The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

problem with mod sec cron job

Discussion in 'General Discussion' started by LAZer, Feb 21, 2011.

  1. LAZer

    LAZer Well-Known Member

    Joined:
    Jan 18, 2010
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    at net :D
    hi , i recently recieve the following error at midnights ( 12 a.m ) , i tried repairing mod sec sql database but it didnt solve the problem , what do you suggest me to do ?

    thanks in advanced
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please check that the password in /etc/cron.hourly/modsecparse.pl matches the MySQL password of the modsec user:

    Code:
    grep dbpassword /etc/cron.hourly/modsecparse.pl
    This will show the current password for the modsec user, then check it matches the existing one in the MySQL database:

    Code:
    mysql
    \u mysql
    select password from user where user='modsec';
    select password('dbpasswordhere');
    Replace dbpasswordhere with the password found when grepping the modsecparse.pl file. If the passwords do not match, reset the password:

    Code:
    mysql
    \u mysql
    UPDATE user SET Password=PASSWORD('dbpasswordhere') WHERE User='modsec';
    Again, replace dbpasswordhere with the password in modsecparse.pl file. At that point, try to re-run the script using this command:

    Code:
    perl -w /etc/cron.hourly/modsecparse.pl
    To see if you receive any further email alerts.
     
  3. LAZer

    LAZer Well-Known Member

    Joined:
    Jan 18, 2010
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    at net :D
    thanks for the detailed answer. i have checked what you ssaid and the passwords were the same.
    also when i entered the last command to run the perl file it returned this :

    Code:
    Use of uninitialized value in pattern match (m//) at /etc/cron.hourly/modsecparse.pl line 114, <$al_fh> line 534.
    Use of uninitialized value in pattern match (m//) at /etc/cron.hourly/modsecparse.pl line 119, <$al_fh> line 534.
    
    .
    and some other similiar error lines...
    i also checked my modsec rule config in whm i didnt have m// in there. the rule is the default rule which is available in whm with a little other codes.

     
    #3 LAZer, Feb 23, 2011
    Last edited: Feb 23, 2011
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Does running the command by itself work?

    Code:
    /etc/cron.hourly/modsecparse.pl 
    Also, do you keep receiving the email or only received it once or a couple of times? If it's only periodically happening, can you try running the following command and provide the output?

    Code:
    mysql -u modsec -p
    At the password prompt, enter the modsec password you'd gotten previously.

    Next, can you please provide the following:

    Code:
    grep -i connection /etc/my.cnf
    Thanks.
     
  5. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Hello TrisTan :

    This is what i get when i run the above commands :-

    [root@fox ~]# /etc/cron.hourly/modsecparse.pl DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/mods
    ecparse.pl line 19
    Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.

    [root@fox ~]# mysql -u modsec -p
    Enter password:
    ERROR 1045 (28000): Access denied for user 'modsec'@'localhost' (using password: YES)

    [root@fox ~]# grep -i connection /etc/my.cnf [root@fox ~]#

    What now ?
     
  6. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Tristan :-

    Further update to the steps mentioned above and their results :-

    =========

    [root@fox ~]# grep dbpassword /etc/cron.hourly/modsecparse.pl
    my $dbpassword = 'dUfahzgqr4XA';
    my $dbh = DBI->connect( "DBI:mysql:$dbname:$dbhost", $dbuser, $dbpassword )

    [root@fox ~]# mysql
    Welcome to the MySQL monitor. Commands end with ; or \g.
    Your MySQL connection id is 4776206
    Server version: 5.0.92-community MySQL Community Edition (GPL)

    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

    mysql> \u mysql
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A

    Database changed
    mysql> select password from user where user='modsec';
    +------------------+
    | password |
    +------------------+
    | 4a58a95f1a96d2f3 |
    +------------------+
    1 row in set (0.00 sec)

    mysql> select password('dUfahzgqr4XA');
    +--------------------------+
    | password('dUfahzgqr4XA') |
    +--------------------------+
    | 3d7dae0379b37ce2 |
    +--------------------------+
    1 row in set (0.00 sec)

    =============

    Does it look good ? or some thing needs to be changed ?
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The passwords do not match, 4a58a95f1a96d2f3 and 3d7dae0379b37ce2 are not the same hash. You need to reset the password to be the current one that's in the /etc/cron.hourly/modsecparse.pl file:

    Code:
    mysql
    \u mysql
    UPDATE user SET Password=PASSWORD('dUfahzgqr4XA') WHERE User='modsec';
    flush privileges;
    \q
     
  8. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Thank you so much Tristan !!

    Done and Dusted ;)
     
Loading...

Share This Page