I've installed on my server and VPS modsecurity and rules of AtomicCorp over Centos 6, Easypache3 an old Apache.
Now I'm trying to install on VPS with Centos 7, Easyapache 4 over Apache 2.4 and fail.
I use this https://www.atomicorp.com/wiki/index.ph ... rity_Rules
Code: Select all
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: AH00526: Syntax error on line 33 of /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: ModSecurity: Found another rule with the same id
Code: Select all
SecRule REQUEST_FILENAME "\.((m|j)pe?g4?|bmp|tiff?|p((p|g|b)m|n(g|m))|gif|js|css|ico|avi|w(mv|ebp)|mp(3|4)|cgm|svg|swf|og(m|v|x))$" phase:2,pass,t:none,t:lowercase,nolog,id:333946,skipAfter:END_ANTI_MALWARE
Well.. I search on files for 333946 and not any rule duplicate on my sistem.
httpd.conf
Code: Select all
Include "/etc/apache2/conf.modules.d/*.conf
Code: Select all
# Mod Security requires Apache's mod_unique_id to operate
<IfModule mod_unique_id.c>
LoadModule security2_module modules/mod_security2.so
</IfModule>
Code: Select all
LoadFile /opt/xml2/lib/libxml2.so
# LoadFile /opt/lua/lib/liblua.so
<IfModule mod_security2.c>
# See http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf
# "Add the rules that will do exactly the same as the directives"
# SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
<IfModule mod_ruid2.c>
SecAuditLogStorageDir /etc/apache2/logs/modsec_audit
SecAuditLogType Concurrent
</IfModule>
<IfModule itk.c>
SecAuditLogStorageDir /etc/apache2/logs/modsec_audit
SecAuditLogType Concurrent
</IfModule>
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 0
SecDefaultAction "phase:2,deny,log,status:406"
Include "/etc/apache2/conf.d/modsec2.user.conf"
Include "/etc/apache2/conf.d/modsec2.cpanel.conf"
</IfModule
Code: Select all
SecRequestBodyAccess On
#SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
#Files coment for tru with minimum conf. But this work on other server
#Include /etc/apache2/conf/modsec_rules/00_asl_z_antievasion.conf
#Include /etc/apache2/conf/modsec_rules/00_asl_zz_strict.conf
#Include /etc/apache2/conf/modsec_rules/09_asl_rules.conf
#Include /etc/apache2/conf/modsec_rules/10_asl_antimalware.conf
#Include /etc/apache2/conf/modsec_rules/10_asl_rules.conf
#Include /etc/apache2/conf/modsec_rules/11_asl_adv_rules.conf
#Include /etc/apache2/conf/modsec_rules/20_asl_useragents.conf
#Include /etc/apache2/conf/modsec_rules/30_asl_antispam.conf
#Include /etc/apache2/conf/modsec_rules/50_asl_rootkits.conf
#Include /etc/apache2/conf/modsec_rules/60_asl_recons.conf
#Include /etc/apache2/conf/modsec_rules/61_asl_recons_dlp.conf
#Include /etc/apache2/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
#PCRE lios
Include /etc/apache2/conf/pcre_modsecurity_exceeded_limits.conf
Include /etc/apache2/conf/modsec2.whitelist.conf
Code: Select all
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
/etc/apache2/conf.d/modsec2.cpanel.conf (empty file but exists)
Error when try up Apache2
Code: Select all
systemctl status httpd.service
● httpd.service - Apache web server managed by cPanel EasyApache
Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since mié 2015-12-23 09:17:40 CET; 1s ago
Process: 6938 ExecStart=/usr/local/cpanel/scripts/restartsrv_httpd --no-verbose (code=exited, status=1/FAILURE)
Main PID: 6280 (code=exited, status=0/SUCCESS)
dic 23 09:17:39 5.135.93.103.tamainut.net systemd[1]: Starting Apache web server managed by cPanel EasyApache...
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: AH00526: Syntax error on line 33 of /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: ModSecurity: Found another rule with the same id
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: httpd.service: control process exited, code=exited status=1
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: Failed to start Apache web server managed by cPanel EasyApache.
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: Unit httpd.service entered failed state.
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: httpd.service failed.
Apreciate help.