Apache down

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Apache down

Unread post by biggles »

I have opened a support ticket, but until it gets picked up I was hoping for some help here.

I updated to 4.0.6 and enabled the new Threat Intelligence System. After that apache isn't working anymore. Neither is the ASL web gui. I just get a page saying ERR_EMPTY_RESPONSE. I have tried to disable IPtables, runnign asl -s -f, running aum -uf, rebooting.

asl -s -f displays:
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist

Something is definitely wrong. Anyone got an idea where to start looking?
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Apache down

Unread post by biggles »

Stil no reply from support.

By manually disabling mod_sec and way I can now access web servers. ASL web is still missing.

MODSEC_ENABLED="no"
WAF_ENGINE="no"
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4152
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Apache down

Unread post by mikeshinn »

We just requested access to the system, can you let the support guys know when you have granted them access?
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Apache down

Unread post by biggles »

Access granted!
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4152
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Apache down

Unread post by mikeshinn »

We found the problem. Your DNS server was appending your domain to every query, and there was a wildcard for your domain, which caused everything to return with a hit. So, we added in some code on our end to force lookups in a way that didnt let your DNS do that, at least for the queries we make. So for our queries you're good to go now.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Apache down

Unread post by biggles »

Thanks a bunch!
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Apache down

Unread post by scott »

Related, If you're using spamassassin, and are having strange results with false positives, that DNS issue might be the culprit
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Apache down

Unread post by biggles »

ok, any tips how to fix it?
DarkF@der
Forum Regular
Forum Regular
Posts: 313
Joined: Thu May 07, 2009 12:46 pm

Re: Apache down

Unread post by DarkF@der »

Ok i see this also on my VM's

Starting Atomic Secured Linux scan, please be patient ...

ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
ipset v6.22: The set with the given name does not exist
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Apache down

Unread post by faris »

I would sort of expect that, as ipset is not usually supported in VMs (Certainly not Virtuozzo and OpenVZ anyway).

The ipset executable can be installed and may well be installed but won't do anything useful. So when ASL tries to use it, it ends up doing nothing or returning an error.

Presumably ASL then falls back to iptables.

That's my guess anyway.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
DarkF@der
Forum Regular
Forum Regular
Posts: 313
Joined: Thu May 07, 2009 12:46 pm

Re: Apache down

Unread post by DarkF@der »

It's a KVM VM's and running the asl kernel.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Apache down

Unread post by faris »

oh, in that case ignore me. ;-)
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Apache down

Unread post by scott »

Its a harmless message, thats something we'll suppress in the next update. Its just swapping lists during an update. It keeps you from having a window where there are no firewall rules like you'd have with an iptables based firewall.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4152
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Apache down

Unread post by mikeshinn »

And yes you are correct Faris, if the box does not support ipset ASL will fail back to iptables.
Post Reply