• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Forwarded to devs Security2.conf config for package mod_security-2.9.2-1.el7.x86_64 is missing on upgrade

danami

Silver Pleskian
TITLE:
Security2.conf config for package mod_security-2.9.2-1.el7.x86_64 is missing on upgrade
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Product version: Plesk Onyx 17.8.11 Update #6
Update date: 2018/04/23 08:40
Build date: 2018/04/13 07:57
OS version: CentOS 7.5.1804
Revision: c3fb546fb867ac424d65da14d8b023f11ec0d150
Architecture: 64-bit
Wrapper version: 1.2
PROBLEM DESCRIPTION:
When running yum update to mod_security-2.9.2-1.el7.x86_64 I see this:

Code:
warning: /etc/httpd/conf.d/security2.conf saved as /etc/httpd/conf.d/security2.conf.rpmsave
The only problem when the new /etc/httpd/conf.d/security2.conf is not added it disables mod_security completely .​
STEPS TO REPRODUCE:
Run yum update​
ACTUAL RESULT:
yum update
Warning: /etc/httpd/conf.d/security2.conf saved as /etc/httpd/conf.d/security2.conf.rpmsave​
EXPECTED RESULT:
If a config file has changed the package should move the config to /etc/httpd/conf.d/security2.conf.rpmsave AND add the new config file /etc/httpd/conf.d/security2.conf​
ANY ADDITIONAL INFORMATION:
I'm seeing this on multiple servers.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
From developer:

The customer tried to install mod_security package from OS vendor repository. But Plesk uses itself package with different package version:

mod_security-2.9.2-centos7.18050714.x86_64

The mentioned config does not exist in vendor's mod_security package. Rpm removed our package and saved old config as .rpmsave during the update procedure.
The bug will not be confirmed because I didn't see any reason do this.
 
You guys still really need to look at this. This happens on any yum update to Centos 7.5 because the Centos 7.5 modsecurity package is newer than the ones provided by Plesk... So any user who does a simple "yum update" to Centos 7.5 will be affected and their modsecurity will be disabled. I've also linked to the Centos 7.5 thread so that users will be aware of this.
 
Last edited:
Actually it looks like the Centos 7 mod_security package still loads the rules in the mod_security.conf file instead.
 
Back
Top