ModSecurity Vendors Error
Hi,
we are getting an email about an error with modesecurity vendors after automatic update. We are using 2 vendors, COMODO ModSecurity LiteSpeed Rule Set and ConfigServer Rule Set. They are both configured correctly.
Maintenance ended; however, it did not exit cleanly (256).
The 'E' tag is:
thanks for helping. I forgot to mention that the operating system is CloudLinux 7.4
[2017-11-03 01:28:03 -0700] E [/usr/local/cpanel/scripts/modsec_vendor] The "/usr/local/cpanel/scripts/modsec_vendor" command (process 1912) reported error number 255 when it ended.
[2017-11-03 01:28:39 -0700] E Pre Maintenance ended, however it did not exit cleanly (256). Please check the logs for an indication of what happenedthanks for helping. I forgot to mention that the operating system is CloudLinux 7.4
-
Hello, Could you let us know the output when manually running the "/scripts/modsec_vendor" command? Thank you. 0 -
Hi Michael, thanks for your answer. Here's the output when manually running the "/scripts/modsec_vendor" command # /scripts/modsec_vendor usage: /scripts/modsec_vendor ... list - Lists the currently-installed vendors add - Installs a new vendor remove - Removes the vendor with the specified vendor id update - If a vendor_id is provided, this command updates the vendor specified by that id from the same URL that was used to install it. - If a URL is provided, this command updates an existing vendor from the specified URL. The URL need not be the same as the one used to originally install the vendor. - If --auto is specified, updates all installed vendors for which auto-update is enabled using the URLs from which they were originally installed. enable - Enables a vendor disable - Disables a vendor enable-updates - Enables automatic updates for a vendor disable-updates - Disables automatic updates for a vendor enable-configs - Enables all configs for a vendor disable-configs - Disables all configs for a vendor
Doing "/scripts/modsec_vendor list" command instead gives:# /scripts/modsec_vendor list [OWASP3] OWASP ModSecurity Core Rule Set V3.0 (not installed) cpanel_provided 1 description SpiderLabs OWASP V3 curated ModSecurity rule set installed 0 installed_from http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml name OWASP ModSecurity Core Rule Set V3.0 vendor_id OWASP3 vendor_url https://go.cpanel.net/modsecurityowasp [comodo_litespeed] COMODO ModSecurity LiteSpeed Rule Set archive_url https://waf.comodo.com/api/cpanel_litespeed_vendor configs (34) cpanel_provided 0 description COMODO ModSecurity Rules for LiteSpeed dist_md5 d6709c7f775f0394055e717c92635580 dist_sha512 09f926a4edf151b8230c08f5c5847f55b945fb4b05c79e10c4a5328f4144b241575336e73956901f5737c026f6ae79c2eba895a3e55b9a12886398be84169851 enabled 1 in_use 34 inst_dist comodo-litespeed-1143 installed 1 installed_from https://waf.comodo.com/doc/meta_comodo_litespeed.yaml name COMODO ModSecurity LiteSpeed Rule Set path /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed report_url https://waf.comodo.com/api/cpanel_feedback?source=1&rule_set=1.143 supported_versions (6) update 1 vendor_id comodo_litespeed vendor_url https://waf.comodo.com [configserver] ConfigServer archive_url https://download.configserver.com/waf/configserver.zip configs (1) cpanel_provided 0 description ConfigServer cXs ModSecurity rule dist_md5 3a917adcd7eafd35d975b15bfc889d49 dist_sha512 77f635a22c9d28109ebcb755a7cffc7696bd2a0c287cfa0b89bea9ce3d39ff6b2017f25eb3b198b55702cafb37a86b0776107db934455b133bfbce564747f235 enabled 1 in_use 1 inst_dist configserver installed 1 installed_from https://download.configserver.com/waf/meta_configserver.yaml name ConfigServer path /etc/apache2/conf.d/modsec_vendor_configs/configserver supported_versions (6) update 1 vendor_id configserver vendor_url http://configserver.com0 -
when I try to update I get the following: [root@la1 ~]# /scripts/modsec_vendor update configserver info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup warn [modsec_vendor] The system failed to update the vendor from the URL "https://download.configserver.com/waf/meta_configserver.yaml": (XID jhhjwg) The update for vendor "configserver" is unnecessary because you already have distribution "configserver" installed. [root@la1 ~]# /scripts/modsec_vendor update comodo_litespeed info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup warn [modsec_vendor] The system failed to update the vendor from the URL "https://waf.comodo.com/doc/meta_comodo_litespeed.yaml": (XID xa2b6x) The update for vendor "comodo_litespeed" is unnecessary because you already have distribution "comodo-litespeed-1144" installed.
for some reason we did'nt get that email again though so maybe it was a temporary issue0 -
for some reason we did'nt get that email again though so maybe it was a temporary issue
Hello, Can you verify the system was successfully updated to cPanel 68? Thank you.0 -
yes the cPanel version is 68.0.9 0 -
Hello, I'm glad to see the next cPanel update succeeded. Note that I did attempt to reproduce the issue, but found that it was working properly. The "/usr/local/cpanel/scripts/modsec_vendor update --auto" command completed successfully during the upcp process and when ran manually: [2017-11-08 09:44:07 -0600] - Processing command `/usr/local/cpanel/scripts/modsec_vendor update --auto` [2017-11-08 09:44:09 -0600] - Finished command `/usr/local/cpanel/scripts/modsec_vendor update --auto` in 1.349 seconds
# /usr/local/cpanel/scripts/modsec_vendor update --auto info [modsec_vendor] Updates are in progress for all of the installed ModSecurity vendors with automatic updates enabled. info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup info [modsec_vendor] The vendor "configserver" is already up to date.
Let us know if you notice this happening again in the future. Thank you.0
Please sign in to leave a comment.
Comments
6 comments