• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs Security2.conf config for package mod_security-2.9.2-1.el7.x86_64 is missing on upgrade

danami

danami

Silver Pleskian
TITLE:
Security2.conf config for package mod_security-2.9.2-1.el7.x86_64 is missing on upgrade
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Product version: Plesk Onyx 17.8.11 Update #6
Update date: 2018/04/23 08:40
Build date: 2018/04/13 07:57
OS version: CentOS 7.5.1804
Revision: c3fb546fb867ac424d65da14d8b023f11ec0d150
Architecture: 64-bit
Wrapper version: 1.2
PROBLEM DESCRIPTION:
When running yum update to mod_security-2.9.2-1.el7.x86_64 I see this:

Code: 
warning: /etc/httpd/conf.d/security2.conf saved as /etc/httpd/conf.d/security2.conf.rpmsave
The only problem when the new /etc/httpd/conf.d/security2.conf is not added it disables mod_security completely .​
STEPS TO REPRODUCE:
Run yum update​
ACTUAL RESULT:
yum update
Warning: /etc/httpd/conf.d/security2.conf saved as /etc/httpd/conf.d/security2.conf.rpmsave​
EXPECTED RESULT:
If a config file has changed the package should move the config to /etc/httpd/conf.d/security2.conf.rpmsave AND add the new config file /etc/httpd/conf.d/security2.conf​
ANY ADDITIONAL INFORMATION:
I'm seeing this on multiple servers.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
From developer:

The customer tried to install mod_security package from OS vendor repository. But Plesk uses itself package with different package version:

mod_security-2.9.2-centos7.18050714.x86_64

The mentioned config does not exist in vendor's mod_security package. Rpm removed our package and saved old config as .rpmsave during the update procedure.
The bug will not be confirmed because I didn't see any reason do this.
 
You guys still really need to look at this. This happens on any yum update to Centos 7.5 because the Centos 7.5 modsecurity package is newer than the ones provided by Plesk... So any user who does a simple "yum update" to Centos 7.5 will be affected and their modsecurity will be disabled. I've also linked to the Centos 7.5 thread so that users will be aware of this.
 
Last edited:
Actually it looks like the Centos 7 mod_security package still loads the rules in the mod_security.conf file instead.
 
You must log in or register to reply here.

Similar threads

A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
294
Abernathy
A
danami
Forwarded to devs rpm scriptlet problem: /etc/httpd/conf.d/security2.conf.rpmsave not actually saved
Replies
2
Views
759
danami
danami
MSWeb
Docker non-functional after automatic package update
Replies
12
Views
2K
MSWeb
MSWeb
danami
Forwarded to devs The GPG keys listed for the "grafana extension repository" repository are already installed but they are not correct for this package.
Replies
7
Views
2K
Peter Debik
P
Bitpalast
Resolved Apache web server config files all regenerated nightly since 18.0.48
Replies
7
Views
2K
Peter Debik
P
Back
Top