cxs ModSecurity Scanning (disabled)

Federico Barcelo

• July 27, 2017 15:45

Hi People. I was looking on my cPanel server, and I found that the modsec scanning was disabled, when I tried to enable the server, I received that message, but the service is not changing to enabled.... Any idea what is happening? Regards Federico. [Removed - Included Real Domain Names]

• 

  Federico Barcelo

  • July 28, 2017 14:08

  
  [2017-07-28 15:06:53 +0100] warn [modsec_vendor] The system failed to add the vendor from the URL "https://download.configserver.com/waf/meta_configserver.yaml": You have already installed that vendor. at /scripts/modsec_vendor line 95. scripts::modsec_vendor::add("https://download.configserver.com/waf/meta_configserver.yaml") called at /scripts/modsec_vendor line 39 scripts::modsec_vendor::run("add", "https://download.configserver.com/waf/meta_configserver.yaml") called at /scripts/modsec_vendor line 24 [2017-07-28 15:07:00 +0100] info [modsec_vendor] You have enabled the vendor "configserver". Waiting for "httpd" to restart gracefully "AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/conf/httpd.conf:21411 waiting for "httpd" to initialize "finished. Service Status httpd (/usr/sbin/httpd -k start) is running as root with PID 23664 (systemd check method). httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31490 (systemd check method). httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31530 (systemd check method). httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31566 (systemd check method). httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31598 (systemd check method). httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31652 (systemd check method). httpd (/usr/sbin/httpd -k start) is running as nobody with PID 31744 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as iaadmin with PID 52127 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as wildgoose with PID 52140 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as wildgoose with PID 52165 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as muladmin with PID 52167 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as tourhnadmin with PID 52168 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as wildgoose with PID 52172 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as downcottage with PID 52202 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as diadmin with PID 52213 (systemd check method). httpd (/opt/cpanel/ea-php56/root/usr/bin/php-cgi) is running as tourhnadmin with PID 52216 (systemd check method). Startup Log Jul 27 19:43:02 en2.supercali.net systemd[1]: Starting Apache web server managed by cPanel EasyApache... Jul 27 19:43:03 en2.supercali.net restartsrv_httpd[23622]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/conf/httpd.conf:21567 Jul 27 19:43:03 en2.supercali.net systemd[1]: PID file /run/apache2/httpd.pid not readable (yet?) after start. Jul 27 19:43:04 en2.supercali.net systemd[1]: Started Apache web server managed by cPanel EasyApache. httpd restarted successfully.
  

  0
• 

  cPanelMichael

  • July 28, 2017 15:46

  [2017-07-28 15:06:53 +0100] warn [modsec_vendor] The system failed to add the vendor from the URL ": You have already installed that vendor. at /scripts/modsec_vendor line 95.

  
  Hello, I was able to successfully add that third-party ModSec vendor using the instructions on their website: cPanel ModSecurity Vendor for cxs | ConfigServer Services Blog Are you sure that vendor is not already enabled? Also, could you let us know the specific steps you are taking to reproduce that error message? Thanks!

  0

Please sign in to leave a comment.