Hi Breno, sorry but I don’t understand what you mean by “You can try to set it into /etc/profile ?”

 

Also, I’m not clear on what you’re demonstrating with your example below. Also in my setup logs are created by the first user which tries to log, since that user creates the directory and has permissions on it. However any subsequent users are unable to log to the same directory since they do not have permissions.

 

Regards, Ben

 

From: Breno Silva [mailto:breno.silva@gmail.com]
Sent: 22 July 2013 14:08
To: mod-security-developers
Subject: Re: [Mod-security-developers] Compatibility with mod_ruid2

 

Ben,

 

You can try to set it into /etc/profile ?

It works for me :

 

root@ubuntu:/home/brenosilva# ls -lisa /var/log/apache2/20130720/20130720-1140/20130720-114050-UerZscCoAGUAAFcXJFcAAAAe

194655 4 -rwxrwxrwx 1 www-data www-data 3342 2013-07-22 11:40 /var/log/apache2/20130722/20130722-1140/20130722-114050-UerZscCoAGUAAFcXJFcAAAAe

 

 

On Mon, Jul 22, 2013 at 12:07 AM, Ben Empson <ben@arrayx.co.uk> wrote:

Hi Breno,

 

I tried:

SecAuditLogDirMode 0000
SecAuditLogFileMode 0000

But on Apache restart I got the following error: “ModSecurity: Invalid value for SecAuditLogDirMode: 0000”. So I reset these 2 values to 0777.

 

Then I went to /var/asl/data and did

 

umask 0000

 

However I’m still getting errors in the Apache log: “ModSecurity: Audit log: Failed to create file: /var/asl/data/audit0722/20130722-0756/20130722-075623-UezXl1nIjfEAAHYWJ@oAAAAK (Permission denied)”

 

Note that the first website to get an error in each minute creates the audit folder and there are logs for that site. However any subsequent requests for other websites (and therefore users) get the error above since they don’t have write permissions, eg:

 

drwxr-xr-x  2 use11  use11   4096 Jul 22 07:55 20130722-0755/

drwxr-xr-x  2 use22  use22   4096 Jul 22 07:56 20130722-0756/

 

Regards, Ben