Page 1 of 1

Does cmc have to be removed if mod_sec is removed

Posted: 26 Feb 2014, 20:48
by vicos
Howdy,

I just had to remove mod_security from my Apache build because of an incompatibility with Ruid2.

Is it best to remove cmc also, or am I OK leaving it installed?

I hope to use mod_sec one day when the issue is resolved.

TIA!

Re: Does cmc have to be removed if mod_sec is removed

Posted: 26 Feb 2014, 23:47
by Sergio
I have servers with ruid and modsec working together, what happens with yours?

What modsec rules did you use?

Re: Does cmc have to be removed if mod_sec is removed

Posted: 27 Feb 2014, 02:50
by vicos
It's a well documented clash between Ruid2 and mod_security. Something to do with file locking of log files.

The error is: Audit log: Failed to lock global mutex: Permission denied

They say it could lead to race conditions. But, another issue, is that you get the above error and can't see which rule was enacted, making it impossible to disable that rule if required.

This is a CPANEL server. They were supposed to fix it with the newest EasyApache, but something went wrong at the last minute.

Re: Does cmc have to be removed if mod_sec is removed

Posted: 27 Feb 2014, 03:33
by Sergio
What set of modsec rules are you using? GotRoot? OWASP?

Re: Does cmc have to be removed if mod_sec is removed

Posted: 27 Feb 2014, 03:40
by Sergio
Ok, I found the info on:
https://documentation.cpanel.net/displa ... odSecurity
strange as I haven't seen this error in my server.

Thanks for posting.

If you are using GotRoot, have you tried to contact Atomicorp about this issue?

Re: Does cmc have to be removed if mod_sec is removed

Posted: 27 Feb 2014, 19:01
by vicos
Is it best to remove cmc also, or am I OK leaving it installed?