OWASP V3 error when installing.

TheGrumpyOne

Registered
Mar 9, 2017
2
0
1
United States
cPanel Access Level
Root Administrator
I'm getting this error when attempting to install OWASP V3 using the command line.
Anyone have any ideas?
Thanks!
Code:
[[email protected] ~]# /usr/local/cpanel/scripts/modsec_vendor list

[OWASP3] OWASP ModSecurity Core Rule Set V3.0 (not installed)

 cpanel_provided   1

    description   SpiderLabs OWASP V3 curated ModSecurity rule set

      installed   0

  installed_from   http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml

            name   OWASP ModSecurity Core Rule Set V3.0

      vendor_id   OWASP3

      vendor_url   OWASP ModSecurity CRS - cPanel Knowledge Base - cPanel Documentation


[[email protected] ~]# /usr/local/cpanel/scripts/modsec_vendor add http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml

warn [modsec_vendor] The system could not add the vendor: The configuration name must contain the string “modsec”. at /usr/local/cpanel/Whostmgr/ModSecurity/ModsecCpanelConf.pm line 277.

info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup

warn [modsec_vendor] The system could not uninstall the vendor: The configuration name must contain the string “modsec”. at /usr/local/cpanel/Whostmgr/ModSecurity/ModsecCpanelConf.pm line 277.


warn [modsec_vendor] The system failed to add the vendor from the URL “http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml”: The configuration name must contain the string “modsec”. at /usr/local/cpanel/Whostmgr/ModSecurity/ModsecCpanelConf.pm line 277.
And i get this error when i use WHM to attempt installing.
Code:
Error: The system experienced the following error when it attempted to install the “OWASP ModSecurity Core Rule Set V3.0” vendor: API failure: The configuration name must contain the string “modsec”. at /usr/local/cpanel/Whostmgr/ModSecurity/ModsecCpanelConf.pm line 277.
 
Last edited by a moderator:

fuzzylogic

Well-Known Member
Nov 8, 2014
154
93
78
cPanel Access Level
Root Administrator
That error message is confusing.

The response from...
Code:
/usr/local/cpanel/scripts/modsec_vendor list
indicates that “OWASP ModSecurity Core Rule Set V3.0” is already added but not enabled, so to then use the command...
Code:
/usr/local/cpanel/scripts/modsec_vendor add http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
is not a logical action.

I would try...
Code:
/usr/local/cpanel/scripts/modsec_vendor enable OWASP3
See...
Code:
/usr/local/cpanel/scripts/modsec_vendor help
In WHM are you trying to add it when it is already added?
Try simply enabling it instead.

Looks like confusion originating in the use of the words "not installed" in the command output of the list command.
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,298
1,279
313
Houston
Hi @TheGrumpyOne

That's odd behavior, trying to replicate this I removed my OWASP vendor installation.

1. I received the same results as you (once it was removed) when checking the vendor list:

Code:
/usr/local/cpanel/scripts/modsec_vendor list
[OWASP3] OWASP ModSecurity Core Rule Set V3.0 (not installed)
 cpanel_provided   1
     description   SpiderLabs OWASP V3 curated ModSecurity rule set
       installed   0
  installed_from   http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
            name   OWASP ModSecurity Core Rule Set V3.0
       vendor_id   OWASP3
      vendor_url   https://go.cpanel.net/modsecurityowasp
But when I go to install it I don't run into any issues:

2.
Code:
/usr/local/cpanel/scripts/modsec_vendor add http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
info [modsec_vendor] You have added the vendor “OWASP ModSecurity Core Rule Set V3.0”.

[OWASP3] OWASP ModSecurity Core Rule Set V3.0
     archive_url   http://httpupdate.cpanel.net/modsecurity-rules/OWASP3_1501094486.zip
     description   SpiderLabs OWASP curated ModSecurity rule set
        dist_md5   2697e62531ab49f3907d10049bfc18a0
     dist_sha512   cee19f6abb78e52f7ea51a4cfbc3783fa8e60d88f5ae8b959026eeafff4d0d49f0538daf9302c61df26209f28a1eebc0b0e2ddd02036411ab8dae3c2d464f5ef
    distribution   OWASP3_1501094486
         enabled   1
       inst_dist   OWASP3_1501094486
       installed   1
  installed_from   http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
  meta_yaml_file   /var/cpanel/modsec_vendors/meta_OWASP3.yaml
            name   OWASP ModSecurity Core Rule Set V3.0
            path   /etc/apache2/conf.d/modsec_vendor_configs/OWASP3
    progress_bar
      report_url   https://www.modsecurity.org/rule_issue_report/cPanel/report/new
supported_versions   (2)
       vendor_id   OWASP3
      vendor_url   https://go.cpanel.net/modsecurityowasp

This makes me wonder about your configuration - do you have any customizations in place? What is present in

Code:
 /var/cpanel/modsec_vendors/
as well as
Code:
/etc/apache2/conf.d/modsec
/etc/apache2/conf.d/modsec_vendor_configs