Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ModSecurity Vendors Error

Discussion in 'Security' started by derek bullard, Nov 3, 2017.

Tags:
  1. derek bullard

    derek bullard Registered

    Joined:
    Nov 3, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    canada
    cPanel Access Level:
    Root Administrator
    Hi,

    we are getting an email about an error with modesecurity vendors after automatic update. We are using 2 vendors, COMODO ModSecurity LiteSpeed Rule Set and ConfigServer Rule Set. They are both configured correctly.

    Maintenance ended; however, it did not exit cleanly (256).

    The 'E' tag is:
    Code:
    [2017-11-03 01:28:03 -0700] E    [/usr/local/cpanel/scripts/modsec_vendor] The “/usr/local/cpanel/scripts/modsec_vendor” command (process 1912) reported error number 255 when it ended.
    [2017-11-03 01:28:39 -0700] E Pre Maintenance ended, however it did not exit cleanly (256). Please check the logs for an indication of what happened
    thanks for helping.

    I forgot to mention that the operating system is CloudLinux 7.4
     
    #1 derek bullard, Nov 3, 2017
    Last edited by a moderator: Nov 3, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you let us know the output when manually running the "/scripts/modsec_vendor" command?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. derek bullard

    derek bullard Registered

    Joined:
    Nov 3, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    canada
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    thanks for your answer. Here's the output when manually running the "/scripts/modsec_vendor" command

    Code:
    # /scripts/modsec_vendor
    usage: /scripts/modsec_vendor <list | add | remove | update> ...
    
    list
      - Lists the currently-installed vendors
    
    add <vendor metadata YAML URL>
      - Installs a new vendor
    
    remove <vendor_id>
      - Removes the vendor with the specified vendor id
    
    update <vendor_id | vendor metadata YAML URL | --auto>
      - If a vendor_id is provided, this command updates the vendor specified by that id
        from the same URL that was used to install it.
      - If a URL is provided, this command updates an existing vendor from the specified URL.
        The URL need not be the same as the one used to originally install the vendor.
      - If --auto is specified, updates all installed vendors for which auto-update is enabled
        using the URLs from which they were originally installed.
    
    enable <vendor_id>
      - Enables a vendor
    
    disable <vendor_id>
      - Disables a vendor
    
    enable-updates <vendor_id>
      - Enables automatic updates for a vendor
    
    disable-updates <vendor_id>
      - Disables automatic updates for a vendor
    
    enable-configs <vendor_id>
      - Enables all configs for a vendor
    
    disable-configs <vendor_id>
      - Disables all configs for a vendor

    Doing "/scripts/modsec_vendor list" command instead gives:

    Code:
    # /scripts/modsec_vendor list
    [OWASP3] OWASP ModSecurity Core Rule Set V3.0 (not installed)
     cpanel_provided   1
         description   SpiderLabs OWASP V3 curated ModSecurity rule set
           installed   0
      installed_from   http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
                name   OWASP ModSecurity Core Rule Set V3.0
           vendor_id   OWASP3
          vendor_url   https://go.cpanel.net/modsecurityowasp
    
    
    [comodo_litespeed] COMODO ModSecurity LiteSpeed Rule Set
         archive_url   https://waf.comodo.com/api/cpanel_litespeed_vendor
             configs   (34)
     cpanel_provided   0
         description   COMODO ModSecurity Rules for LiteSpeed
            dist_md5   d6709c7f775f0394055e717c92635580
         dist_sha512   09f926a4edf151b8230c08f5c5847f55b945fb4b05c79e10c4a5328f4144b241575336e73956901f5737c026f6ae79c2eba895a3e55b9a12886398be84169851
             enabled   1
              in_use   34
           inst_dist   comodo-litespeed-1143
           installed   1
      installed_from   https://waf.comodo.com/doc/meta_comodo_litespeed.yaml
                name   COMODO ModSecurity LiteSpeed Rule Set
                path   /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed
          report_url   https://waf.comodo.com/api/cpanel_feedback?source=1&rule_set=1.143
    supported_versions   (6)
              update   1
           vendor_id   comodo_litespeed
          vendor_url   https://waf.comodo.com
    
    
    [configserver] ConfigServer
         archive_url   https://download.configserver.com/waf/configserver.zip
             configs   (1)
     cpanel_provided   0
         description   ConfigServer cXs ModSecurity rule
            dist_md5   3a917adcd7eafd35d975b15bfc889d49
         dist_sha512   77f635a22c9d28109ebcb755a7cffc7696bd2a0c287cfa0b89bea9ce3d39ff6b2017f25eb3b198b55702cafb37a86b0776107db934455b133bfbce564747f235
             enabled   1
              in_use   1
           inst_dist   configserver
           installed   1
      installed_from   https://download.configserver.com/waf/meta_configserver.yaml
                name   ConfigServer
                path   /etc/apache2/conf.d/modsec_vendor_configs/configserver
    supported_versions   (6)
              update   1
           vendor_id   configserver
          vendor_url   http://configserver.com
     
  4. derek bullard

    derek bullard Registered

    Joined:
    Nov 3, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    canada
    cPanel Access Level:
    Root Administrator
    when I try to update I get the following:

    Code:
    [root@la1 ~]# /scripts/modsec_vendor update configserver
    info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
    warn [modsec_vendor] The system failed to update the vendor from the URL “https://download.configserver.com/waf/meta_configserver.yaml”: (XID jhhjwg) The update for vendor “configserver” is unnecessary because you already have distribution “configserver” installed.
    [root@la1 ~]# /scripts/modsec_vendor update comodo_litespeed
    info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
    warn [modsec_vendor] The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_litespeed.yaml”: (XID xa2b6x) The update for vendor “comodo_litespeed” is unnecessary because you already have distribution “comodo-litespeed-1144” installed.
    
    for some reason we did'nt get that email again though so maybe it was a temporary issue
     
    #4 derek bullard, Nov 7, 2017
    Last edited: Nov 7, 2017
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Can you verify the system was successfully updated to cPanel 68?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. derek bullard

    derek bullard Registered

    Joined:
    Nov 3, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    canada
    cPanel Access Level:
    Root Administrator
    yes the cPanel version is 68.0.9
     
    cPanelMichael likes this.
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I'm glad to see the next cPanel update succeeded. Note that I did attempt to reproduce the issue, but found that it was working properly. The "/usr/local/cpanel/scripts/modsec_vendor update --auto" command completed successfully during the upcp process and when ran manually:

    Code:
    [2017-11-08 09:44:07 -0600]    - Processing command `/usr/local/cpanel/scripts/modsec_vendor update --auto`
    [2017-11-08 09:44:09 -0600]    - Finished command `/usr/local/cpanel/scripts/modsec_vendor update --auto` in 1.349 seconds
    
    Code:
    # /usr/local/cpanel/scripts/modsec_vendor update --auto
    info [modsec_vendor] Updates are in progress for all of the installed ModSecurity vendors with automatic updates enabled.
    info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
    info [modsec_vendor] The vendor “configserver” is already up to date.
    Let us know if you notice this happening again in the future.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice