mod_sec / OWASP database config location

edigest

• August 09, 2015 10:59

I installed the OWASP engine & rules in CPanel on a server with a remote MySQL server enabled. Mod_sec uses the remote server for its DB. I would like to use the local modsec DB. Can't find where CPanel hides the DB configuration for mod_sec. Where can I configure the db host for mod_sec and will that configuration survive upcp?

• 

  quizknows

  • August 10, 2015 05:41

  I know this doesn't directly answer your question, but if you don't care about seeing hits in WHM (i.e. you can just look at the error_log or audit log) it's probably not a big deal. The ModSecurity module on it's own generally doesn't use a database (like MySQL). The "modsec" MySQL database on cPanel servers simply stores information about triggered rule events, which is just parsed from the Apache logs. It is not technically critical to the operation of ModSecurity itself. I do hope someone at cPanel can answer your actual question though. Looking through /scripts/setup_modsec_db and /usr/local/cpanel/bin/modsecpass I'm not seeing any clues jump out at me.

  0
• 

  edigest

  • August 11, 2015 01:47

  You're quite correct that one of the main drivers for using the local server is to segregate data from different servers. Anybody from CPanel care to weigh in?

  0
• 

  quizknows

  • August 11, 2015 15:30

  Like I said I still hope cPanel weighs in for you, but what I'm saying is each individual server will still have its modsec log info for itself regardless (unless you have a crazy syslog setup or something). Literally the only purpose of the modsec DB is to view the hits in WHM.

  0
• 

  edigest

  • August 11, 2015 18:12

  Like I said I still hope cPanel weighs in for you, but what I'm saying is each individual server will still have its modsec log info for itself regardless (unless you have a crazy syslog setup or something). Literally the only purpose of the modsec DB is to view the hits in WHM.

  
  I'm well aware of that but it is not relevant to why I want to use the local server database. Since this may have gotten lost in off-topic responses, I'll repost in case anybody from CPanel reads this: I would like to configure a specific host before installing OWASP mod_sec in WHM. Where can I find the configuration file?

  0
• 

  cPanelMichael

  • August 24, 2015 17:51

  I would like to configure a specific host before installing OWASP mod_sec in WHM. Where can I find the configuration file?

  
  Hello :) There are no native features that will allow you to enable or disable the use of a remote MySQL server on a per-database basis. I suggest opening a feature request for this via: Submit A Feature Request Thank you.

  0

Please sign in to leave a comment.