ruid2 Support

Does your product include a ruleset which is compatible with RUID2 yet?

Thank you.

There are no ruleset compatible with RUID2 because conflict between mod_security and mod_ruid is not the ruleset issue. To avoid this conflict, please, change the log-files location for mod_ruid.
For example:

SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit SecAuditLogType Concurrent SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit SecAuditLogType Concurrent

SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog /usr/local/apache/logs/modsec_audit.log
SecDebugLog /usr/local/apache/logs/modsec_debug.log
SecDebugLogLevel 0
SecRequestBodyAccess On
SecDataDir /tmp
SecTmpDir /tmp
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
Include “/var/cpanel/cwaf/etc/cwaf.conf”

[Wed Nov 12 20:03:17 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtgq3hFR4AAJhwPsUAAAAE”]
[Wed Nov 12 20:03:19 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtha3hFR4AAJhtPOMAAAAB”]
[Wed Nov 12 20:03:22 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQth63hFR4AAJh3RLYAAAAJ”]
[Wed Nov 12 20:03:25 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtiq3hFR4AAJhyQBQAAAAF”]
[Wed Nov 12 20:03:25 2014] [error] [client 66.249.65.73] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “xxxx.html”] [unique_id “VGQtja3hFR4AAJh4RVsAAAAK”]
[Wed Nov 12 20:03:27 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtjK3hFR4AAJh5RgEAAAAL”]
[Wed Nov 12 20:03:27 2014] [error] [client 68.180.229.31] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/index.php”] [unique_id “VGQtgq3hFR4AAJh1QmMAAAAH”]
[Wed Nov 12 20:03:28 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtj63hFR4AAJhsPBwAAAAA”]
[Wed Nov 12 20:03:29 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtkK3hFR4AAJhwPsYAAAAE”]
[Wed Nov 12 20:03:30 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtka3hFR4AAJhtPOQAAAAB”]
[Wed Nov 12 20:03:31 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtkq3hFR4AAJhyQBUAAAAF”]
[Wed Nov 12 20:03:32 2014] [error] [client 173.225.21.30] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-cron.php”] [unique_id “VGQtkq3hFR4AAJh3RLcAAAAJ”]
[Wed Nov 12 20:03:32 2014] [error] [client 37.57.200.107] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtjK3hFR4AAJhuPYAAAAAC”]
[Wed Nov 12 20:03:33 2014] [error] [client 54.236.217.27] ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied [hostname “xxxx”] [uri “/wp-login.php”] [unique_id “VGQtk63hFR4AAJh5RgIAAAAL”]

We have no idea how to fix this issue. We found the next topic http://forums.cpanel.net/f442/mod-ruid-2-modsecurity-385712.html
May be it will help you with this problem.

This is exactly my point, this issue has not been resolved. And btw the cPanel forum article you linked to? I started that. As per cPanel staff “Yes, if you’re using Mod Security rules that need the DBM functionality.” So obviously your ruleset is still not RUID2 friendly yet which is what my initial inquiry was.

I’ve got the same issue (ModSecurity: collection_store: Failed to access DBM file “/tmp/ip”: Permission denied) with the default rules enabled on a cPanel server with mod_ruid2. I know mod_ruid2 has problems with ModSecurity but I understand the main issue here is that some of the rules require collection_store. Is there a list of which rules require that so I can disable them? I figure it’s better to have some rules disabled than none at all.

Unfortunately we have no such list. I think you need find these rules in error.log and exclude them by cPanel - Plugins - Comodo WAF - Catalog - Search By Rule Id - Off - Implement