[CPANEL-19869] Apache mod_evasive permissions
Hi,
I have enabled mod_evasive in EasyApache 4 and Apache 2.4 and etc. But when I try to restart Apache via command line it throws a lot of permission's denied errors messages like:
[root@server apache2]# /scripts/restartsrv_apache
...
Sep 24 12:09:04 server.tld mod_evasive[7963]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-xxx.xxx.xxx.xxx: Permission denied
...
[root@server apache2]#
So I went to specific folder and it appear to have the correct permissions or I'm wrong?
[root@server apache2]# pwd
/var/log/apache2
[root@server apache2]# ls -la
...
drwxrwx---. 2 root nobody 6 Sep 24 12:06 mod_evasive
...
[root@server apache2]#
-
When you originally installed it, did the installation complete properly? 0 -
When you originally installed it, did the installation complete properly?
No apparent errors was show. mod_evasive is working too. I changed some times in EasyAPache 4 with mod_evasive and without mod_evasive and all works normally. The problem is only with permissions on log's folder of mod_evasive I think. Do you think I need one support ticket or can I change the permissions of this folder to solve the problem? If I need to change permission, I need know what group and user and permission code to change it by myself0 -
Yes, please feel free to open a ticket to cPanel Technical Support about this. Thanks! 0 -
Here the total output of /scripts/restartsrv_apache [root@server apache2]# /scripts/restartsrv_apache Waiting for "httpd" to restart gracefully "waiting for "httpd" to initialize "finished. Service Status httpd (/usr/sbin/httpd -k start) is running as nobody with PID 9751 (systemd+/proc check method). httpd (/usr/sbin/httpd -k start) is running as nobody with PID 10332 (systemd+/proc check method). httpd (/usr/sbin/httpd -k start) is running as root with PID 20684 (systemd+/proc check method). httpd (/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.tld --suffix=-bytes_log) is running as root with PID 28436 (systemd+/proc check method). httpd (/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=server.tld --mainout=/etc/apache2/logs/access_log) is running as root with PID 28437 (systemd+/proc check method). Startup Log Sep 24 14:49:55 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied Sep 24 14:49:55 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied Sep 24 14:49:56 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied Sep 24 14:49:56 server.tld mod_evasive[22407]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-191.19.109.204: Permission denied Sep 24 15:02:56 server.tld mod_evasive[26733]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied Sep 24 15:02:56 server.tld mod_evasive[26733]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied Sep 24 15:02:56 server.tld mod_evasive[26984]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied Sep 24 17:33:42 server.tld mod_evasive[7823]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied Sep 24 17:33:42 server.tld mod_evasive[8437]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied Sep 24 17:33:42 server.tld mod_evasive[7823]: Couldn't open logfile /var/log/apache2/mod_evasive/dos-179.215.79.188: Permission denied Log Messages [Mon Sep 24 16:51:18.404731 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:43:32.976593 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:41:20.832258 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:36:18.426412 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:34:44.291316 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:34:33.236847 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:29:04.410000 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:28:53.523135 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:16:14.084655 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:07:33.999276 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:07:23.102997 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 16:07:02.730260 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 14:43:44.297225 2018] [mpm_prefork:notice] [pid 20684] AH00163: Apache/2.4.34 (cPanel) OpenSSL/1.0.2p mod_bwlimited/1.4 configured -- resuming normal operations [Mon Sep 24 14:43:43.849362 2018] [:notice] [pid 20681] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured. httpd restarted successfully. [root@server apache2]#0 -
Yes, please feel free to open a ticket to cPanel Technical Support about this. Thanks!
Ok thanks, I opened this ticket: 103649810 -
Hi @Ot"vio Serra I checked in on this ticket and it appears the analyst found that the issue is related to mod_ruid2 and there is currently an open case on this behavior: CPANEL-19869 Updates to this case will be added to our changelogs when they're available. You can check them here: Change Logs - Change Logs - cPanel Documentation Thanks! 0 -
Hello @Nurs1927 This issue is not resolved but will be added to our ChangeLogs when it is as indicated previously. Furthermore, we'll update this thread when it is resolved as of right now the case is not fixed and is still being monitored. Right now the only workaround available is to change the permissions of /var/log/apache2/mod_evasive to 1777 or stop using the two in conjunction. Thanks! 0 -
Is there any insight when this can be solved? This is an issue since end september 2018 so (in a couple of days) already 7 months ago. The funny thing is that a couple of logs did get written. But when looking at the httpd status we got the permission denied. So at this moment we're using the temp workaround too, but it would be nice if this could really be fixed. 0 -
Hello @rhm.geerts As of right now, the case is assigned to a team, the team has it on their backlog but it is not fixed and I do not have an ETA on when it will be resolved. 0 -
So" is it is solved? Or is there a solution available? Same problem here. 0 -
Hello, Unfortunately this case was marked as "Won't Fix" due to security concerns with having to modify permissions. The issue being the resolution for this when using mod_ruid2 is to modify the permissions of /var/log/apache2/mod_evasive
to 17770
Please sign in to leave a comment.
Comments
14 comments