Skip to main content

ModSecurity: Audit log: Failed to unlock global mutex: Permission denied

When using Cpanel 11.34.4 with mod_security (with ASL rules) + mod_ruid2 I got this error in Apache error log:

ModSecurity: Audit log: Failed to unlock global mutex: Permission denied

To solve:

put this lines into /usr/local/apache/conf/modsec2.user.conf

  SecAuditLogStorageDir /var/asl/data/audit
  SecAuditLogType Concurrent

Be sure you have right permissions under /var/asl/

UPDATE

You may still see this message in the error log file:

[Thu Feb 07 09:49:14 2013] [error] [client 199.115.231.231] ModSecurity: Audit log: Failed to create subdirectories: /var/asl/data/audit/20130207/20130207-0949 (Permission denied)

This is caused because each subdirectory is created with each apache httpd process owner, because of mod_ruid2 functionality. To solve this issue I’ve added this new mod_security directives for creating the logs subdirectories with the correct permissions.

SecAuditLogDirMode 0777
SecAuditLogFileMode 0550
SecAuditLogStorageDir /var/asl/data/audit
SecAuditLogType Concurrent

The last thing you have to do to allow to apache setting this file permissions when creating new files is set correct file creation mask.

I’ve edited /etc/init.d/httpd file and I’ve added this line at the top:

umask 000

14 thoughts to “ModSecurity: Audit log: Failed to unlock global mutex: Permission denied”

  1. Only problem when changing ‘SecAuditLogType’ to Concurrent is that you will start to get these errors:
    “ModSecurity: Audit log: Failed to create subdirectories: /var/asl/data/audit/20121024/20121024-1235 (Permission denied)”

    1. Adam, I am not getting that. I had these directories created:

      – /var/asl/data/msa
      – /var/asl/data/suspicious
      – /var/asl/data/audit

      I think you should create the directory /var/asl/data/audit and set the right permissions so everyone can write.

  2. I believe what you posted made a ton of sense. But, think on this, suppose
    you added a little content? I mean, I don’t want to tell you
    how to run your website, however suppose you added a title to maybe get a person’s attention?
    I mean ModSecurity: Audit log: Failed to unlock global mutex:
    Permission denied | There has been an undefined error…
    is kinda plain. You might peek at Yahoo’s home page and watch how they create post titles to get viewers to click.
    You might try adding a video or a related picture or two to get readers interested about everything’ve written.
    In my opinion, it would make your posts a little bit
    more interesting.

  3. Pingback: Alvera
  4. Pingback: Continue
  5. Pingback: truxillofirm.com
  6. Pingback: watches
  7. To solve the problem Audit log: Failed to lock global mutex: Permission denied
    Using mod_ruid2 and mod_security together:

    find the configuration file which loads finally in mod security (example: /usr/local/apache/conf/modsec2.cpanel.conf)

    Add these line to the end of file:

    SecAuditLogDirMode 1733
    SecAuditLogFileMode 0550
    SecAuditLogType Concurrent
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit

    Check the directory of /usr/local/apache/logs/modsec_audit for proper permissions of : 1733

    This solved my problem
    Regards
    Farhad Sakhaei

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.