• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Atomic's rules are no longer updated

ivanes82

Basic Pleskian
Server operating system version
Almalinux 8.10
Plesk version and microupdate number
Plesk Obsidian 18.0.67
Since the last plesk update the modsecurity updates at least for atomic have stopped working. They don't work neither from plesk's daily cron job nor by forcing it with aum -uf.

Running aum -uf gives as a result:

[root@mail ~]# aum -uf

Atomic Updater

Analyzing system ... done

Checking for updates ...

Core packages : -> 6.0.59-32440 ...ok
Atomicorp WAF Rules : not enabled

Checking post install ownerships ...


Applying updates ...



All tasks complete.
 
@ivanes82 could you please confirm if you using the standard or advanced Atomic ruleset? Also, what's the exact error you see?
I have the atomic advanced. I really don't see any errors. Just every night when the rules were updated I got a notification in plesk, notifying me of the rules update. That no longer appears.
As I found it strange not to have the update, I tried to force it manually with plesk daily -f UpdateModSecurityRuleSet and that didn't work either.
Finally I tried with aum -uf and that didn't work either. Before when I updated it told me which version I had and to which one I had updated if there was an update, and now it says Atomicorp WAF Rules : not enabled.
 
Thank you for the confirmation. Could you please navigate to Tools & Settings > Web Application Firewall (ModSecurity) > Settings and confirm if the "Username" and "Password" fields contain any value? Also, just to be certain, under "Update rule sets" please click on "Manage them on the notification page" and ensure the notification is in fact enabled. Lastly, please try running:

plesk daily UpdateModSecurityRuleSet
 
I have manually modified the files /var/awp/etc/config and /var/awp/etc/config.aum by setting MODSEC_ENABLED=“yes” and it works correctly again if I run aum -uf. The rules are updated correctly, but if I run plesk daily UpdateModSecurityRuleSet the rules are not updated and the configuration files return to MODSEC_ENABLED=“no”, so updating modsecurity rules through plesk does not work.
 
I also noticed that I do not get any notifications for the daily updates of the Atomicorp ruleset since the last update, although all notifications are set to on. But I use the standard/free ruleset. For my system specifications see my signature.
 
Is there no news on this matter? We have had a month with Modsecurity broken in plesk. Something as important as security, I get the feeling that it is not given the attention it should be, and that can bring many problems.
 
Thank you for the report, @King555 I filed a report, and our engineers are currently reviewing if that's a bug or isolated issue on your servers.
 
Thank you both for your patience. This hasn't been recognized as a bug. Since the last update aum is no longer used for Atomic rulesets for ModSecurity. Could you please following the instructions from this guide and ensure the corresponding ruleset entry is present in the panel.ini? If the issue continues afterward, please check /var/log/plesk/panel.log for any errors beginning with:

INFO [panel][] == Begin ModSecurity rule set update
 
Unfortunately it did not work.
I never had to put in before:
[modSecurity]
ruleSet.tortix = true
ruleSet.atomic = true
in panel.ini, and it always worked, I tried it anyway but it didn't work.

I have no error in plesk, and everything works perfectly until I run plesk daily UpdateModSecurityRuleSet.

The only bug I had was that updating modsecurity rules disabled selinux PPPM-14747.

Interestingly this has stopped happening since the last update, although in the patch notes there is no reference to it, but a new bug has appeared, rules are no longer updated from plesk at all.

When is the PPPM-14747 bug fix scheduled for? The support team told me for Plesk Obsidian 18.0.67, but in the patch notes it does not appear.
 
Does the guide also apply to Ubuntu 24? I ask because the guide's title says AlmaLinux (and others) and the original poster has this OS, but I don't.
 
@ivanes82 , you should only have ruleSet.atomic = true since you are using the Advanced ruleset. Regarding bug PPPM-14747, it was caused by the aum installer and since Plesk Obsidian 18.0.67 the update of the ruleset is performed without AUM the issue seems to be fixed indeed. I will double-check with our team in order to confirm that for sure.

@King555 as far as I am aware no additional configuration is needed for Ubuntu. Do you see any errors in the log, please?
 
@ivanes82 , you should only have since you are using the Advanced ruleset. Regarding bug PPPM-14747, it was caused by the aum installer and since Plesk Obsidian 18.0.67 the update of the ruleset is performed without AUM the issue seems to be fixed indeed. I will double-check with our team in order to confirm that for sure.ruleSet.atomic = true

@King555 as far as I am aware no additional configuration is needed for Ubuntu. Do you see any errors in the log, please?
Very strange, because updating the atomic rules from “aum” did not deactivate selinux, but doing it from plesk did.
Now activating the rules from aum updates the rules correctly, but doing it from plesk does not update the rules at all.
Are you sure nothing is broken in the last update?
 
Considering that our engineers are unable to replicate the described behavior on a test Almalinux 8.10 server I believe this could be specific to the local environment. They enabled the “Atomic Advanced (bought from Atomicorp) running on Apache (ModSecurity 2.9)” ruleset, removed a random rule, and then ran the daily task plesk daily UpdateModSecurityRuleSet to ensure the delete rule is re-added successfully. The in-panel notification was also successfully triggered.

Could you please confirm how exactly you verify that there was no ruleset update?
 
Do you see any errors in the log, please?
I checked all log files I found and found nothing about any errors or information about updates of the ruleset. But I found out that under /etc/apache2/modsecurity.d/rules/tortix/modsec all files have been modified on the current day at 05:03 am. Does that mean the update works? Because then it's only the missing notification.
 
Considering that our engineers are unable to replicate the described behavior on a test Almalinux 8.10 server I believe this could be specific to the local environment. They enabled the “Atomic Advanced (bought from Atomicorp) running on Apache (ModSecurity 2.9)” ruleset, removed a random rule, and then ran the daily task plesk daily UpdateModSecurityRuleSet to ensure the delete rule is re-added successfully. The in-panel notification was also successfully triggered.

Could you please confirm how exactly you verify that there was no ruleset update?
The only way I can know if the rules have been updated that I know of is through the notifications, and they no longer appear since the last update. Is there any other way to find out?

Another reference I can think of is when I used to run “plesk daily -UpdateModSecurityRuleSet” it took between 1 min 2 two to perform the task, and since the last update it takes about 5 seconds. Either the task has been optimized a lot, or the task is not running.
 
I see. If there's an update performed the files under /etc/httpd/conf/modsecurity.d/rules/atomic are going to be modified (in case, there's a missing ruleset update) and there is in-panel notification as well. The vendor from which you purchased the license doesn't matter for the ruleset update. Regarding the missing notification, our engineers did not identify such an issue. If you have the option to open a support ticket so our team can directly review the issue on your environment will be best.
 
My folder is not /etc/httpd/conf/modsecurity.d/rules/atomic, it is /etc/httpd/conf/modsecurity.d/rules/tortix
Is this correct? The /etc/httpd/conf/modsecurity.d/rules/atomic folder does not exist.
 
Back
Top