ConfigServer Community Forum

Dear Configserver,

I plan to upgrade my EA3 to EA4, may i know is it current cmc supported EA4?

TQ

One of our clients reported an issue with loading their domain. On checking we could see a mod security rule (ID: id 1234123413 ) has been triggered and which caused the issue. We have then whitelisted the rule in the server, but upon checking we could see that the rule was not whitelisted properly and triggered again.

Logs shown in apache error logs are.

-------------------
ModSecurity:...

After uninstalling, and reinstalling to 2.09, the WHM UI will not load.

We see stuck process

root 160020 0.5 0.0 56884 16860 ? S 11:22 0:00 | \_ /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/whostmgr/docroot/cgi/configserver/cmc.cgi

we straced this process from a few milliseconds after it was created, and it stops in the same place every time

11:22:47.342042 stat( /home/redacted ,...

11.46 adds ModSecurity features to WHM/cPanel which on the face of it seems like a great thing but is it?

Does it conflict with ConfigServer's ModSecurity Control?

Hello,

It seems the plugin after installed by cPanel Server Service, without any of my interference does not display or read the logs, it display this error.

ConfigServer ModSecurity Control - cmc v2.01

Displaying logs from /etc/apache2/logs/modsec_audit/

No entries found in /etc/apache2/logs/modsec_audit.log

root@panel # stat /etc/apache2/logs/modsec_audit.log
File:...

Had to replace a hard drive in my server and kept the old one mounted for reference. Would like to transfer over my previous whitelisted rule id's for each domain that I created on the old drive but cannot seem to find the right files. Anyone point me in the right direction?

Hi,
I am seeing that since cPanel added the Mod_Security tools, the CMC option to set one domain with rules off is no longer working.

Is this an incompatibility?

Also, since cPanel added the Mod_Security option, the files ip.dir and ip.pag
are growing so huge that CMC now is showing the following error:
collections_remove_stale: Failed deleting collection (name ip , key xx.xx.xx.xx ): Internal...

I got the following notifcation logging into one of my cpanel servers this morning.

OWASP rules for ModSecurity™ More Information
The OWASP ModSecurity CRS is a set of rules for use with the ModSecurity Apache module aimed at protecting your web server from malicious traffic. Through the guidance of OWASP, cPanel is now distributing a curated set of these rules. You can install and manage these...

Hello

We have a ton of false positive with rules 340206 under /usr/local/apache/conf/modsec_rules/70_asl_csrf_experimental.conf

So, we have first try to disable rule for user : not work
after, we try to disable rule for user and domain : not work
after, we try to disable rule globally : not work

Best regards

Hello,

we are looking at implementing Mod Ruid w/Mod Security via the WHM Easyapache to address the Symlink Protection Advisory issue. We are currently using CMC which works with the mod audit log. But when using Mod Ruid with Mod Security the location of the mod audit log is changed. According to the documentation:

If you install Mod Ruid2 and Mod Security, the Mod Security log location is:...

Howdy,

I just had to remove mod_security from my Apache build because of an incompatibility with Ruid2.

Is it best to remove cmc also, or am I OK leaving it installed?

I hope to use mod_sec one day when the issue is resolved.

TIA!

Will cmc work when the rulesets are specified in the config file via Include directives as opposed to the actual rules being posted in the config file.

For example, here is my mod_sec config:

SecRequestBodyAccess On
SecDataDir /var/tmp
SecTmpDir /var/tmp
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
Include /usr/local/apache/conf/modsec2/00_asl_whitelist.conf
Include...

I like the tool !!!

The Cpanel Modsecurity plugin shows log entries but the cmc seems to show the log is empty or nearly so

seems that the interfaces are looking in diiferent locations for logs

this may be expected behavior
Im no modsecurity guru

Where can I look to be sure that the log links are looking at the same logs ?

I am used to rules that look like this. Does modsec2.whitelist.conf just follow the same whitelisting as it is pushed into the httpd.conf?

Thanks,
Frank

SecRuleRemoveById 910006 # Google robot activity - Useful in someways but noisy for sites where you want them crawled
SecRuleRemoveById 960015 # Request Missing an Accept Header - Allow for Google Reader

SecRuleRemoveById 960010 #...

I can not remove ConfigServer ModSecurity with the commands:

rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/addon_cmc.cgi
rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/cmcversion.txt
rm -Rfv /usr/local/cpanel/whostmgr/docroot/cgi/cmc/

How do I remove the ConfigServer ModSecurity cmc v1.05 of WHM 11.38.1 (build 15)?

Within the past week ModSec Control on our cPanel server WHM 11.38.0 (build 16) no longer works. When start is attempted we get:

Can't locate JSON/XS.pm in @INC (@INC contains: /usr/local/cpanel /usr/local/lib/perl5/5.8.8/x86_64-linux /usr/local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl/5.8.8/x86_64-linux /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl .) at...

CMC not running on WHM 11.38

I got this errors.

Tried to solve by updating cpanel and cmc installation with no success, someone else having this issue?

Can't locate JSON/XS.pm in @INC (@INC contains: /usr/local/cpanel /usr/local/lib/perl5/5.8.8/i686-linux /usr/local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl/5.8.8/i686-linux /usr/local/lib/perl5/site_perl/5.8.8...

For some reason, the main rule disabled list isn't being applied to new hosting accounts on the server, at least two now. I've had to copy the disable list and add it to the user whitelist. Chirpy had set the server up a week or so ago.

Not sure I know why, I've seen it on a couple other servers also, no problems with some of the sites, but, on a few the disabled rules aren't being disabled for...