[atomic] mod_ruid2 0.9.1-1

[BruceLee]

Hi mind04,

great that you registered to help out here and thank you for developing mod_ruid2 and keeping the dev going.
It's a great piece of software.

@ikkk: no I don't have that problem anymore. I haven't tested latest art version of mod_ruid2.
But I bet it's sovled there too. If nothing works you can definitely solve it by installing mod_ruid2 manually via apxs.
where is the <IfModule mod_ruid2.c> config? in httpd.conf of apache or in ruid2.conf from apache module?

[ikkk]

Bruce,

It only seems to be affecting me on some mod_security rules i have since noted, problem is as it wont log them i dont know what they are to look into the issue further

Trying to replicate the issue on a test account as the main user i was trying this for isnt happy with his site being offline (understandable)

The lines are in the ruid.conf file in /etc/httpd/conf.d/ as per the default install. I did try the latest 0.9.3 from source (with the patch you linked too) and had the same issues still.

Will try to recreate the issue to look into this further, as per the emails to yourself mind04

[scott]

Have you tried just making the parent /var/asl/data/audit/ dir writeable? I noted with sessions and cache fles the user context of the files created under mod_ruid2 were always 0600.

And welcome minde, if our pattern keeps up every time I put out a mod_ruid2 rpm update you put out an upstream update the day after. That would mean 0.9.4 would come out sometime today

[ikkk]

Yep that was the first thing i tried - even going as far as setting it as a tmp directory to see if that helped as well, but the folders within audit are created at 750 which is where the problem comes in i think.

So far been unable to find a way to repeat these issues except on this one users site - maybe its some strange wordpress plugin causing the issue - dont know yet!

[biggles]

Since starting using mod_ruid2 I have started to get some segfaults from apache. Some like the onces described http://www.atomicorp.com/forums/viewtop ... 8&start=90. I'm not sure it's related, but I haven't had any of these segfaults before. Anyone else experiencing similar behavior?

[pomak]

Yes me too! as like as i described below

http://atomicorp.com/forums/viewtopic.p ... 174#p27167

Since starting using mod_ruid2 I have started to get some segfaults from apache. Some like the onces described http://www.atomicorp.com/forums/viewtop ... 8&start=90. I'm not sure it's related, but I haven't had any of these segfaults before. Anyone else experiencing similar behavior?

[biggles]

Got a core dump during the night (quite a lot of these errors seem to happen right after 4 AM, GMT+1). Unfortunately I get an error when I try to GDB it...

"/tmp/apache2-gdb-dump/core.10831": not in executable format: File format not recognized

[BruceLee]

hmm, I still had no time to go live.
Some thoughts:
4AM could have something to do with ASL application scan. Not that the scan is causing it but it abets it and helps to get to root of the evil .
Besides that, have you tried uninstalling/disabling other apache related things like eaccelerator,apc,zend-optimizer ?
I would try that to track down the root of the problem. If apache segfaults without anything other loaded than it will get more tricky.
But maybe it's a combination of mod_ruid2 and one of those three. And than it's easier to fix it. I could imagine that mind04 would tkae care of that quickly.

[biggles]

Great thinking. Removed eaccelerator to see if it helps.

[biggles]

Anew dump tonight at 4.10 AM. Re-enabled php-eaccelerator. Trying tonight without zend.

BTW: I found out how to use gdb. Didn't give much though.

Code: Select all

Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
#0  0xa377f9c4 in ?? ()

[scott]

you also need the -debug builds of whatever software you're debugging.

[biggles]

Hm, now I'm kinda lost. I'm trying to find out why apache seg faults every night and sometimes during day as well. How can I get a debug package for apache?

[scott]

its called httpd-debuginfo I believe

[biggles]

Two days without crash. So far it seems like removing zend was a good thing.

[BruceLee]

ha, again Zend.
One entry more on the list of things that Zend Optimizer does not work with.