When using the transfer tool to transfer ModSecurity's OWASP3 ruleset, the following error message is encountered:
warn [transfer_session] The system could not add the vendor: The system could not download the file “https://httpupdate.cpanel.net/fake-URL-to-show-vendor-correctly-with-RPM/with-RPMs-this-field-is-irrelevant/meta_OWASP3.yaml”: curl: (7) Failed connect to httpupdate.cpanel.net:443; No route to host
This issue is related to the meta_OWASP3.yaml file in ea-modsec2-rules-owasp-crs-3.3.0-6.6.1 referencing the incorrect URL due to a typo.
We've opened an internal case for our development team to investigate this further. For reference, the case number is EA-9773. Follow this article to receive an email notification when a solution is published in the product.
You should be able to manually transfer EasyApache's configuration, ModSec's Ruleset included, to the destinations server using the /usr/local/cpanel/bin/cpconftool script.
For general information about this script, you can refer to the following article:
What is the cpconftool script?
Here are the steps to migrate ModSecurity's settings between servers:
1- BackUp EasyApache's configuration on the source server using cpconftool:
/usr/local/cpanel/bin/cpconftool --backup --modules=cpanel::easy::apache
Note: This will create an archive file under /home/. Also, you need to make sure that when running the command the "backup successful" message and a path to the backup file are shown.
2- Use your preferred tool to transfer the above backup file to the destination server. Here rsync is used since it's assumed that we have root access to both the destination and source server:
rsync -e ssh --info=progress2 $SERVER_IP:/home/whm-config-backup-cpanel__easy__apache-1.0.0-1620916318.tar.gz ~/
Note: This command needs to be run from inside the destination server and the $SERVER_IP here should be replaced by the IP of the source server.
3- Then you need to restore the configuration file using the following command:
/usr/local/cpanel/bin/cpconftool --restore=/path/to/file.tar.gz --modules=cpanel::easy::apache
If successful you should be able to see the following message:
/usr/local/cpanel/bin/cpconftool --restore=/home/whm-config-backup-cpanel__easy__apache-1.0.0-1620916318.tar.gz --modules=cpanel::easy::apache
statusmsg: EA4 profile installed.
statusmsg: "Whostmgr::Config::Restore::Easy::Apache: ok"
4- Finally confirm that the OWASP3 ruleset is indeed installed on the destination server with the following API call:
whmapi1 modsec_get_vendors | grep -i vendor_id | uniq -u