Cannot update rules

Community support forums for the free/delayed modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the delayed modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
andreihn
New Forum User
New Forum User
Posts: 4
Joined: Wed Nov 29, 2017 4:14 am
Location: Romania

Cannot update rules

Unread post by andreihn »

Hi

CloudLinux release 7.4 (Georgy Grechko)
Plesk 17.5.3 CentOS 7 1705170317.16

I get the bellow err. I think the tortix update URL is wrong. What need to be tweaked?

Failed to install the ModSecurity rule set: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: Signature made Tue Nov 28 13:07:08 2017 WET using RSA key ID 4520AFA9 gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A 4520 AFA9 TERM environment variable not set. One of the configured repositories failed (Unknown), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Run the command with the repository temporarily disabled yum --disablerepo=<repoid> ... 4. Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable <repoid> or subscription-manager repos --disable=<repoid> 5. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true Cannot find a valid baseurl for repo: tortix-common/7.4/x86_64 Command '/bin/bash < /tmp/tmpQgMJyP/aum' returned non-zero exit status 1 Unable to download tortix rule set
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Cannot update rules

Unread post by mikeshinn »

The yum repo path is wrong. It looks like Plesk isnt setting it up right. What happens when you run the updater from the command line:

aum -u
andreihn
New Forum User
New Forum User
Posts: 4
Joined: Wed Nov 29, 2017 4:14 am
Location: Romania

Re: Cannot update rules

Unread post by andreihn »

aum -u
Checking versions ...

Updating asl components
(this may take several minutes)
Updating ASL Core: successful [PASS]
Updating Web Application Firewall to 201712061445: updated [PASS]

Warning: Not an array or iterable object in foreach, variable is NULL in src/component/c_apache.php on line 29
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- [Wed Dec 06 19:58:03.353508 2017] [so:warn] [pid 5664:tid 139959091329152] AH01574: module unique_id_module is already loaded, skipping||[Wed Dec 06 19:58:03.387691 2017] [so:warn] [pid 5664:tid 139959091329152] AH01574: module security2_module is already loaded, skipping||AH00526: Syntax error on line 35 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:||ModSecurity: Found another rule with the same id'
2 601 c_modsec::apply_rules There is a problem with the apache config: 1
2 601 c_modsec::apply_rules There is a problem with the apache config: Rolling back to the previous update
2 48 c_modsec::apply_rules Reverting all changes
2 48 ASLRBC::rollback_file Could not retrieve versions for /etc/asl/system.properties
3 600 c_modsec::apply_rules Errors occurred with Apache
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Cannot update rules

Unread post by mikeshinn »

OK, so this error:
AH00526: Syntax error on line 35 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:||ModSecurity: Found another rule with the same id'
Is whats wrong with your system. Something has installed a set of modsecurity rules twice (or some custom rules have identical id numbers to other rules you have installed). You'll want to contact Plesk about this as its Plesk thats controlling whats rules are installed on your system, and they need to fix whatever theyre doing thats installing the same rules twice since modsecurity wont allow that.
Post Reply