Skip to main content

ModSecurity: Audit log: Failed to unlock global mutex: Permission denied

When using Cpanel 11.34.4 with mod_security (with ASL rules) + mod_ruid2 I got this error in Apache error log:

ModSecurity: Audit log: Failed to unlock global mutex: Permission denied

To solve:

put this lines into /usr/local/apache/conf/modsec2.user.conf

  SecAuditLogStorageDir /var/asl/data/audit
  SecAuditLogType Concurrent

Be sure you have right permissions under /var/asl/

UPDATE

You may still see this message in the error log file:

[Thu Feb 07 09:49:14 2013] [error] [client 199.115.231.231] ModSecurity: Audit log: Failed to create subdirectories: /var/asl/data/audit/20130207/20130207-0949 (Permission denied)

This is caused because each subdirectory is created with each apache httpd process owner, because of mod_ruid2 functionality. To solve this issue I’ve added this new mod_security directives for creating the logs subdirectories with the correct permissions.

SecAuditLogDirMode 0777
SecAuditLogFileMode 0550
SecAuditLogStorageDir /var/asl/data/audit
SecAuditLogType Concurrent

The last thing you have to do to allow to apache setting this file permissions when creating new files is set correct file creation mask.

I’ve edited /etc/init.d/httpd file and I’ve added this line at the top:

umask 000