Mod Security + Mod_Ruid2 Fix

sonicthoughts

• July 06, 2015 10:08

This has been reported numerous times but still no fix. Bottom line: can modruid2 + modsecurity + geoip coexist? If so, how.

• 

  kiwidood

  • August 13, 2015 01:25

  Hey there, I use CloudLinux (CageFS) + cPanel + Apache 2.4 + mod_ruid2 + Mod Security. I am setting up some simple rules to help with WordPress brute forcing and due to them using the DBM file there are permission issues (as mod_ruid2 changes the user/group, and those files are normally owned by "nobody.") In the various threads I have read/documentation it seems as though one should simply not use DBM rules when using mod_ruid2. However... This is easily fixed by setting the ip.dir, ip.pag, user.dir and user.pag files to permission 777 so that any user can read/write them. Are there any implications that I am not aware of for this "fix"? The cases I can see issues are: These files get overwritten/deleted at some point (though this could be fixed with a cron.) Security implications as anyone can read/write these files, however the web server (nobody user) has always been able to do that anyway I assume. Any information would be appreciated. Cheers!

  0
• 

  quizknows

  • August 13, 2015 05:36

  It honestly shouldn't be that big of a deal to have those collections world writeable. If you're just using them for WP brute rules, they don't really store sensitive data, just some IP addresses, counter names, and expire values. If setting them to world writeable makes them work with RUID2 I'd personally take that over forfeiting the WP brute force rules or other rules that need collections data.

  0
• 

  cPanelMichael

  • August 13, 2015 15:13

  In the various threads I have read/documentation it seems as though one should simply not use DBM rules when using mod_ruid2.

  
  Hello :) Here's one such thread for users who are encountering this issue for the first time:

  0
• 

  kiwidood

  • August 13, 2015 21:08

  Thanks very much for both of your replies, I will go ahead and try out a few of the suggested options in the link provided above.

  0
• 

  GrandAdmiral

  • September 16, 2015 01:48

  I used RUID2 since my early hosting days and added mod_security as soon as it was compatible but was never able to get the brute force rules to work reliably. In theory changing the permissions to 777 should work, in practice (for me anyway) it required constant monitoring to ensure the ownership/permissions remained correct and even then there were still regular issues. One of the best looking solutions I've seen talked about isolating the database per-user using CageFS, this avoids the conflict entirely but I don't know how easy it would be in practice. My advice, if you want a reliable high-performance setup with brute force protection, ditch RUID2 and deploy FCGI. For all the warnings I was able to get it up and running reliably within a few hours, far less time than I spent trying to fix RUID2.

  0

Please sign in to leave a comment.