Atomicorp

we just upgrade our server which is using Direct admin.

I copied the config file and ran the unattended install and then created the db.

There were some errors displayed during the install but it appears to have completed.

There are some errors displayed at the end of the asl -s scan

Generating Report ...
httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory
complete

I am also seeing some error messages at the bottom of the console and I'm not sure where to find those.

Do you have some suggestions for making sure everything is working properly?

Thanks

here are some of the messages from the bottom of the screen

(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-logcollec
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-syscheckd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-monitord

when I run asl -s -f I receive this at the end

Warning: Not an array or iterable object in foreach, variable is NULL in component/c_apache.php on line 29
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'
2 601 c_modsec::apply_rules There is a problem with the apache config: 1
2 601 c_modsec::apply_rules There is a problem with the apache config: Rolling back to the previous update
2 48 c_modsec::apply_rules Reverting all changes
2 48 ASLRBC::rollback_file Could not retrieve versions for /etc/asl/system.properties
2 48 ASLRBC::rollback_file No valid previous version found for /etc/httpd/modsecurity.d/05_asl_exclude.conf
3 600 c_modsec::apply_rules Errors occurred with Apache

So this error:

2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'

Means modsecurity has been removed from the system. Lets try forcing an update to see if that fixes it. Whats the output of:

aum -uf

And then do you see any error with "asl -s"?

If you do, then re-run the ASL/AWP installer and please contact support if that doesnt resolve the issue so we can take a closer look at what removed modsecurity from your system.

I reinstalled modsecurity and then ran the update and now the error is gone, so that looks like it fixed it.


There are some items in the asl -s that say they are off but from what I see in the config they are turned on. like the malware items


Advanced Malware Removal Ruleset: off [MODERATE]
Just In Time Patches: off [HIGH]
Basic Malware Removal Ruleset: off [MODERATE]
Malicious Output Detector: off [MODERATE]
Web Malware Upload Scanner: off [HIGH]
TrueStats Protection Ruleset: off [PASS]

That means these options are disabled in ASL/AWP:

Advanced Malware Removal Ruleset: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... V_REDACTOR

Just In Time Patches: off [HIGH]

https://wiki.atomicorp.com/wiki/index.p ... EC_99_JITP

Basic Malware Removal Ruleset: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... 9_REDACTOR

Malicious Output Detector: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... ARE_OUTPUT

Web Malware Upload Scanner: off [HIGH]

https://wiki.atomicorp.com/wiki/index.p ... 99_SCANNER

TrueStats Protection Ruleset: off [PASS]

This is new and not something you can enable yet, when its released (next week is the plan) that ruleset will be enabled by default.