How to list domains who has Mod_security disabled on server currently.

bhawanisingh

Administrator
Staff member
Today we will learn about the tool Mod_security provided to cPanel users. Sometimes user make it disable and forget to enable it again due to which their account get compromised very easily.

Now, as a server admin your responsibility is to monitor on which accounts mod_security is disabled and you have to enable it again.
First of all, you should be aware that if any user disable/enable mod_security from cPanel their logs get recorded under "/usr/local/cpanel/logs/access_log".
One way to find out which all users have used this tool can be identified these logs:
cat /usr/local/cpanel/logs/access_log | grep '/execute/ModSecurity/disable_domains' | cut -d '-' -f2 | cut -d '[' -f1 | sort | uniq -c
You will get those users name who has disabled the Mod_security from their cPanel. But you are not confirm whether they have enabled it back or not.
So to find out which all users have currently disabled their mod_security in cPanel can be found using command:
for OUTPUT in $(cat /etc/trueuserowners | cut -d : -f 1)
do
result=$(uapi --user=$OUTPUT ModSecurity list_domains | grep 'total_disabled' | cut -d '' -f1 | cut -d ':' -f2)
if [ $result != '0' ]
then
echo $OUTPUT >> /usr/src/disabled-domains.txt
uapi --user=$OUTPUT ModSecurity list_domains | grep 'total_disabled' >> /usr/src/disabled-domains.txt
fi
done
To enable mod_security for all domains of all users on server, run this command:
for OUTPUT in $(cat /etc/trueuserowners | cut -d : -f 1)
do
result=$(uapi --user=$OUTPUT ModSecurity list_domains | grep 'total_disabled' | cut -d '' -f1 | cut -d ':' -f2)
if [ $result != '0' ]
then
echo $OUTPUT
echo $OUTPUT >> /usr/src/disabled-domains.txt
uapi --user=$OUTPUT ModSecurity list_domains | grep 'total_disabled'
uapi --user=$OUTPUT ModSecurity list_domains | grep 'total_disabled' >> /usr/src/disabled-domains.txt
uapi --user=$OUTPUT ModSecurity enable_all_domains | grep 'domain'
fi
done
 
Last edited:
Top