor from the URL “https://download.configserver.com/waf/meta_configserver.yaml”: (XID jhhjwg) The update for vendor “configserver” is unnecessary because you already have distribution “configserver” installed.
[[email protected] ~]# /scripts/modsec_vendor update comodo_litespeed
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_litespeed.yaml”: (XID xa2b6x) The update for vendor “comodo_litespeed” is unnecessary because you already have distribution “comodo-litespeed-1144” installed.
for some reason we did'nt get that email again though so maybe it was a temporary issue
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
for some reason we did'nt get that email again though so maybe it was a temporary issue
Hello,

Can you verify the system was successfully updated to cPanel 68?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello,

I'm glad to see the next cPanel update succeeded. Note that I did attempt to reproduce the issue, but found that it was working properly. The "/usr/local/cpanel/scripts/modsec_vendor update --auto" command completed successfully during the upcp process and when ran manually:

Code:
[2017-11-08 09:44:07 -0600]    - Processing command `/usr/local/cpanel/scripts/modsec_vendor update --auto`
[2017-11-08 09:44:09 -0600]    - Finished command `/usr/local/cpanel/scripts/modsec_vendor update --auto` in 1.349 seconds
Code:
# /usr/local/cpanel/scripts/modsec_vendor update --auto
info [modsec_vendor] Updates are in progress for all of the installed ModSecurity vendors with automatic updates enabled.
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
info [modsec_vendor] The vendor “configserver” is already up to date.
Let us know if you notice this happening again in the future.

Thank you.