0

I seem to getting alot of these lately in my apache error log:

Message: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/ip": Resource deadlock avoided

Server Version: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 Using modsecurity with latest OWASP ModSecurity Core Rule Set

Tried googling around, found some rules to suggested to disable but didn't fixed the problem.

Any help would be appreciated. Thank you.

Ivan
  • 893
  • 2
  • 9
  • 23

1 Answers1

3

So I think I found the solution. First I disabled all IP collection related rules in Modsec. These were the following: 900050, 900018, 900020, 900021

Then I deleted the following files in /var/cpanel/secdatadir: ip.dir and ip.pag

Errors have stopped ever since.

Ivan
  • 893
  • 2
  • 9
  • 23
  • Yes the fact ModSecurity logs persistent data to a common file isn't very scalable (there is an experimental build using memcache but not tried that yet). If you're not using any of the rules that require persisted data (e.g. DoS or Brute force rules) then best to turn those rules off that call initcol for that data. Alternatively, if you do want the rules, then only answer seems to be to leave them on and ignore these errors but then you'll notice the IP files grow and grow so you'll need to set up a job to delete it periodically. – Barry Pollard May 04 '15 at 08:53
  • How did you locate the IP collection rules? I am looking to locate the DBM file rules due to a similar issue. http://stackoverflow.com/questions/32744536/how-to-disable-modsecurity-collection-store-write-to-dbm-file – csi Sep 23 '15 at 16:15