Was digging through the WIKI to figure out how to stop this errors:
collections_remove_stale: Failed to access DBM file "/usr/local/apache/conf/modsec/data/msa/user": Permission denied
collection_store: Failed to access DBM file "/usr/local/apache/conf/modsec/data/msa/ip": Permission denied
Then I found this in the WIKI
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
Do the above permission apply to a cPanel system running suPHP? nobody didn't seem correct for that setup and the WIKI didn't address that.
Thanks
ASL mod_sec rules install question
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: ASL mod_sec rules install question
We dont use collections, so this is being caused by some rules you have installed, are you using some third party rules?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: ASL mod_sec rules install question
Maybe, I put this rule in since the Joomla rule you have wasn't stopping the brute force attempts. Thought it might be related to ASL.
Code: Select all
<Location /administrator/index.php>
# Setup brute force detection.
# React if block flag has been set.
SecRule user:bf_block "@gt 0" "deny,status:401,log,msg:'ip address blocked for 5 minutes, more than 15 login attempts in 3 minutes.',id:10011"
# Setup Tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:10012"
SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:10013"
SecRule ip:bf_counter "@gt 15" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</location>
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: ASL mod_sec rules install question
Thats not one of our rules.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone