Information Technology
Development and Enhancement
Development and Enhancement
That message is coming from ModSecurity’s cleanup routine, which periodically purges expired entries (“stale” collections) from its on-disk DBM store. When it can’t open the DBM file(s) under the directory you’ve configured (SecDataDir /var/cpanel/secdatadir), you’ll see exactly that error.
Here’s how to troubleshoot and resolve it:
Verify that the directory exists
If it doesn’t exist, create it:
2. Check ownership and permissions
ModSecurity runs in the web-server context (e.g. apache, www-data or nobody depending on your distro), so that user must be able to read/write in that directory. For example, on CentOS with Apache running as apache:
Adjust the user/group if your server uses something else.
2. SELinux contexts (if enabled)
If SELinux is enforcing, the directory also needs the proper file context so Apache/ModSecurity can write to it. You can set it with:
(You’ll need the policycoreutils-python-utils package to have semanage.)
4. Confirm DBM library support
ModSecurity’s “collections” feature uses a DBM library (e.g. gdbm or db4). Make sure the appropriate DBM development packages were installed when ModSecurity was built. On Red Hat–derived systems:
Then rebuild or reinstall ModSecurity so it has DBM support.
5. Restart Apache (with ModSecurity)
After fixing the directory and permissions, reload or restart your web server to let ModSecurity pick up the change:
(Or service apache2 restart on Debian/Ubuntu.)
6. Alternative workaround
If you can’t use /var/cpanel/secdatadir for some reason, you can point ModSecurity at another writable path in your config:
Once the directory exists, is writable by your web-server user, and SELinux contexts (if any) are correct, you should stop seeing the error in your logs.
Following the above steps accurately, will resolve the error. The “Failed to access DBM file” messages should stop entirely. If they persist, double-check that no other security framework (SELinux, AppArmor, CSF, Imunify, etc.) is blocking access to that directory.