• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved

danami

danami

Silver Pleskian
Username: danami

TITLE

rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

roduct version: Plesk Obsidian 18.0.33.0
OS version: CentOS 8.3.2011 x86_64
Build date: 2021/01/23 00:00
Revision: db5d37f7d2a3360673aa3cba5d73bdda02aed535

PROBLEM DESCRIPTION

Upgrading to 18.0.33.0 replaces the /etc/httpd/conf.d/security2.conf file without actually creating the /etc/httpd/conf.d/security2.conf.rpmsave file.

During the Plesk upgrade I can see this:

Code: 
Updating: plesk-modsecurity-configurator-18.0-2.centos.7+p18.0.33.0+t210122.1058.noarch [49/108]
warning: /etc/httpd/conf.d/security2.conf saved as /etc/httpd/conf.d/security2.conf.rpmsave

After the installer completes:
Code: 
cat /etc/httpd/conf.d/security2.conf.rpmsave
cat: /etc/httpd/conf.d/security2.conf.rpmsave: No such file or directory

STEPS TO REPRODUCE

Run /usr/local/psa/admin/bin/autoinstaller to upgrade to 18.0.33.0 and you will see any of your customizations in /etc/httpd/conf.d/security2.conf get wiped out because the /etc/httpd/conf.d/security2.conf.rpmsave is not created properly.

ACTUAL RESULT

The /etc/httpd/conf.d/security2.conf.rpmsave is not created properly.

EXPECTED RESULT

If the /etc/httpd/conf.d/security2.conf file is to be replaced then the original file should be copied to /etc/httpd/conf.d/security2.conf.rpmsave.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Last edited:
From developer:

The bug is confirmed as PPPM-12724.

But I need to note that we don't expect the use of this file for ModSecurity customization by customers. To make customization customer can use Plesk web interface: "Tools & Settings" -> "Web Application Firewall (ModSecurity) -> "Settings" -> "Custom directives".
 
You should note that this still isn't fixed in 18.0.33.1 and it's even worse than that. Upgrading to 18.0.33.1 will reset security2.conf and disable modsecurity completely even though it looks turned on in the Plesk interface (notice how the modsecurity module is commented out):

Looking at: /etc/httpd/conf.d/security2.conf after the upgrade
Code: 
#LoadModule security2_module modules/mod_security2.so

<IfModule security2_module>
        SecDataDir /var/lib/mod_security
        IncludeOptional "/etc/httpd/conf/modsecurity.d/*.conf"
</IfModule>
 

Attachments

  • 2021-02-28_00h50_09.png
    2021-02-28_00h50_09.png
    167.7 KB · Views: 4
Last edited:
You must log in or register to reply here.

Similar threads

A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
290
Abernathy
A
Dave W
Forwarded to devs Mariadb 10.6 /etc/my.cnf issue
Replies
7
Views
2K
Kaspar
K
danami
Forwarded to devs Security2.conf config for package mod_security-2.9.2-1.el7.x86_64 is missing on upgrade
Replies
3
Views
914
danami
danami
danami
Anacron job 'cron.daily' /etc/cron.daily/logrotate errors
Replies
2
Views
2K
danami
danami
V
Forwarded to devs Grafana extension database rights too broad and cannot load unsigned backend plugin
2
Replies
22
Views
7K
Sergio Manzi
Sergio Manzi
Back
Top