Apache Module: ModSecurity® SDBM Utility

Last modified: March 12, 2024

Overview

Note:

We introduced this feature in cPanel & WHM version 62.

cPanel & WHM provides the ModSecurity SDBM utility to purge expired entries from the /var/cpanel/secdatadir/ip.pag cache file. ModSecurity stores variables in this file, but does not automatically clean up the file when the variables expire. We provide this utility only as a package for EasyApache 4 systems.

Install the SDBM utility

To install the ModSecurity SDBM utility, run the following command:

Operating System	Command
CentOS 7	`yum install ea-modsec-sdbm-util`
AlmaLinux OS and Rocky Linux™	`dnf install ea-modsec-sdbm-util`
Ubuntu®	`apt install --purge ea-modsec-sdbm-util`

This package installs the /usr/sbin/modsec-sdbm-util binary.

Run the SDBM utility

The /scripts/maintenance script calls the SDBM utility if the utility exists on the system. We strongly recommend that you allow the maintenance script to run the utility.

Run the utility manually

Use the /scripts/shrink_modsec_ip_database script to run the SDBM utility. This script serves as a wrapper for the /usr/sbin/modsec-sdbm-util binary. This wrapper only functions when the utility exists on the system. To execute the script and purge expired entries from the /var/cpanel/secdatadir/ip.pag cache file, run the following command:

/scripts/shrink_modsec_ip_database -x

You can also run the following commands in a shell to purge the cache file:

1
2
3
4
5


/usr/sbin/modsec-sdbm-util -D /var/cpanel/secdatadir -v -n /var/cpanel/secdatadir/ip.pag &&\
  rm /var/cpanel/secdatadir/ip.pag &&\
  rm /var/cpanel/secdatadir/ip.dir &&\
  mv /var/cpanel/secdatadir/new_db.pag /var/cpanel/secdatadir/ip.pag &&\
  mv /var/cpanel/secdatadir/new_db.dir /var/cpanel/secdatadir/ip.dir

Important:

If you execute the utility manually, you must run the /scripts/restartsrv_httpd command after the utility completes.
Typical cPanel & WHM installations do not require that you run the script manually.