Hi there, is there any chance of getting a response on this? This is a critical issue for all users of mod_ruid2 and ModSecurity…


Regards, Ben




= Array[x] =

= professional technical outsourcing =

= www.arrayx.co.uk = = ben@arrayx.co.uk =

= t UK: +44 (0)20 8144 9102 =

= t ES: +34 938 021 278 =

= m ES: +34 667 065 397 =

= Paseig Sant Joan 25 3-1, 08010, Barcelona, Spain =


Array[x] and Profitable Web Projects are trademarks of Profitable Web Projects SL of Passeig Sant Joan 25 3-1, 08010 Barcelona, Spain, which is inscribed in the Mercantile Register of Barcelona; Tomo 40322, Folio 59, Hoja B363676, Company registration number B64798101. This message may contain information that is legally privileged, confidential or exempt from disclosure. If you are not an intended recipient or an employee or agent responsible for delivering this message to an intended recipient, please notify us immediately and permanently destroy this message and any copies you may have.  Any dissemination or copying of this message by anyone other than the intended recipient is strictly prohibited. Prices exclude taxes and are valid for one month unless otherwise stated.


From: Ben Empson
Sent: 10 July 2013 18:09
To: 'mod-security-developers@lists.sourceforge.net'
Subject: Compatibility with mod_ruid2


Hi there, I'm running mod_ruid 0.9.7 on Apache 2.2 with ModSecurity 2.7.3 and the GotRoot/Atomicorp delayed ruleset, all on cPanel 11.38. I am unable to get ModSecurity to successfully log it's activities since mod_ruid is causing audit directories and logs to be created with the username of the running process, and more importantly with permissions for that user only, overriding a specific setting in the ModSecurity conf to create audit folders and logs to be created world-writable.


I have documented my setup here: https://www.atomicorp.com/forum/viewtopic.php?f=15&t=6932&sid=23c91691756075ec7fc5cfe86a6630d1


I also posted this to the mod_ruid2 forums: https://github.com/mind04/mod-ruid2/issues/1


One of the mod_ruid2 developers has suggested that ModSecurity should be using the special ap_hook_log_transaction() hook which would mean in my configuration that ModSecurity would try to write it’s audit logs as nobody, which would not cause permissions issues.


I did follow the suggestion of the developer in terms of “Maybe you can work around the problem if you make the log directory group writable for apache and add apache to R_Groups for every user.” but this did not fix the problem since new log folders are still created without group write permissions.


It seems as though the only possible fix is that ModSecurity uses the ap_hook_log_transaction() hook. It is certain that I’m not the only person suffering this problem: http://www.google.co.uk/search?q=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&{google:acceptedSuggestion}oq=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&sourceid=chrome&ie=UTF-8


Is there any chance of this getting fixed / changed?


Regards, Ben