Skip to main content

CloudLinux Knowledge Base

How do I check if the Imunify360 ModSecurity ruleset is up-to-date? How to update the ruleset?

Comments

9 comments

  • Milosz Rycko-Bozenski

    For Plesk and Litespeed, there is no such directory like

    /etc/httpd/conf/modsecurity.d/rules/custom/, even not /etc/httpd.

    And I don't have option for autoupdate on Plesk Imunify360 interface :(

    Running

    imunify360-agent update --force modsec-rules

    returns

    OK

    but:

    0
  • Anna

    Hello Milosz Rycko-Bozenski,

    Thanks for a question!

    If it's a Debian-based system, the path may be /etc/apache2/... Please check it on your end as well.

    Also, please mind that after the successful ruleset update, the warning in the Dashboard won't disappear immediately and it may take up to 24 hours to reflect the actual info, More at: https://cloudlinux.zendesk.com/hc/en-us/articles/4415931633042-Imunify360-dashboard-displays-Medium-or-Poor-protection-status

    Should you still experience any difficulties updating the Imunify360 ruleset on the server, please feel free to submit a ticket to our Support team.

     

    0
  • Paul

    same issue on my side

    imunify360-agent update --force modsec-rules

    OK

    cat /etc/httpd/conf/modsecurity.d/rules/custom/VERSION

    4.68

    and in plesk 

    0
  • Bogdan Shyshka

    Is this still not updated after 24h? If so please create a ticket and we would like to find the root cause of it.

    0
  • Alex Presland

    On Plesk, I found the VERSION file in
    /etc/apache2/modsecurity.d/rules/custom

    0
  • Bogdan Shyshka

    Indeed, you are right. That seems to be another possible location.

    Thank you for sharing.

    0
  • Simon Wick

    Same issue here.

    Setup: CloudLinux, Plesk, LiteSpeed

    The Imunify360 dashboard shows: "Your ModSecurity (WAF) ruleset is outdated (current version is 5.15, latest version is 5.21)..."

    cat /etc/httpd/conf/modsecurity.d/rules/custom/VERSION

    ... this shows me that version 5.15 is installed.

    Then i try to update the ruleset:

    imunify360-agent update --force modsec-rules

    "OK" returned. But still version 5.15 is installed and the Imunify360 dashboard shows the warning.

    Any solution for this? Thanks for your help!

    0
  • Anna

    Hello,

    Are there any errors related to the rules/files update inside /var/log/imunify360/error.log? Also, does the server have only 1 ruleset configured? What's inside

    /etc/httpd/conf/modsecurity.d/rules

    ? Also does this one reflects Imunify rules only?

    # apachectl -t -D DUMP_INCLUDES | grep modsec

    You can also try the extreme method to reinstall the ruleset and check if the most version is delivered. This can be done with:

    # imunify360-agent uninstall-vendors

    After uninstalling, make sure to remove the line in the ModSecurity settings for Plesk (the section is called "Custom directives" - it should be empty. The proceed to:

    # imunify360-agent install-vendors

    Then, check if no errors exist with:

    # apachectl -t

    In case everything looks good from the first glance after the ruleset reinstalltion but the version is still not recent, please submit a ticket to us and we will take a closer look (:

    0
  • Simon Wick

    Thank you! The uninstall/reinstall made it work and the version is up to date again. I will see if the problem occurs again...

    0

Please sign in to leave a comment.