Cpanel on Centos 7 with Easyapache4, Apache 2.4, nto work

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
tamainutdc
New Forum User
New Forum User
Posts: 3
Joined: Mon Sep 02, 2013 8:39 am
Location: Tiznit (Morocco)

Cpanel on Centos 7 with Easyapache4, Apache 2.4, nto work

Unread post by tamainutdc »

Hi.

I've installed on my server and VPS modsecurity and rules of AtomicCorp over Centos 6, Easypache3 an old Apache.

Now I'm trying to install on VPS with Centos 7, Easyapache 4 over Apache 2.4 and fail.

I use this https://www.atomicorp.com/wiki/index.ph ... rity_Rules

Code: Select all

dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: AH00526: Syntax error on line 33 of /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: ModSecurity: Found another rule with the same id

Code: Select all

SecRule REQUEST_FILENAME "\.((m|j)pe?g4?|bmp|tiff?|p((p|g|b)m|n(g|m))|gif|js|css|ico|avi|w(mv|ebp)|mp(3|4)|cgm|svg|swf|og(m|v|x))$" phase:2,pass,t:none,t:lowercase,nolog,id:333946,skipAfter:END_ANTI_MALWARE

Well.. I search on files for 333946 and not any rule duplicate on my sistem.

httpd.conf

Code: Select all

Include "/etc/apache2/conf.modules.d/*.conf
/etc/apache2/conf.modules.d/800-mod_security2.conf

Code: Select all

# Mod Security requires Apache's mod_unique_id to operate
<IfModule mod_unique_id.c>
    LoadModule security2_module  modules/mod_security2.so
</IfModule>
/etc/apache2/conf.modules.d/modsec2.conf

Code: Select all

LoadFile /opt/xml2/lib/libxml2.so
# LoadFile /opt/lua/lib/liblua.so

<IfModule mod_security2.c>
    # See http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf
    #  "Add the rules that will do exactly the same as the directives"
    # SecFilterCheckURLEncoding On
    # SecFilterForceByteRange 0 255

    <IfModule mod_ruid2.c>
      SecAuditLogStorageDir /etc/apache2/logs/modsec_audit
      SecAuditLogType Concurrent
    </IfModule>
    <IfModule itk.c>
       SecAuditLogStorageDir /etc/apache2/logs/modsec_audit
       SecAuditLogType Concurrent
    </IfModule>

    SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug.log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"
    Include "/etc/apache2/conf.d/modsec2.user.conf"
    Include "/etc/apache2/conf.d/modsec2.cpanel.conf"
</IfModule
/etc/apache2/conf.d/modsec2.user.conf

Code: Select all

SecRequestBodyAccess On
 #SecAuditLogType Concurrent
 SecResponseBodyAccess On
 SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 2621440
 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
 SecServerSignature Apache
 SecUploadDir /var/asl/data/suspicious
 SecUploadKeepFiles Off
 SecAuditLogParts ABIFHZ
 SecArgumentSeparator "&"
 SecCookieFormat 0
 SecRequestBodyInMemoryLimit 131072
 SecDataDir /var/asl/data/msa
 SecTmpDir /tmp
 SecAuditLogStorageDir /var/asl/data/audit
 SecResponseBodyLimitAction ProcessPartial

#Files coment for tru with minimum conf. But this work on other server
#Include /etc/apache2/conf/modsec_rules/00_asl_z_antievasion.conf
#Include /etc/apache2/conf/modsec_rules/00_asl_zz_strict.conf
#Include /etc/apache2/conf/modsec_rules/09_asl_rules.conf
#Include /etc/apache2/conf/modsec_rules/10_asl_antimalware.conf
#Include /etc/apache2/conf/modsec_rules/10_asl_rules.conf
#Include /etc/apache2/conf/modsec_rules/11_asl_adv_rules.conf
#Include /etc/apache2/conf/modsec_rules/20_asl_useragents.conf
#Include /etc/apache2/conf/modsec_rules/30_asl_antispam.conf
#Include /etc/apache2/conf/modsec_rules/50_asl_rootkits.conf
#Include /etc/apache2/conf/modsec_rules/60_asl_recons.conf
#Include /etc/apache2/conf/modsec_rules/61_asl_recons_dlp.conf
#Include /etc/apache2/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf


#PCRE lios
Include /etc/apache2/conf/pcre_modsecurity_exceeded_limits.conf
Include /etc/apache2/conf/modsec2.whitelist.conf
/etc/apache2/conf/pcre_modsecurity_exceeded_limits.conf

Code: Select all

SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
/etc/apache2/conf/modsec2.whitelist.conf (empty but exist)

/etc/apache2/conf.d/modsec2.cpanel.conf (empty file but exists)


Error when try up Apache2

Code: Select all

systemctl status httpd.service
● httpd.service - Apache web server managed by cPanel EasyApache
   Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since mié 2015-12-23 09:17:40 CET; 1s ago
  Process: 6938 ExecStart=/usr/local/cpanel/scripts/restartsrv_httpd --no-verbose (code=exited, status=1/FAILURE)
 Main PID: 6280 (code=exited, status=0/SUCCESS)

dic 23 09:17:39 5.135.93.103.tamainut.net systemd[1]: Starting Apache web server managed by cPanel EasyApache...
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: AH00526: Syntax error on line 33 of /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: ModSecurity: Found another rule with the same id
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: httpd.service: control process exited, code=exited status=1
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: Failed to start Apache web server managed by cPanel EasyApache.
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: Unit httpd.service entered failed state.
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: httpd.service failed.
I don't inderstand problem

Apreciate help.
User avatar
hostingg
Forum User
Forum User
Posts: 63
Joined: Mon Mar 18, 2013 6:26 pm
Location: Earth

Re: Cpanel on Centos 7 with Easyapache4, Apache 2.4, nto wor

Unread post by hostingg »

that means you're loading the rules twice

youve got a pretty complicated apache configuration so if I had to guess

#1 you have a wild card in some other file loading all the rules which then get loaded again because youve explicitly defined them

#2 you have another configuration file thats also loading the rules

#3 both

that error only happens if you load the same rule twice
If everything was easy, then the world wouldn't need engineers.
Post Reply