Apache down
Apache down
I have opened a support ticket, but until it gets picked up I was hoping for some help here.
I updated to 4.0.6 and enabled the new Threat Intelligence System. After that apache isn't working anymore. Neither is the ASL web gui. I just get a page saying ERR_EMPTY_RESPONSE. I have tried to disable IPtables, runnign asl -s -f, running aum -uf, rebooting.
asl -s -f displays:
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
Something is definitely wrong. Anyone got an idea where to start looking?
I updated to 4.0.6 and enabled the new Threat Intelligence System. After that apache isn't working anymore. Neither is the ASL web gui. I just get a page saying ERR_EMPTY_RESPONSE. I have tried to disable IPtables, runnign asl -s -f, running aum -uf, rebooting.
asl -s -f displays:
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
Something is definitely wrong. Anyone got an idea where to start looking?
Re: Apache down
Stil no reply from support.
By manually disabling mod_sec and way I can now access web servers. ASL web is still missing.
MODSEC_ENABLED="no"
WAF_ENGINE="no"
By manually disabling mod_sec and way I can now access web servers. ASL web is still missing.
MODSEC_ENABLED="no"
WAF_ENGINE="no"
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Apache down
We just requested access to the system, can you let the support guys know when you have granted them access?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Apache down
Access granted!
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Apache down
We found the problem. Your DNS server was appending your domain to every query, and there was a wildcard for your domain, which caused everything to return with a hit. So, we added in some code on our end to force lookups in a way that didnt let your DNS do that, at least for the queries we make. So for our queries you're good to go now.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Apache down
Thanks a bunch!
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Apache down
Related, If you're using spamassassin, and are having strange results with false positives, that DNS issue might be the culprit
Re: Apache down
ok, any tips how to fix it?
Re: Apache down
Ok i see this also on my VM's
Starting Atomic Secured Linux scan, please be patient ...
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
Starting Atomic Secured Linux scan, please be patient ...
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
Re: Apache down
I would sort of expect that, as ipset is not usually supported in VMs (Certainly not Virtuozzo and OpenVZ anyway).
The ipset executable can be installed and may well be installed but won't do anything useful. So when ASL tries to use it, it ends up doing nothing or returning an error.
Presumably ASL then falls back to iptables.
That's my guess anyway.
The ipset executable can be installed and may well be installed but won't do anything useful. So when ASL tries to use it, it ends up doing nothing or returning an error.
Presumably ASL then falls back to iptables.
That's my guess anyway.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: Apache down
It's a KVM VM's and running the asl kernel.
Re: Apache down
oh, in that case ignore me.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Apache down
Its a harmless message, thats something we'll suppress in the next update. Its just swapping lists during an update. It keeps you from having a window where there are no firewall rules like you'd have with an iptables based firewall.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Apache down
And yes you are correct Faris, if the box does not support ipset ASL will fail back to iptables.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone