Failed to access DBM file Permission denied
CentOS 7.5 WHM 72.0 Apache 2.4 suphp (7.1)
Logs are filling with this, following a server migration. Logs never showed that on the older server, same configuration (at least what I think it is, but obviously SOMETHING is different now) :
ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/global": Permission denied
No, I do not use mod_ruid2
-
Hi, Can you share with the output of the below command: # ls -ld /var/cpanel/secdatadir/global 0 -
No, because: ls: cannot access /var/cpanel/secdatadir/global: No such file or directory 0 -
Hi @Benjamin D. Does /var/cpanel/secdatadir/ exist? If so can you give me the output of the following: ls -lah /var/cpanel/secdatadir/
Thanks!0 -
[root@secure ~]# ls -lah /var/cpanel/secdatadir/ total 16K drwxrwx--T 2 root nobody 4.0K Jul 30 12:00 . drwx--x--x 106 root root 12K Jul 30 12:42 .. -rw-r----- 1 root root 0 Jul 23 21:34 global.dir -rw-r----- 1 root root 0 Jul 23 21:34 global.pag -rwxr-xr-x 1 nobody nobody 0 Jul 30 12:00 ip.dir -rwxr-xr-x 1 nobody nobody 0 Jul 30 12:00 ip.pag 0 -
Hi @Benjamin D. Can you please change the ownership of the global.dir and the global.pag files to nobody UID/GID: chown nobody:nobody global.pag chown nobody:nobody global.dir
and let me know if that resolves the issue.0 -
FINALLY. Thank god, this will give a break to the hard drives... now please cPanel, can anybody add these 2 aforementioned commands to the WHM installation process? THANK GOD (and/or @cPanelLauren !) this is resolved ;-) Please mark as resolved. Why so fast? Because the second I chown'ed the previously mentioned files, hundreds of these lines a second stopped filling up the log :P 0 -
Hi @Benjamin D. I'm pretty sure I haven't laughed that hard in a while, I'm glad that resolved the issue. I need to do some more testing but I found a ticket internally where this occurred as well. That shouldn't be happening. For my information can you tell me the MPM you're using, how long ago this server was provisioned as well (i know it's the new server but was it live before you migrated your sites to it?), can you also tell me what version of the OWASP ruleset you're using, as well as any alternates/custom rulesets that may be provisioned? Thanks! 0 -
The server's hard drives were partitioned, formated and its OS (CentOS 7.5) was installed on wednesday the 25th (5 days ago). No sites were running on this server before cPanel was installed. Sites were running on the older server for years. Installing cPanel was the very first thing I did immediately after booting successfully in CentOS 7.5 for the first time following the hard drive partitionning and OS installation. Sites were all transferred using the "Transfer Tool" from server-A to server-B both on WHM 72.0 and this transfer process generated a bunch of issues that I still get to slowly fix, many of these were reported as forum posts on here by me over the last 5 days. Some still unresolved SO FEEL FREE TO CHECK THEM OUT! ;-) ;-) MPM = Apache 2.4 is that what you wanted? Please explain further if this is not what you're after. OWASP = OWASP ModSecurity Core Rule Set V3.0 / 100% vanilla/default rules set (no additional rule, no custom rule) except that I had to disable 4 rules that are really annoying, almost totally useless and interfering A LOT with my sites, basically generating 100% false positives and blanking out multiple pages of my sites. Something as silly as a script containing $_GET['user'>. Rules like these are way too vague/abstract. They restrict a lot and don't block many attacks. It's not like the browser tried to mess with a SESSION var or a COOKIE. It's just a GET parameter... and one that the PHP programmer legitimately wants to use. /end of ranting 0 -
Hey there. Same problem here, and the same solution was applied and all is ok now. The server was installed past weekend and it started showing the same behaviour, so please accelerate the internal ticket so this issue can be addressed asap. - Apache MPM: worker - modsec rules: all the natively built-in rules activated Hope it helps. All the best 0 -
Hi @Kent Brockman Out of curiosity are you running mod_ruid2 on your server? ruid2 and secdatadir collections are incompatible and may explain why this is occurring in both instances noted here. Thanks! 0 -
Out of curiosity are you running mod_ruid2 on your server? ruid2 and secdatadir collections are incompatible and may explain why this is occurring in both instances noted here.
Hi! Nope. I never use that. In case you want a sneak peek, these are the active modules in that EA4:Apache 2.4 config config-runtime mod_bwlimited mod_cgid mod_deflate mod_expires mod_headers mod_http2 mod_mpm_worker mod_proxy mod_proxy_fcgi mod_proxy_http mod_proxy_wstunnel mod_security2 mod_security2-mlogc mod_ssl mod_suexec mod_unique_id tools PHP 7.2 libc-client pear php-bcmath php-bz2 php-calendar php-cli php-common php-curl php-devel php-fileinfo php-fpm php-ftp php-gd php-gettext php-imap php-ldap php-litespeed php-mbstring php-mysqlnd php-opcache php-pdo php-posix php-soap php-sockets php-xml php-xmlrpc php-zip runtime Others apr apr-devel apr-util apr-util-devel brotli cpanel-tools documentroot libcurl libmcrypt libnghttp2 libxml2 modsec-sdbm-util nghttp2 openssl php-cli php-cli-lsphp profiles-cpanel
Let me know if you see something odd or possibly incompatible.0 -
Hi @Kent Brockman Thanks for that, the only instances where I've seen this occur (and researching in tickets as well) is when a custom or 3rd party installation of mod_security is added and mod_ruid2 issues. In this case based on what you provided I believe the issue is related to an added module of mod_security: mod_security2-mlogc
This should be fine now though and no further cause for concern.0 -
So, it could be safe to uninstall mod_security2-mlogc? that could be recommended? 0 -
Hi @Kent Brockman It's an addition and not something necessary - you can remove it - this specific item is an audit log collector. I don't believe removing it will resolve the issue you had initially though. 0 -
Ok, I'm uninstalling that component everywhere. And, as per the original issue, you said there is already an internal ticket to address it, right? Any idea of target release in which this could be solved? cPanel 76-78? 0 -
Hi @Kent Brockman Because this is an issue with incompatibility with certain configurations there's no internal case to resolve it. I looked through our internal ticket system to find related issues. All of them had ruid2 or some other customization added. As I said before though, removing the module isn't going to fix the issue, the only fix for the issue is to correct the ownership. Once it's fixed it should not occur again. For others potentially in this situation: In the case of ruid2 being the issue secdatadir collections are not compatible with ruid2. 0 -
Ok. The only thing I need clarification for, is: if correcting the ownership of those files will fix the issue, why wouldn't such a correction be implemented as a fix in future releases. 0 -
Ok. The only thing I need clarification for, is: if correcting the ownership of those files will fix the issue, why wouldn't such a correction be implemented as a fix in future releases.
Hi @Benjamin D. Can you please change the ownership of the global.dir and the global.pag files to nobody UID/GID:
chown nobody:nobody global.pag chown nobody:nobody global.dir
and let me know if that resolves the issue.
I am having this same problems: ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/default_SESSION": Permission denied ls -lah /var/cpanel/secdatadir/ drwxrwx--T. 2 root nobody 4096 Dec 26 18:09 . drwx--x--x. 103 root root 12288 Dec 26 19:39 .. -rw-r-----. 1 nobody nobody 4096 Oct 29 19:29 default_SESSION.dir -rw-r-----. 1 nobody nobody 60416 Dec 5 06:41 default_SESSION.pag -rw-r-----. 1 nobody nobody 0 May 25 2018 global.dir -rw-r-----. 1 nobody nobody 0 May 25 2018 global.pag -rw-r-----. 1 nobody nobody 4096 Dec 26 19:20 ip.dir -rw-r-----. 1 nobody nobody 3072 Dec 26 19:35 ip.pag Applying fix suggested here: - Removed - by changing permissions as: chmod 777 /var/cpanel/secdatadir/ip* and restarting httpd doesn't work. Still getting same errors. If if turn off mod_ruid2 in easy apache4 all my websites break and no access. So I have to have mod_ruid2 on at least until this is resolved. Any advice?0 -
Hello @jeffschips This is an incompatibility issue with ruid2 and secdatadir collections or customizations to the mod_sec implementation. Ultimately if you're using ruid2 and can't switch away from it I would suggest disabling the mod_sec customizations or secdatadir collections 0 -
Hello @jeffschips This is an incompatibility issue with ruid2 and secdatadir collections or customizations to the mod_sec implementation. Ultimately if you're using ruid2 and can't switch away from it I would suggest disabling the mod_sec customizations or secdatadir collections
Thank you for that. Can you advise me what are the steps for disabling mod_sec customizations or secdatadir collections? Those options - or features - are not readily apparent when in the cpanel mod_sec interface.0 -
Hi @jeffschips These posts may be helpful for secdatadir collections: As far as customizations those wouldn't be configurable through the UI in any form, the best advice I am able to provide for customized implementations would be to remove them if you continue to experience an issue. 0 -
Hi @jeffschips These posts may be helpful for secdatadir collections: As far as customizations those wouldn't be configurable through the UI in any form, the best advice I am able to provide for customized implementations would be to remove them if you continue to experience an issue.
Got it. But if I don't know exactly what "customization" means, I can't remove something that I don't know what it actually is. Are your suggestions to ". . . disabling the mod_sec customizations or secdatadir collections. . . " theoretical without and actual method to implement this solution? I don't remember activating anything that would resemble these things, although, without knowing exactly what those words mean I can't tell. In which case it is unlikely that I have turned on customizations or secdatadir collections so then the suggestion to disable something that is not on as a solution wouldn't work, correct? Can you tell me what exactly those features are "customizations" and "secdata collections" or are?0 -
Got it. But if I don't know exactly what "customization" means, I can't remove something that I don't know what it actually is.
I can't tell you exactly what customizations you have installed, my assumption would be that you would know what customizations you'd have installed in the event you installed them as it would have had to be done manually. for secdatadir collection information, I provided you links to threads where others have had the same issue were you able to read those? If you're having difficulty or feel uncomfortable making the changes to modsecurity please feel free to open a ticket using the link in my signature. Thanks!0 -
We seem to be going in circles: I simply want to know what the messages mean. Before taking corrective action and fiddling with files and changing permissions as per the helpful suggestion you provided (many thanks), or opening a ticket to solve this, I'm still trying to ascertain the purpose of the messages. Here is one of thousands filling up my logs: [root@blablabla apache2]# tail -f error_log | grep default_SESSION [Fri Dec 28 11:34:17.702032 2018] [:error] [pid 13639] [client x.x.x.x:40598] [client x.x.x.x] ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/default_SESSION": Permission denied [hostname "blablabla.com"> [uri "/images/sxxxx.jpeg"> [unique_id "XCZQiQO1Vdbgdan3pzANbAAAAAo">, referer: 0
Please sign in to leave a comment.
Comments
24 comments