Hi there, I'm running mod_ruid 0.9.7 on Apache 2.2 with ModSecurity 2.7.3 and the GotRoot/Atomicorp delayed ruleset, all on cPanel 11.38. I am unable to get ModSecurity to successfully log it's activities since mod_ruid is causing audit directories and logs to be created with the username of the running process, and more importantly with permissions for that user only, overriding a specific setting in the ModSecurity conf to create audit folders and logs to be created world-writable.

 

I have documented my setup here: https://www.atomicorp.com/forum/viewtopic.php?f=15&t=6932&sid=23c91691756075ec7fc5cfe86a6630d1

 

I also posted this to the mod_ruid2 forums: https://github.com/mind04/mod-ruid2/issues/1

 

One of the mod_ruid2 developers has suggested that ModSecurity should be using the special ap_hook_log_transaction() hook which would mean in my configuration that ModSecurity would try to write it’s audit logs as nobody, which would not cause permissions issues.

 

I did follow the suggestion of the developer in terms of “Maybe you can work around the problem if you make the log directory group writable for apache and add apache to R_Groups for every user.” but this did not fix the problem since new log folders are still created without group write permissions.

 

It seems as though the only possible fix is that ModSecurity uses the ap_hook_log_transaction() hook. It is certain that I’m not the only person suffering this problem: http://www.google.co.uk/search?q=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&{google:acceptedSuggestion}oq=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&sourceid=chrome&ie=UTF-8

 

Is there any chance of this getting fixed / changed?

 

Regards, Ben