• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved

danami

danami

Silver Pleskian
Username: danami

TITLE

rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

roduct version: Plesk Obsidian 18.0.33.0
OS version: CentOS 8.3.2011 x86_64
Build date: 2021/01/23 00:00
Revision: db5d37f7d2a3360673aa3cba5d73bdda02aed535

PROBLEM DESCRIPTION

Upgrading to 18.0.33.0 replaces the /etc/httpd/conf.d/security2.conf file without actually creating the /etc/httpd/conf.d/security2.conf.rpmsave file.

During the Plesk upgrade I can see this:

Code: 
Updating: plesk-modsecurity-configurator-18.0-2.centos.7+p18.0.33.0+t210122.1058.noarch [49/108]
warning: /etc/httpd/conf.d/security2.conf saved as /etc/httpd/conf.d/security2.conf.rpmsave

After the installer completes:
Code: 
cat /etc/httpd/conf.d/security2.conf.rpmsave
cat: /etc/httpd/conf.d/security2.conf.rpmsave: No such file or directory

STEPS TO REPRODUCE

Run /usr/local/psa/admin/bin/autoinstaller to upgrade to 18.0.33.0 and you will see any of your customizations in /etc/httpd/conf.d/security2.conf get wiped out because the /etc/httpd/conf.d/security2.conf.rpmsave is not created properly.

ACTUAL RESULT

The /etc/httpd/conf.d/security2.conf.rpmsave is not created properly.

EXPECTED RESULT

If the /etc/httpd/conf.d/security2.conf file is to be replaced then the original file should be copied to /etc/httpd/conf.d/security2.conf.rpmsave.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Last edited:
From developer:

The bug is confirmed as PPPM-12724.

But I need to note that we don't expect the use of this file for ModSecurity customization by customers. To make customization customer can use Plesk web interface: "Tools & Settings" -> "Web Application Firewall (ModSecurity) -> "Settings" -> "Custom directives".
 
You should note that this still isn't fixed in 18.0.33.1 and it's even worse than that. Upgrading to 18.0.33.1 will reset security2.conf and disable modsecurity completely even though it looks turned on in the Plesk interface (notice how the modsecurity module is commented out):

Looking at: /etc/httpd/conf.d/security2.conf after the upgrade
Code: 
#LoadModule security2_module modules/mod_security2.so

<IfModule security2_module>
        SecDataDir /var/lib/mod_security
        IncludeOptional "/etc/httpd/conf/modsecurity.d/*.conf"
</IfModule>
 

Attachments

  • 2021-02-28_00h50_09.png
    2021-02-28_00h50_09.png
    167.7 KB · Views: 4
Last edited:
You must log in or register to reply here.

Similar threads

A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
895
Abernathy
A
danami
Resolved Plesk Postfix RPM overrites /etc/postfix/header_checks with every Postfix package update
Replies
7
Views
2K
danami
danami
Bitpalast
Forwarded to devs Update to 18.0.63 #4 removed /etc/fail2ban/jail.local, crashed Fail2Ban
Replies
3
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
T
ISSUE - Nginx config generation failure and http2 directive implementation failure
Replies
14
Views
4K
Bitpalast
Bitpalast
Hajime Tanaka
Resolved AlmaLinux HTTPD will not recognize the error with .htaccess
Replies
4
Views
3K
Peter Debik
P
Back
Top