• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved

danami

danami

Silver Pleskian
Username: danami

TITLE

rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

roduct version: Plesk Obsidian 18.0.33.0
OS version: CentOS 8.3.2011 x86_64
Build date: 2021/01/23 00:00
Revision: db5d37f7d2a3360673aa3cba5d73bdda02aed535

PROBLEM DESCRIPTION

Upgrading to 18.0.33.0 replaces the /etc/httpd/conf.d/security2.conf file without actually creating the /etc/httpd/conf.d/security2.conf.rpmsave file.

During the Plesk upgrade I can see this:

Code: 
Updating: plesk-modsecurity-configurator-18.0-2.centos.7+p18.0.33.0+t210122.1058.noarch [49/108]
warning: /etc/httpd/conf.d/security2.conf saved as /etc/httpd/conf.d/security2.conf.rpmsave

After the installer completes:
Code: 
cat /etc/httpd/conf.d/security2.conf.rpmsave
cat: /etc/httpd/conf.d/security2.conf.rpmsave: No such file or directory

STEPS TO REPRODUCE

Run /usr/local/psa/admin/bin/autoinstaller to upgrade to 18.0.33.0 and you will see any of your customizations in /etc/httpd/conf.d/security2.conf get wiped out because the /etc/httpd/conf.d/security2.conf.rpmsave is not created properly.

ACTUAL RESULT

The /etc/httpd/conf.d/security2.conf.rpmsave is not created properly.

EXPECTED RESULT

If the /etc/httpd/conf.d/security2.conf file is to be replaced then the original file should be copied to /etc/httpd/conf.d/security2.conf.rpmsave.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Last edited:
From developer:

The bug is confirmed as PPPM-12724.

But I need to note that we don't expect the use of this file for ModSecurity customization by customers. To make customization customer can use Plesk web interface: "Tools & Settings" -> "Web Application Firewall (ModSecurity) -> "Settings" -> "Custom directives".
 
You should note that this still isn't fixed in 18.0.33.1 and it's even worse than that. Upgrading to 18.0.33.1 will reset security2.conf and disable modsecurity completely even though it looks turned on in the Plesk interface (notice how the modsecurity module is commented out):

Looking at: /etc/httpd/conf.d/security2.conf after the upgrade
Code: 
#LoadModule security2_module modules/mod_security2.so

<IfModule security2_module>
        SecDataDir /var/lib/mod_security
        IncludeOptional "/etc/httpd/conf/modsecurity.d/*.conf"
</IfModule>
 

Attachments

  • 2021-02-28_00h50_09.png
    2021-02-28_00h50_09.png
    167.7 KB · Views: 4
Last edited:
You must log in or register to reply here.

Similar threads

A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
590
Abernathy
A
Bitpalast
Forwarded to devs Update to 18.0.63 #4 removed /etc/fail2ban/jail.local, crashed Fail2Ban
Replies
3
Views
605
Sebahat.hadzhi
Sebahat.hadzhi
Dave W
Forwarded to devs Mariadb 10.6 /etc/my.cnf issue
Replies
7
Views
3K
Kaspar
K
danami
Forwarded to devs Security2.conf config for package mod_security-2.9.2-1.el7.x86_64 is missing on upgrade
Replies
3
Views
1K
danami
danami
danami
Anacron job 'cron.daily' /etc/cron.daily/logrotate errors
Replies
2
Views
2K
danami
danami
Back
Top