• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Forwarded to devs rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved

danami

danami

Silver Pleskian
Username: danami

TITLE

rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

roduct version: Plesk Obsidian 18.0.33.0
OS version: CentOS 8.3.2011 x86_64
Build date: 2021/01/23 00:00
Revision: db5d37f7d2a3360673aa3cba5d73bdda02aed535

PROBLEM DESCRIPTION

Upgrading to 18.0.33.0 replaces the /etc/httpd/conf.d/security2.conf file without actually creating the /etc/httpd/conf.d/security2.conf.rpmsave file.

During the Plesk upgrade I can see this:

Code: 
Updating: plesk-modsecurity-configurator-18.0-2.centos.7+p18.0.33.0+t210122.1058.noarch [49/108]
warning: /etc/httpd/conf.d/security2.conf saved as /etc/httpd/conf.d/security2.conf.rpmsave

After the installer completes:
Code: 
cat /etc/httpd/conf.d/security2.conf.rpmsave
cat: /etc/httpd/conf.d/security2.conf.rpmsave: No such file or directory

STEPS TO REPRODUCE

Run /usr/local/psa/admin/bin/autoinstaller to upgrade to 18.0.33.0 and you will see any of your customizations in /etc/httpd/conf.d/security2.conf get wiped out because the /etc/httpd/conf.d/security2.conf.rpmsave is not created properly.

ACTUAL RESULT

The /etc/httpd/conf.d/security2.conf.rpmsave is not created properly.

EXPECTED RESULT

If the /etc/httpd/conf.d/security2.conf file is to be replaced then the original file should be copied to /etc/httpd/conf.d/security2.conf.rpmsave.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Last edited:
From developer:

The bug is confirmed as PPPM-12724.

But I need to note that we don't expect the use of this file for ModSecurity customization by customers. To make customization customer can use Plesk web interface: "Tools & Settings" -> "Web Application Firewall (ModSecurity) -> "Settings" -> "Custom directives".
 
You should note that this still isn't fixed in 18.0.33.1 and it's even worse than that. Upgrading to 18.0.33.1 will reset security2.conf and disable modsecurity completely even though it looks turned on in the Plesk interface (notice how the modsecurity module is commented out):

Looking at: /etc/httpd/conf.d/security2.conf after the upgrade
Code: 
#LoadModule security2_module modules/mod_security2.so

<IfModule security2_module>
        SecDataDir /var/lib/mod_security
        IncludeOptional "/etc/httpd/conf/modsecurity.d/*.conf"
</IfModule>
 

Attachments

  • 2021-02-28_00h50_09.png
    2021-02-28_00h50_09.png
    167.7 KB · Views: 4
Last edited:
You must log in or register to reply here.

Similar threads

A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
321
Abernathy
A
Dave W
Forwarded to devs Mariadb 10.6 /etc/my.cnf issue
Replies
7
Views
2K
Kaspar
K
danami
Forwarded to devs Security2.conf config for package mod_security-2.9.2-1.el7.x86_64 is missing on upgrade
Replies
3
Views
940
danami
danami
danami
Anacron job 'cron.daily' /etc/cron.daily/logrotate errors
Replies
2
Views
2K
danami
danami
V
Forwarded to devs Grafana extension database rights too broad and cannot load unsigned backend plugin
2
Replies
22
Views
7K
Sergio Manzi
Sergio Manzi
Back
Top