Symptoms
When checking the status of httpd service you will see the following error:
systemctl status httpd -l
● httpd.service - Apache web server managed by cPanel EasyApache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2021-03-19 06:35:20 CDT; 12s ago
Process: 7716 ExecStop=/usr/local/cpanel/scripts/restartsrv_httpd stop --no-verbose (code=exited, status=0/SUCCESS)
Process: 7723 ExecStart=/usr/local/cpanel/scripts/restartsrv_httpd --no-verbose (code=exited, status=1/FAILURE)
Main PID: 32363 (code=exited, status=0/SUCCESS)
Mar 19 06:35:19 server.test-001.net systemd[1]: Stopped Apache web server managed by cPanel EasyApache.
Mar 19 06:35:19 server.test-001.net systemd[1]: Starting Apache web server managed by cPanel EasyApache...
Mar 19 06:35:20 server.test-001.net restartsrv_httpd[7723]: AH00526: Syntax error on line 41 of /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf:
Mar 19 06:35:20 server.test-001.net restartsrv_httpd[7723]: Error creating rule: Could not open phrase file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/userdata_dirb_URLs.data": No such file or directory
Mar 19 06:35:20 server.test-001.net systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 19 06:35:20 server.test-001.net systemd[1]: Failed to start Apache web server managed by cPanel EasyApache.
Mar 19 06:35:20 server.test-001.net systemd[1]: Unit httpd.service entered failed state.
Mar 19 06:35:20 server.test-001.net systemd[1]: httpd.service failed.
The same information can be seen when rebuilding Apache's configuration:
/scripts/rebuildhttpdconf
Initial configuration generation failed with the following message:
The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.6ebe700b.cfgcheck -C Include "/etc/apache2/conf.modules.d/*.conf"” command (process 28745) reported error number 1 when it ended.
Configuration problem detected on line 40 of file /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf: Error creating rule: Could not open phrase file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/userdata_dirb_URLs.data": No such file or directory
--- /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf ---
Descriptions
This usually suggests that a file associated with Imunify360 ModSecurity Rules For Apache is missing. The name of the file and the type of the ruleset usually are reported in the error. For instance, in the error above the missing file is userdata_dirb_URLs.data, and also the Imunify360 ModSecurity Rulest is the full version and not the minimal version:
/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/userdata_dirb_URLs.data
Workaround
You should be able to get around this error by reinstalling the problematic ruleset. Here is how it's done:
1 - Find the vendor and the vendor ID of the ModSecurity ruleset package that the missing file belongs to:
whmapi1 modsec_get_vendors | grep -i vendor_id | uniq -u
vendor_id: OWASP3
vendor_id: imunify360-minimal-apache
vendor_id: imunify360-full-apache
Based on the error above this is the ruleset that we are looking for.
2 - Remove the ruleset entirely:
whmapi1 modsec_remove_vendor vendor_id=imunify360-full-apache
---
data: {}
metadata:
command: modsec_remove_vendor
reason: OK
result: 1
version: 1
3 - Reinstall the missing ruleset with the following command:
whmapi1 modsec_add_vendor url=https://files.imunify360.com/static/modsec/v2/meta_imunify360-full-apache.yaml
---
data:
archive_url: https://files.imunify360.com/static/modsec/v2/imunify360-full-apache.zip
cpanel_provided: 0
description: Imunify360 ModSecurity Rules For Apache
dist_md5: 24379ff57a11d8507bab0e2658dc7604
dist_sha512: 9519a81f7933a3efe9c39fd17e8fe9a2c29896a3ad445a27badfc9b4811dc98ae9d1b81752c940635ab8a5af3d115c4bf3663f9225948f08b8068ae23e9db315
enabled: 1
inst_dist: imunify360-full-apache-3.72-stable
installed: 1
installed_from: https://files.imunify360.com/static/modsec/v2/meta_imunify360-full-apache.yaml
name: Imunify360 Apache Rule Set
path: /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache
supported_versions:
- 2.7.5
- 2.7.7
- 2.8.0
- 2.9.0
- 2.9.1
- 2.9.2
- 2.9.3
- 3.0.4
vendor_id: imunify360-full-apache
vendor_url: https://docs.imunify360.com/
metadata:
command: modsec_add_vendor
reason: OK
result: 1
version: 1
Note: These are the URLs for the YAML files for both versions of Imunify360 ModSecurity Rules For Apache (Full and minimal), so in the above command you need to replace the URL with whatever version you wish to install.
https://files.imunify360.com/static/modsec/v2/meta_imunify360-full-apache.yaml
https://files.imunify360.com/static/modsec/v2/meta_imunify360-minimal-apache.yaml
4 - Enable the newly installed ruleset:
whmapi1 modsec_enable_vendor vendor_id=imunify360-full-apache
---
data: {}
metadata:
command: modsec_enable_vendor
reason: OK
result: 1
version: 1
5 - Rebuilt Apache configuration files:
/scripts/rebuildhttpdconf
Built /etc/apache2/conf/httpd.conf OK
6 - And finally restart Apache with the following command:
systemctl restart httpd
/scripts/restartsrv_httpd --status
httpd (/usr/sbin/httpd -k start) is running as root with PID 32363 (systemd+/proc check method).
Comments
0 comments
Article is closed for comments.