Apache down

biggles · Unread post by **biggles** » Thu Oct 02, 2014 8:36 am

I have opened a support ticket, but until it gets picked up I was hoping for some help here.

I updated to 4.0.6 and enabled the new Threat Intelligence System. After that apache isn't working anymore. Neither is the ASL web gui. I just get a page saying ERR_EMPTY_RESPONSE. I have tried to disable IPtables, runnign asl -s -f, running aum -uf, rebooting.

asl -s -f displays:
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist

Something is definitely wrong. Anyone got an idea where to start looking?

biggles · Unread post by **biggles** » Thu Oct 02, 2014 9:54 am

Stil no reply from support.

By manually disabling mod_sec and way I can now access web servers. ASL web is still missing.

MODSEC_ENABLED="no"
WAF_ENGINE="no"

Unread post by **mikeshinn** » Thu Oct 02, 2014 12:02 pm

We just requested access to the system, can you let the support guys know when you have granted them access?

biggles · Unread post by **biggles** » Thu Oct 02, 2014 12:14 pm

Access granted!

Unread post by **mikeshinn** » Thu Oct 02, 2014 4:35 pm

We found the problem. Your DNS server was appending your domain to every query, and there was a wildcard for your domain, which caused everything to return with a hit. So, we added in some code on our end to force lookups in a way that didnt let your DNS do that, at least for the queries we make. So for our queries you're good to go now.

biggles · Unread post by **biggles** » Fri Oct 03, 2014 1:42 am

Thanks a bunch!

Unread post by **scott** » Fri Oct 03, 2014 9:04 am

Related, If you're using spamassassin, and are having strange results with false positives, that DNS issue might be the culprit

biggles · Unread post by **biggles** » Fri Oct 03, 2014 3:54 pm

ok, any tips how to fix it?

DarkF@der · Unread post by **DarkF@der** » Sun Oct 05, 2014 5:23 pm

Ok i see this also on my VM's

Starting Atomic Secured Linux scan, please be patient ...

ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist

faris · Unread post by **faris** » Sun Oct 05, 2014 7:22 pm

I would sort of expect that, as ipset is not usually supported in VMs (Certainly not Virtuozzo and OpenVZ anyway).

The ipset executable can be installed and may well be installed but won't do anything useful. So when ASL tries to use it, it ends up doing nothing or returning an error.

Presumably ASL then falls back to iptables.

That's my guess anyway.

DarkF@der · Unread post by **DarkF@der** » Mon Oct 06, 2014 6:20 am

It's a KVM VM's and running the asl kernel.

faris · Unread post by **faris** » Mon Oct 06, 2014 8:31 am

oh, in that case ignore me.

Unread post by **scott** » Mon Oct 06, 2014 9:07 am

Its a harmless message, thats something we'll suppress in the next update. Its just swapping lists during an update. It keeps you from having a window where there are no firewall rules like you'd have with an iptables based firewall.

Unread post by **mikeshinn** » Mon Oct 06, 2014 1:23 pm

And yes you are correct Faris, if the box does not support ipset ASL will fail back to iptables.

Atomicorp

Apache down

Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down

Re: Apache down