Mod_Security DBM Question in 2018
I'm forced to create a new thread because this forum disallows replying to threads after 1 year (what a strange rule!).
This problem still exists after many years:
my.ultrawebhosting.com/knowledgebase/359/ModSecurity-collectionstore-Failed-to-access-DBM-file-orvarorcpanelorsecdatadirorip-Permission-denied-.html
serverfault.com/questions/687159/apache-with-modsec-collections-remove-stale-failed-to-access-dbm-file
I found a possible fix:
prakash-khadka.com.np/failed-access-dbm-file-varcpanelsecdatadirip-permission-denied/
I tried applying the change to /etc/apache2/conf.d/modsec/modsec2.user.conf
but apparently that file cannot override directives in /etc/apache2/conf.d/modsec/modsec2.cpanel.conf
I applied the change directly to modsec2.cpanel.conf and mercy be, the messages have stopped!! Too bad they'll start again when cPanel rewrites this file. :( I weep for the future of my SSD drive as thousands of these messages are logged.
-
Hello, This problem is gone, I think I found a solution like this way 1- Edit modsec/modsec2.cpanel.conf and put SecDataDir "/var/log/secdatadir" than save and exit 2- Make this step with SSH root access cp -R /var/cpanel/secdatadir /var/log/ chmod 1733 /var/log/secdatadir chown -R nobody:nobody /var/log/secdatadir chmod ugo+rw /var/log/secdatadir/ip.* chmod ugo+rw /var/log/secdatadir/user.* chmod ugo+rw /var/log/secdatadir/global.* And restart https deamon. Finaly my "ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied" problem is gone I hope other users happy for this solutions :) 0 -
Hello, I believe the workaround you are looking for is discussed on the following thread: You should be able to simply define the custom path for the "SecGeoLookupDb" directive via the following option: "WHM Home " Security Center " ModSecurity" Configuration " Configure Global Directives" Let us know if that helps. Thank you. 0 -
Hello, This problem is gone, I think I found a solution like this way 1- Edit modsec/modsec2.cpanel.conf and put SecDataDir "/var/log/secdatadir" than save and exit 2- Make this step with SSH root access cp -R /var/cpanel/secdatadir /var/log/ chmod 1733 /var/log/secdatadir chown -R nobody:nobody /var/log/secdatadir chmod ugo+rw /var/log/secdatadir/ip.* chmod ugo+rw /var/log/secdatadir/user.* chmod ugo+rw /var/log/secdatadir/global.* And restart https deamon. Finaly my "ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied" problem is gone I hope other users happy for this solutions :)
I read on a post that this solution is temporarily, as Cpanel when it runs cpup it will overwrite this change!0 -
Hello, I believe the workaround you are looking for is discussed on the following thread:
This workaround didn't work on my server, still have the same errors on logs, what worked only is chmod 777 the whole secdatadir directory and not only ip.* files! I read before at Cpanel forums that this issue should be solved when mod security version 3 is available, and as I checked online recently it's finally available, when Cpanel will use it instead of version 2.9 which is currently used by Cpanel?0 -
I read before at Cpanel forums that this issue should be solved when mod security version 3 is available, and as I checked online recently it's finally available, when Cpanel will use it instead of version 2.9 which is currently used by Cpanel?
Hello, There's currently no time frame on it's inclusion with cPanel & WHM, but I encourage you to vote and add feedback to the existing feature request at:0 -
For some reason I can't get this to work. I did the following: 1. created /var/log/secdatadir and its files and set permissions and ownership 2. set SecGeoLookupDb to /var/log/secdatadir in WHM 3. restarted the web server 4. confirmed that SecGeoLookupDb "/var/log/secdatadir" is now in /etc/apache2/conf.d/modsec/modsec2.cpanel.conf and I still get this in the /usr/local/apache/error_log: ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip" It looks as if the SecGeoLookupDb setting in modsec2.cpanel.conf is not being recognized. Where did I go wrong? Hello, I believe the workaround you are looking for is discussed on the following thread:
0 -
ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip"
Hello @rclemings, Can you confirm if your system is using either Mod_Ruid2 or MPM-ITK? Additionally, do you notice any further output in the Apache error log or the ModSecurity audit log at the time of the error? Thank you.0 -
Yes on mod_ruid2, no on mod_mpm_itk. The only thing I see in the Apache error log is what's noted above. Here's a sanitized example of the full line: [Thu Jun 21 18:48:31.576606 2018] [:error] [pid 17159] [client xxx.xxx.xxx.xx:xxxxx] [client xxx.xxx.xxx.xx] ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied [hostname "xxx.xxx.xxx"> [uri "/xxx/xxx/xxx/xxx/xxx.xxx"> [unique_id "Wyvy-znpE5EZ5QYb1vniJAAAAAM">, referer: - Removed -'
... and for the corresponding request from the modsec audit log:xxx.xxx.xxx xxx.xxx.xxx.xx - - [21/Jun/2018:18:48:31 +0000] "GET /xxx/xxx/xxx/xxx/xxx.xxx?itok=odo8ZqNm HTTP/1.1" 200 3863 "-" "-" Wyvy-znpE5EZ5QYb1vniJAAAAAM "-" /xxxxxxxx/20180621/20180621-1848/20180621-184831-Wyvy-znpE5EZ5QYb1vniJAAAAAM 0 2300 md5:b74040396f83579e10ef2b633ac0c62e
I don't understand why it's hitting /var/cpanel/secdatadir/ip in the first place, since I set SecGeoLookupDb to /var/log/secdatadir. I don't think I missed a step (famous last words) ...0 -
Hello @rclemings, The workaround you used is only applicable to the Geolocation Database (SecGeoLookupDb) option. The SecDataDir configuration value still uses the /var/cpanel/secdatadir by default. You can try updating that value directly in the /etc/apache2/conf.d/modsec/modsec2.cpanel.conf file (and then restart Apache), but keep in mind these are user-submitted workarounds that are unsupported and not recommended. Thank you. 0 -
OK. That would have to be redone after every update then, right? 0 -
Hello @rclemings, Upon testing, the modified value in the /etc/apache2/conf.d/modsec/modsec2.cpanel.conf file was not altered upon updating cPanel and downgrading/upgrading the ea-apache24-mod_security2 RPM. Thank you. 0 -
great news ... thanks 0 -
Spoke too soon ... ## ## ModSecurity fixed global configuration directives ## SecDataDir "/var/log/secdatadir" was reverted to ## ## ModSecurity fixed global configuration directives ## SecDataDir "/var/cpanel/secdatadir" in today's update from 70.0.48 to 70.0.51. 0 -
Hello, It does appear that value can be modified. You could setup a script that replaces that line in the /etc/apache2/conf.d/modsec/modsec2.cpanel.conf file and then add a hook that runs in the upcp post stage: There's an example of how to do this on the following post (it's for Roundcube, but the same concept applies): Thank you. 0 -
Hello @Benjamin D., It looks like the previous feature request for ModSecurity version 3 was lost as part of the incident noted on the following link: Feature Request Site Downtime I've submitted a request to open the feature request again. Once it's approved, the new feature request URL will be: 0
Please sign in to leave a comment.
Comments
16 comments