Skip to main content

modsec_audit always empty

Comments

3 comments

  • cPRex Jurassic Moderator
    Hey hey! All of the logs files in that area on my personal machine are also root:root so that seems normal to me. Are you using the default OWASP rules on the machine? If so, have there been any customizations to the modsec2.cpanel.conf file on the system? To rule out that possibility you could run the following two commands to reset that file and see if that changes the behavior: cp /etc/apache2/conf.d/modsec/modsec2.cpanel.conf{,.bak-`date +%Y%m%d`} /scripts/restartsrv_httpd
    0
  • jeffschips
    Thank you @cPRex. Following your suggestion I received notices that it had been reset, but also a bunch of printout in bright red letters which seemed to be mod_sec "matched" phrases and blocks. However, that directory in /var/log/modsec_audit is still empty.
    0
  • cPRex Jurassic Moderator
    Interesting - it sounds like this is something best handled in a ticket. Post the number here once you get a chance to get one submitted so I can follow along.
    0

Please sign in to leave a comment.