Errors in /var/log/modsec_audit.log: incorrect ModSecurity permissions

Created:

2017-05-10 06:43:48 UTC

Modified:

2017-08-16 15:48:35 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Errors in /var/log/modsec_audit.log: incorrect ModSecurity permissions

Applicable to:

  • Plesk 12.5
  • Plesk Onyx

Symptoms

The following error appears in /var/log/modsec_audit.log :

--b8876e6d-H-- 
Message: collections_remove_stale: Failed to access DBM file "/var/asl/data/msa/global": Permission denied 
Stopwatch: 1494012668966140
Stopwatch2: 1494012668966140 3289; combined=1756, p1=90, p2=1487, p3=20, p4=49, p5=62, sr=7, sw=0, l=0, gc=48
ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/); 201705041602.
Server: Apache
Engine-Mode: "ENABLED"

Cause

This is Plesk bug with ID #PPPM-6202 which will be fixed in future updates.

Resolution

As a workaround, change the permissions as follows:

# chown www-data.www-data /var/asl/data/msa
# chown www-data.www-data /var/asl/data/audit
# chown www-data.www-data /var/asl/data/suspicious
# chmod o-rx -R /var/asl/data/*
#​ chmod ug+rwx -R /var/asl/data/*

User may differ depending on your OS. The example above is for Ubuntu.

If the issue persists, turn off the affected rule by the rule's ID in Plesk.

Additional information

Web Application Firewall (ModSecurity)

Have more questions? Submit a request
Please sign in to leave a comment.