I’m not a CIS expert by any means, I’m just a regular user like yourself. I do know though that having two security products installed is a BIG no-no. I would suggest you uninstall CIS and whatever Mod Security is, then reboot. You should then only install CIS.
You don’t need to download rules and update them manually. It is done by plugin. You can schedule automatic rules update in Plugins - Comodo WAF - Configuration.
Also you need to add to ModSecurity confiiguration file the next string:
Include “/var/cpanel/cwaf/etc/cwaf.conf”
if you use Cpanel or
Include “/<path_to_cwaf>/cwaf/etc/cwaf.conf”
if you use other WHMS.
Some our rules are excluded because of false-positives. You can turn them on if you need. Please, check you modsec_audit.log to avoid false-positives.
Hi!
If your rebuilt apache, please, check your configuration files again. Paths to log files may be changed.
But if you use EasyApache configuration files should be saved.
modsec_debug.log is empty, because default debug log-level is 0 (no debug).
You can increase it up to 9 (full debug). But in this case modsec_debug.log will be too large, so it should be rotated by size.
You can check ModSecurity workability by link http://your.web-server/?a=b AND 1=1
You should get an error “403 Forbidden” or similar. Also you’ll see some records in modsec_audit.log
Hey @needsomehelp. Looks like nobody addressed your original problem: no rules.
If you haven’t solved it, this is what you need to do:
Go into CPanel Comodo WAF and select the Configuration tab. In the “CWAF updater configuration” area, enter your Comodo WAF username and password (the same one you use to login to waf.comodo.com) and select any schedule next to “Schedule Rules Update.”
That will force a download of the rules. You can verify that you have them by looking for a rules version on the Main tab, next to " Current rules version" or going to the Catalog tab.