ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

[BUG] ModSecurity IP persistent storage check

https://mail.forum.configserver.com/viewtopic.php?t=10514

Page 1 of 1

[BUG] ModSecurity IP persistent storage check

Posted: 18 Oct 2017, 00:53
by ic_matty
The recently introduced check for the ModSecurity IP persistent storage size seems to have a bug.

I began getting alerts that /var/cpanel/secdatadir/ip.pag was 15GB in size, so I dutifully ran /scripts/shrink_modsec_ip_database -x to shrink the file to 37MB.

However I continue to get emails from LFD claiming that the file is over 15GB in size.

The relevant lines of csf.conf are:

Code: Select all

LF_MODSECIPDB_ALERT = "5"
LF_MODSECIPDB_FILE = "/var/cpanel/secdatadir/ip.pag"

As you can see, du reports that the file is much smaller than 15GB

Code: Select all

# du -h /var/cpanel/secdatadir/ip.pag
37M     /var/cpanel/secdatadir/ip.pag

Re: [BUG] ModSecurity IP persistent storage check

Posted: 21 Oct 2017, 17:48
by ForumAdmin
Did you remember to restart httpd right after running /scripts/shrink_modsec_ip_database, otherwise the old file will still be open. Other than that, there's no reason in the code that this could happen.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited