Essentially, instead of ramming all of mod security’s log events into a single file, it places each event into its own file. Gazoo commented Apr 27, 2015 @jowrjowr No that isn't a real fix. You may have to register before you can post: click the register link above to proceed. Also all audit consoles require logging to be set to concurrent. (mlogc requires concurrent logging). http://qaisoftware.com/failed-to/failed-to-create-global-mutex.html
There is me thinking it'll stuff up! (my famous last words!) Good to see top reporting usernames for httpd! Had to stop selling modsecurity to our clients. I'm using my own patched version to get around that for now which is mentioned in #712. If you follow all the big hosting panel providers (like Cpanel) they are now all running their own patched versions of mod_security. https://github.com/SpiderLabs/ModSecurity/issues/454
All Rights Reserved. The only major changes made were: Complete revamp of the WHM UI for ModSecurity Creation of "ModSecurity Domain Manager" in cPanel UI Deprecation of modsec.modsec table (no longer used) Creation of Is that so? I've edited /etc/init.d/httpd file and I've added this line at the top: umask 000 cpanel mod_ruid2 mod_security 14 thoughts on “ModSecurity: Audit log: Failed to unlock global mutex: Permission denied” Adam
In CSF configuration, I set MODSEC_LOG to that path and restarted CSF. Modsecurity Audit Log Failed To Lock Global Mutex Invalid Argument Have I got things wired up wrong, or am I looking in the wrong place? Hope SpiderLabs and Cpanel can get on the same page as this is hurting both their reputations. Continued Of course all files should be chown`ed.
With those libs I can compile with DEFUSER and get no mutex lock errors? Has anyone managed to get this plugin to work when using mod_php? Contributor rcbarnett commented Oct 17, 2013 Original reporter: littleb Contributor rcbarnett commented Oct 17, 2013 littleb: I made an error and listed 2.5.6 as the mod_security version.The correct version is 2.6.3. Reply With Quote 07-06-2016,05:13 AM #2 jonium View Profile View Forum Posts Verified User Join Date Nov 2010 Location Alezio - Lecce- Apulia - South Italy Posts 72 I'm experiencing the
the following event log filename was generated on 28th June 2014 at 1 minute and 25 seconds past midnight. It then deletes the old concurrent logs, keeping the node count down. Failed To Lock Global Mutex Identifier Removed saveriomiroddi commented Mar 18, 2015 Affects me as well, on an Nginx 1.6.2 on Ubuntu setup. Should I quote "On"? # WHM-managed ModSecurity configuration directives SecAuditEngine "On" SecRuleEngine On SecConnEngine "On" #5 shacker23, Oct 28, 2014 quizknows Well-Known Member Joined: Oct 20, 2009 Messages: 944 Likes
This works as long as all sites behind the WAF can live with a common ruleset. on November 13, 2016, 09:58:24 PM Pages:  2 3 ... 12 Go Down Subject / Started by Replies / Views Last post Rules Updates: Changelog Started by TDmitry « Off to disable the offending rule (which will probably take me some hours!). Check This Out That's not something you can just dump to syslog.
All rights reserved. Cpanel has an internal ticket but I think they need some expertise from Spiderlabs to actually resolve the issue. Forum New Posts FAQ Calendar Forum Actions Mark Forums Read Quick Links Today's Posts View Site Leaders Advanced Search Forum Technical Discussion CustomBuild CustomBuild 2.0 Mod_security + mod_ruid2 working right?
Contributor rcbarnett commented Oct 17, 2013 bpinto: Hello Chris, Could you send the necessary configuration options to reproduce the issue ? If you did experience functionality change to existing rules simply by updating cPanel & WHM, please open a ticket so we can investigate. This results in losing a lot of valuable data (like POST payloads, but that's a discussion for another day). Also all audit consoles require logging to be set to concurrent. (mlogc requires concurrent logging). — Reply to this email directly or view it on GitHub #454 (comment) .
zimmerle added the CPANEL itk label Jul 20, 2016 Sign up for free to join this conversation on GitHub. Similar Threads - ModSecurity logging blocking SOLVED How to disable modsecurity for an domain WHM joaosavioli, Jan 5, 2017 at 8:06 AM, in forum: Security Replies: 2 Views: 27 joaosavioli Jan String match within "/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/" at TX:header_name. [file "/usr/local/cwaf/rules/10_HTTP_HTTP.conf"] [line "32"] [id "210740"] [msg "COMODO WAF: HTTP header is restricted by policy"] [data "/Proxy-Connection/"] [severity "WARNING"] [hostname this contact form You may have to register before you can post: click the register link above to proceed.
PHP Handler: Modo en que PHP ejecuta sus librerías. Under each hour/minutedirectory, there are the event log files themselves, which are named with all of the above, plus the number of seconds, plus a unique identifier e.g. The error indicates a permissions issue, but you have ruled that out so yes BPS may not work in the default Apache state. Por nombrar algunos de los más comunes: Linux, WHM/cPanel, Apache, PHP, MySQL, módulos de seguridad como Mod_security o Mod_ruid2 etc… [Servidor VPS] Error con mod_security + mod_ruid2: "ModSecurity: Audit log: Failed to
edit; I've never had problems using both CSF and ModSecurity, at least in a WHM 11.44 and before world. #2 quizknows, Oct 28, 2014 Last edited: Oct 28, 2014 shacker23 That means CSF is getting its queues correctly from apache's error_log. - Important lesson: cPanel's ModSecurity does some validation when you're entering rules, but that's only syntax validation - you can My modsec2.conf does say SecDefaultAction "phase:2,deny,log,status:406" but I do not see ModSecurity hits in the apache error_log. Is it safe to use serial logging at all? 2014/03/31 12:43:43 [notice] 12335#0: ModSecurity for nginx (STABLE)/2.7.7 (http://www.modsecurity.org/) configured. 2014/03/31 12:43:43 [notice] 12335#0: ModSecurity: APR compiled version="1.4.6"; loaded version="1.4.6" 2014/03/31 12:43:43
News: Home Help Search Login Register The Comodo Forum > Business / Enterprise Security Products & Services > Free Modsecurity rules - Comodo Web Application Firewall (Moderators: vadim, Serhyo) Child Boards Si vamos a los logs del sistema nos podemos encontrar con error como este: "ModSecurity: Audit log: Failed to unlock global mutex: Permission denied" El problema se soluciona incluyendo las siguientes Shell SecAuditLogType Concurrent SecAuditLog logs/modsec_audit.log 12 SecAuditLogType ConcurrentSecAuditLog logs/modsec_audit.log and the following in modsec2.user.conf Shell SecAuditLogStorageDir /var/asl/data/audit 1 SecAuditLogStorageDir /var/asl/data/audit The directory structure for /var/asl can be created using the shell Contributor rcbarnett commented Oct 17, 2013 jazz: Debian 2.6.39 Apache 2.2 PHP 5.3 mod_security v2.7.2 The same problem.
I have a similar setup that does not use mod_ruid2 and do not have this problem with the ownCloud software. jowrjowr commented Apr 27, 2015 Alright, I can't argue with that. What's New?