store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Aug 22, 2019 2:02 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Cpanel on Centos 7 with Easyapache4, Apache 2.4, nto work
Unread postPosted: Wed Dec 23, 2015 4:31 am 
Offline
New Forum User
New Forum User

Joined: Mon Sep 02, 2013 8:39 am
Posts: 3
Location: Tiznit (Morocco)
Hi.

I've installed on my server and VPS modsecurity and rules of AtomicCorp over Centos 6, Easypache3 an old Apache.

Now I'm trying to install on VPS with Centos 7, Easyapache 4 over Apache 2.4 and fail.

I use this https://www.atomicorp.com/wiki/index.ph ... rity_Rules

Code:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: AH00526: Syntax error on line 33 of /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: ModSecurity: Found another rule with the same id


Code:
SecRule REQUEST_FILENAME "\.((m|j)pe?g4?|bmp|tiff?|p((p|g|b)m|n(g|m))|gif|js|css|ico|avi|w(mv|ebp)|mp(3|4)|cgm|svg|swf|og(m|v|x))$" phase:2,pass,t:none,t:lowercase,nolog,id:333946,skipAfter:END_ANTI_MALWARE



Well.. I search on files for 333946 and not any rule duplicate on my sistem.

httpd.conf
Code:
Include "/etc/apache2/conf.modules.d/*.conf


/etc/apache2/conf.modules.d/800-mod_security2.conf
Code:
# Mod Security requires Apache's mod_unique_id to operate
<IfModule mod_unique_id.c>
    LoadModule security2_module  modules/mod_security2.so
</IfModule>


/etc/apache2/conf.modules.d/modsec2.conf
Code:
LoadFile /opt/xml2/lib/libxml2.so
# LoadFile /opt/lua/lib/liblua.so

<IfModule mod_security2.c>
    # See http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf
    #  "Add the rules that will do exactly the same as the directives"
    # SecFilterCheckURLEncoding On
    # SecFilterForceByteRange 0 255

    <IfModule mod_ruid2.c>
      SecAuditLogStorageDir /etc/apache2/logs/modsec_audit
      SecAuditLogType Concurrent
    </IfModule>
    <IfModule itk.c>
       SecAuditLogStorageDir /etc/apache2/logs/modsec_audit
       SecAuditLogType Concurrent
    </IfModule>

    SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug.log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"
    Include "/etc/apache2/conf.d/modsec2.user.conf"
    Include "/etc/apache2/conf.d/modsec2.cpanel.conf"
</IfModule


/etc/apache2/conf.d/modsec2.user.conf
Code:
SecRequestBodyAccess On
 #SecAuditLogType Concurrent
 SecResponseBodyAccess On
 SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 2621440
 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
 SecServerSignature Apache
 SecUploadDir /var/asl/data/suspicious
 SecUploadKeepFiles Off
 SecAuditLogParts ABIFHZ
 SecArgumentSeparator "&"
 SecCookieFormat 0
 SecRequestBodyInMemoryLimit 131072
 SecDataDir /var/asl/data/msa
 SecTmpDir /tmp
 SecAuditLogStorageDir /var/asl/data/audit
 SecResponseBodyLimitAction ProcessPartial

#Files coment for tru with minimum conf. But this work on other server
#Include /etc/apache2/conf/modsec_rules/00_asl_z_antievasion.conf
#Include /etc/apache2/conf/modsec_rules/00_asl_zz_strict.conf
#Include /etc/apache2/conf/modsec_rules/09_asl_rules.conf
#Include /etc/apache2/conf/modsec_rules/10_asl_antimalware.conf
#Include /etc/apache2/conf/modsec_rules/10_asl_rules.conf
#Include /etc/apache2/conf/modsec_rules/11_asl_adv_rules.conf
#Include /etc/apache2/conf/modsec_rules/20_asl_useragents.conf
#Include /etc/apache2/conf/modsec_rules/30_asl_antispam.conf
#Include /etc/apache2/conf/modsec_rules/50_asl_rootkits.conf
#Include /etc/apache2/conf/modsec_rules/60_asl_recons.conf
#Include /etc/apache2/conf/modsec_rules/61_asl_recons_dlp.conf
#Include /etc/apache2/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf


#PCRE lios
Include /etc/apache2/conf/pcre_modsecurity_exceeded_limits.conf
Include /etc/apache2/conf/modsec2.whitelist.conf


/etc/apache2/conf/pcre_modsecurity_exceeded_limits.conf
Code:
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000


/etc/apache2/conf/modsec2.whitelist.conf (empty but exist)

/etc/apache2/conf.d/modsec2.cpanel.conf (empty file but exists)


Error when try up Apache2
Code:
systemctl status httpd.service
● httpd.service - Apache web server managed by cPanel EasyApache
   Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since mié 2015-12-23 09:17:40 CET; 1s ago
  Process: 6938 ExecStart=/usr/local/cpanel/scripts/restartsrv_httpd --no-verbose (code=exited, status=1/FAILURE)
 Main PID: 6280 (code=exited, status=0/SUCCESS)

dic 23 09:17:39 5.135.93.103.tamainut.net systemd[1]: Starting Apache web server managed by cPanel EasyApache...
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: AH00526: Syntax error on line 33 of /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: ModSecurity: Found another rule with the same id
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: httpd.service: control process exited, code=exited status=1
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: Failed to start Apache web server managed by cPanel EasyApache.
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: Unit httpd.service entered failed state.
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: httpd.service failed.


I don't inderstand problem

Apreciate help.


Top
 Profile  
Reply with quote  
 Post subject: Re: Cpanel on Centos 7 with Easyapache4, Apache 2.4, nto wor
Unread postPosted: Thu Dec 24, 2015 1:20 pm 
Offline
Forum User
Forum User
User avatar

Joined: Mon Mar 18, 2013 6:26 pm
Posts: 63
Location: Earth
that means you're loading the rules twice

youve got a pretty complicated apache configuration so if I had to guess

#1 you have a wild card in some other file loading all the rules which then get loaded again because youve explicitly defined them

#2 you have another configuration file thats also loading the rules

#3 both

that error only happens if you load the same rule twice

_________________
If everything was easy, then the world wouldn't need engineers.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group