Skip to main content

ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip"

Comments

7 comments

  • dalem
    are you running mod_ruid 2 on that server
    0
  • WorkinOnIt
    Thanks for the tip - yes, it appears I am - according to EA4 on server2 (I just installed the defaults) ea-apache24-mod_cgi ea-apache24-mod_deflate ea-apache24-mod_expires ea-apache24-mod_hostinglimits ea-apache24-mod_proxy ea-apache24-mod_proxy_fcgi ea-apache24-mod_proxy_http ea-apache24-mod_ruid2 ea-apache24-mod_security2 ea-apache24-mod_ssl ea-apache24-mod_unique_id On server1, I'm running mod_suphp - so I will un-install mod_ruid and switch to suphp on server2 and see how that works out.
    0
  • WorkinOnIt
    I removed mod_ruid and installed suPHP and now mod_sec rules are logging and working correctly as expected.... but I have new issues; 1) Server load is much higher - went from averages of around 0.10 to now at around 1.20. I looked at introducing mod_fastcgi to try to bring down averages, but I now see that fastcgi using EA4 is not yet supported. I know this is something common to suPHP but are there any recommended methods to reduce this? 2) In TOP the username is no longer displayed - instead it simply shows as "nobody" - which is not very helpful in terms of trying to view current connections by host.
    0
  • cPanelMichael
    Hello,
    ) In TOP the username is no longer ed - instead it simply shows as "nobody" - which is not very helpful in terms of trying to view current connections by host.

    The PHP sub-processes should run as the account username with suPHP, however Apache itself will still run as the "nobody" user.
    ) Server load is much higher - went from averages of around 0.10 to now at around 1.20. I looked at introducing mod_fastcgi to try to bring down averages, but I now see that fastcgi using EA4 is not yet supported. I know this is something common to suPHP but are there any recommended methods to reduce this?

    Do you notice any slowness with the websites with the increased load average? In some cases, the increased resource usage with suPHP doesn't necessarily result in any issues with website performance. Note that documentation on ModSecurity rule compatibility with the mod_ruid2 and mod_mpm_itk Apache modules is available at: Apache Module: ModSecurity - EasyApache 4 - cPanel Documentation One option to consider is to disable the individual rules that are incompatible with Mod_Ruid2 to allow for the use of both modules. You may also find the following feature request informative if you plan to use FPM: Enhance FPM support Thank you.
    0
  • WorkinOnIt
    Just to follow up (for me as much as anyone else), I also discovered I needed to change permissions as follows; chown -R nobody.nobody /var/cpanel/secdatadir
    0
  • cPLevey
    Hey @WorkinOnIt Thanks for sharing! I'm glad you were able to get it figured out.
    0
  • PbG
    This did not work on my 2.4 Jailed Apache + mod_ruid install. Instead I disabled every rule that relies on DBM. Mainly REQUEST-10-IP-REPUTATION.conf, REQUEST-12-DOS-PROTECTION.conf & bottom of modsecurity_crs_10_setup.conf. That leaves you with most of 19 out of 21 OWASP rules in play depending on what users need. I would rather have some symlink race protection which is not an option with cP suphp and/or BH patch which restricted legit traffic.
    Just to follow up (for me as much as anyone else), I also discovered I needed to change permissions as follows; chown -R nobody.nobody /var/cpanel/secdatadir

    0

Please sign in to leave a comment.