Failed to lock proc mutex: Permission denied

The error : Failed to lock proc mutex: Permission denied can occur when using mod_ruid2 with mod_security where an IP session log is required. As modsec runs under the Apacher user account and ruid2 under the username running the process, this can result in write issues to global log files which are set to root or apache. To elliminate these errors from listing in the error_log file simply remove the security rules containing reference to global IP collections. Rules 900018-900021 typically follow under this classification.


#
# -- [[ Global and IP Collections ]] -----------------------------------------------------
#
# Create both Global and IP collections for rules to use
# There are some CRS rules that assume that these two collections
# have already been initiated.
#
SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "id:'900018', phase:1, t:none,t:sha1,t:hexEncode, setvar:tx.ua_hash=%{matched_var}, nolog, pass"


SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" "id:'900019', phase:1, t:none, capture, setvar:tx.real_ip=%{tx.1}, nolog, pass"


SecRule &TX:REAL_IP "!@eq 0" "id:'900020', phase:1, t:none, initcol:global=global, initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, nolog, pass"


SecRule &TX:REAL_IP "@eq 0" "id:'900021', phase:1, t:none, initcol:global=global, initcol:ip=%{remote_addr}_%{tx.ua_hash}, setvar:tx.real_ip=%{remote_addr}, nolog, pass"

  • 141 Users Found This Useful

Was this answer helpful?

Related Articles

Disable cPanel Brute Force Command Line

To disable the cPanel brute force detection from the command line usee the following:...

Whitelisting Multiple IPs with Mod_Security

The following can be added to the main modsecurity.conf or a whitelist file such as one...

CSF Error: *WARNING* Binary location for [HOST] [/usr/bin/host] in /etc/csf/csf-conf is either incorrect, is not installed or is not executable

During a CSF start or restart you may encounter this error. This is a result of /usr/bin/host...

Recursive chmod / Permission Change Across Directories for a File Type

The following command may be very useful for changing the permissions of a file type such as .php...

This webpage is not available ERR_SSL_VERSION_OR_CIPHER_MISMATCH

This webpage is not availableERR_SSL_VERSION_OR_CIPHER_MISMATCHA secure connection cannot be...