[BUG] ModSecurity IP persistent storage check

[ic_matty]

The recently introduced check for the ModSecurity IP persistent storage size seems to have a bug.

I began getting alerts that /var/cpanel/secdatadir/ip.pag was 15GB in size, so I dutifully ran /scripts/shrink_modsec_ip_database -x to shrink the file to 37MB.

However I continue to get emails from LFD claiming that the file is over 15GB in size.

The relevant lines of csf.conf are:

Code: Select all

LF_MODSECIPDB_ALERT = "5"
LF_MODSECIPDB_FILE = "/var/cpanel/secdatadir/ip.pag"

As you can see, du reports that the file is much smaller than 15GB

Code: Select all

# du -h /var/cpanel/secdatadir/ip.pag
37M     /var/cpanel/secdatadir/ip.pag

[ForumAdmin]

Did you remember to restart httpd right after running /scripts/shrink_modsec_ip_database, otherwise the old file will still be open. Other than that, there's no reason in the code that this could happen.