Plesk

Errors in /var/log/modsec_audit.log: collections_remove_stale: Failed to access DBM file “/var/asl/data/msa/global”: Permission denied

  • Dmitry Bystrov

    • Symptoms

    1. Plesk is running on Debian or Ubuntu.
    2. Atomic Basic ModSecurity ruleset is enabled at Tools & Settings > Web Application Firewall (ModSecurity) 
    3. Error in
      /var/log/modsec_audit.log
       :

      --b8876e6d-H-- Message: collections_remove_stale: Failed to access DBM file "/var/asl/data/msa/global": Permission denied
      Stopwatch: 1494012668966140
      Stopwatch2: 1494012668966140 3289; combined=1756, p1=90, p2=1487, p3=20, p4=49, p5=62, sr=7, sw=0, l=0, gc=48
      ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/); 201705041602.
      Server: Apache
      Engine-Mode: "ENABLED"

    Cause

    This is Plesk bug with ID #PPPM-6202 which will be fixed in future updates.

    Resolution

    As a workaround, log in to Plesk server via SSH and change the permissions:

    # chown www-data.www-data /var/asl/data/msa
    # chown www-data.www-data /var/asl/data/audit
    # chown www-data.www-data /var/asl/data/suspicious
    # chmod o-rx -R /var/asl/data/*
    # chmod ug+rwx -R /var/asl/data/*

    If the issue persists, turn off the affected rule by the rule's ID in Plesk.

    Tweet
    Share
    Share
    Email
    0 Shares
    Exit mobile version