ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied

The error Failed to access DBM file /var/cpanel/secdatadir/ip: Permission denied can occur on systems where the process is owned by an account which does not have the proper permissions to modify a global file. For such cases the following may be used to resolve the issue.

/var/cpanel/secdatadir/ip for example is used for storing collections data but is often set for apache or root. You would have to find the modsecurity rule which uses the "initcol" function for "ip," and comment out the rule entirely so the collection is not made to begin with. This will obviously break any rules that need the collection data, but most webapp defence rules (aside from brute force) don't use collections much. If you are using the WHM vendor management for the automated rule updates, you would want to disable updates for the file that initiates the collections if you do this. Once the particular rules have been disabled restart Apache and the errors should then go away.

In the case you were using mod_ruid2 and have moved away from it, you should remove /var/cpanel/secdatadir/ip.dir and ip.pag in the same directory. Restart apache and it should be recreated with proper permissions. In some cases removing the IP based rules will still be necessary.

Also Read