store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Aug 08, 2020 7:34 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: error duing asl -s scan
Unread postPosted: Sun Mar 08, 2020 10:30 am 
Offline
Forum User
Forum User

Joined: Fri Oct 24, 2014 6:05 pm
Posts: 14
Location: Philadelphia
we just upgrade our server which is using Direct admin.

I copied the config file and ran the unattended install and then created the db.

There were some errors displayed during the install but it appears to have completed.

There are some errors displayed at the end of the asl -s scan

Generating Report ...
httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory
complete

I am also seeing some error messages at the bottom of the console and I'm not sure where to find those.

Do you have some suggestions for making sure everything is working properly?

Thanks


Top
 Profile  
Reply with quote  
 Post subject: Re: error duing asl -s scan
Unread postPosted: Sun Mar 08, 2020 11:48 am 
Offline
Forum User
Forum User

Joined: Fri Oct 24, 2014 6:05 pm
Posts: 14
Location: Philadelphia
here are some of the messages from the bottom of the screen

(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-logcollec
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-syscheckd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-monitord


Top
 Profile  
Reply with quote  
 Post subject: Re: error duing asl -s scan
Unread postPosted: Sun Mar 08, 2020 3:31 pm 
Offline
Forum User
Forum User

Joined: Fri Oct 24, 2014 6:05 pm
Posts: 14
Location: Philadelphia
when I run asl -s -f I receive this at the end

Warning: Not an array or iterable object in foreach, variable is NULL in component/c_apache.php on line 29
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'
2 601 c_modsec::apply_rules There is a problem with the apache config: 1
2 601 c_modsec::apply_rules There is a problem with the apache config: Rolling back to the previous update
2 48 c_modsec::apply_rules Reverting all changes
2 48 ASLRBC::rollback_file Could not retrieve versions for /etc/asl/system.properties
2 48 ASLRBC::rollback_file No valid previous version found for /etc/httpd/modsecurity.d/05_asl_exclude.conf
3 600 c_modsec::apply_rules Errors occurred with Apache


Top
 Profile  
Reply with quote  
 Post subject: Re: error duing asl -s scan
Unread postPosted: Tue Mar 10, 2020 11:18 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4105
Location: Chantilly, VA
So this error:

Quote:
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'


Means modsecurity has been removed from the system. Lets try forcing an update to see if that fixes it. Whats the output of:

aum -uf

And then do you see any error with "asl -s"?

If you do, then re-run the ASL/AWP installer and please contact support if that doesnt resolve the issue so we can take a closer look at what removed modsecurity from your system.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: error duing asl -s scan
Unread postPosted: Tue Mar 10, 2020 12:26 pm 
Offline
Forum User
Forum User

Joined: Fri Oct 24, 2014 6:05 pm
Posts: 14
Location: Philadelphia
I reinstalled modsecurity and then ran the update and now the error is gone, so that looks like it fixed it.


There are some items in the asl -s that say they are off but from what I see in the config they are turned on. like the malware items


Advanced Malware Removal Ruleset: off [MODERATE]
Just In Time Patches: off [HIGH]
Basic Malware Removal Ruleset: off [MODERATE]
Malicious Output Detector: off [MODERATE]
Web Malware Upload Scanner: off [HIGH]
TrueStats Protection Ruleset: off [PASS]


Top
 Profile  
Reply with quote  
 Post subject: Re: error duing asl -s scan
Unread postPosted: Wed Mar 11, 2020 5:43 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4105
Location: Chantilly, VA
That means these options are disabled in ASL/AWP:

Advanced Malware Removal Ruleset: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... V_REDACTOR

Just In Time Patches: off [HIGH]

https://wiki.atomicorp.com/wiki/index.p ... EC_99_JITP

Basic Malware Removal Ruleset: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... 9_REDACTOR

Malicious Output Detector: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... ARE_OUTPUT

Web Malware Upload Scanner: off [HIGH]

https://wiki.atomicorp.com/wiki/index.p ... 99_SCANNER

TrueStats Protection Ruleset: off [PASS]

This is new and not something you can enable yet, when its released (next week is the plan) that ruleset will be enabled by default.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group