cPanel confirmed - Modsecurity incompatibility with Mod_ruid2

[meutrei]

cPanel confirm the incompatibility between Modsecurity2 and mod_ruid2 on Easyapache 4 with default cPanel package.
They wait Modsecurity team to solve this bug!

The cPanel team confirm that the problem is on Modsecurity side:
cPanel Facebook: https://goo.gl/EAHjFX
cPanel forum: https://goo.gl/0vm2f7

As long as mod_ruid2 is the only easy solution available for Centos 7.x against symlink attacks can Modsecurity to solve this incompatibilities with mod_ruid2?

Errors are related to permissions(so must be an easy fix for Modsecurity)

[Wed Feb 15 05:00:21.491873 2017] [:error] [pid 20211] [client 66.xxx.xxx.xxx] ModSecurity: Geo Lookup: Failed to lock proc mutex: Permission denied [hostname "www.example.com"] [uri "/hazo/yglx.php"] [unique_id "WKPSVS9n@Qre-tOcMOWD-AAAAAM"]
[Wed Feb 15 05:00:21.661856 2017] [:error] [pid 20211] [client 66.xxx.xxx.xxx] ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied [hostname "www.example.com"] [uri "/index.php"] [unique_id "WKPSVS9n@Qre-tOcMOWD-AAAAAM"]

cPanel V.62 with Easyapache 4 & default package

Thanks!

[jonaritz]

Hello there,

he are you? I hope you are doing well!

Fist off.... thanks for your amazing work!

Secondly, I would like to confirm the same problem here. Since I have activated mode security, I am having the same problem as reported by @mariusfv

[Sat Apr 08 19:36:45.596115 2017] [:error] [pid 8909] [client xx.xx.xx.xx] ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied [hostname "www.xxxx.com"] [uri "/cgi-sys/ea-php56/index.php"] [unique_id "WOkfrR7zX62E6X@dzpcExAAAAAU"]
[Sat Apr 08 19:36:46.373600 2017] [:error] [pid 11169] [client xx.xx.xx.xx] ModSecurity: Geo Lookup: Failed to lock proc mutex: Permission denied [hostname "www.xxxx.com"] [uri "/index.php/es/"] [unique_id "WOkfrnJ@itdDHMfClGCToQAAAAc"]
[Sat Apr 08 19:36:46.373674 2017] [:error] [pid 11169] [client xx.xx.xx.xx] ModSecurity: Geo Lookup: Failed to lock proc mutex: Permission denied [hostname "www.xxx.com"] [uri "/index.php/es/"] [unique_id "WOkfrnJ@itdDHMfClGCToQAAAAc"]
[Sat Apr 08 19:36:46.373698 2017] [:error] [pid 11169] [client 1 xx.xx.xx.xx] ModSecurity: Rule processing failed (id=981138) [hostname "www.xxx.com"] [uri "/index.php/es/"] [unique_id "WOkfrnJ@itdDHMfClGCToQAAAAc"]

I hope it helps! Please let me know if I can help providing you any kind of further info. I would say that it is a problem with the folder & permissions where /var/cpanel/secdatadir/ip is located

Cheers!

[meutrei]

It seems that Modsecurity team refuse to solve this bug.
cPanel team confirmed me that this bug was reported a long time ago(3 years ago: #712) to Modsecurity team.
Its a shame as long as is about "security".

[zimmerle]

As reported by @mariusfv this is a duplicate, therefore I am closing this issue.