error duing asl -s scan

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
dpcllc
Forum User
Forum User
Posts: 14
Joined: Fri Oct 24, 2014 6:05 pm
Location: Philadelphia

error duing asl -s scan

Unread post by dpcllc »

we just upgrade our server which is using Direct admin.

I copied the config file and ran the unattended install and then created the db.

There were some errors displayed during the install but it appears to have completed.

There are some errors displayed at the end of the asl -s scan

Generating Report ...
httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory
complete

I am also seeing some error messages at the bottom of the console and I'm not sure where to find those.

Do you have some suggestions for making sure everything is working properly?

Thanks
dpcllc
Forum User
Forum User
Posts: 14
Joined: Fri Oct 24, 2014 6:05 pm
Location: Philadelphia

Re: error duing asl -s scan

Unread post by dpcllc »

here are some of the messages from the bottom of the screen

(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-logcollec
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-syscheckd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-monitord
dpcllc
Forum User
Forum User
Posts: 14
Joined: Fri Oct 24, 2014 6:05 pm
Location: Philadelphia

Re: error duing asl -s scan

Unread post by dpcllc »

when I run asl -s -f I receive this at the end

Warning: Not an array or iterable object in foreach, variable is NULL in component/c_apache.php on line 29
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'
2 601 c_modsec::apply_rules There is a problem with the apache config: 1
2 601 c_modsec::apply_rules There is a problem with the apache config: Rolling back to the previous update
2 48 c_modsec::apply_rules Reverting all changes
2 48 ASLRBC::rollback_file Could not retrieve versions for /etc/asl/system.properties
2 48 ASLRBC::rollback_file No valid previous version found for /etc/httpd/modsecurity.d/05_asl_exclude.conf
3 600 c_modsec::apply_rules Errors occurred with Apache
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4122
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: error duing asl -s scan

Unread post by mikeshinn »

So this error:
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'
Means modsecurity has been removed from the system. Lets try forcing an update to see if that fixes it. Whats the output of:

aum -uf

And then do you see any error with "asl -s"?

If you do, then re-run the ASL/AWP installer and please contact support if that doesnt resolve the issue so we can take a closer look at what removed modsecurity from your system.
dpcllc
Forum User
Forum User
Posts: 14
Joined: Fri Oct 24, 2014 6:05 pm
Location: Philadelphia

Re: error duing asl -s scan

Unread post by dpcllc »

I reinstalled modsecurity and then ran the update and now the error is gone, so that looks like it fixed it.


There are some items in the asl -s that say they are off but from what I see in the config they are turned on. like the malware items


Advanced Malware Removal Ruleset: off [MODERATE]
Just In Time Patches: off [HIGH]
Basic Malware Removal Ruleset: off [MODERATE]
Malicious Output Detector: off [MODERATE]
Web Malware Upload Scanner: off [HIGH]
TrueStats Protection Ruleset: off [PASS]
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4122
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: error duing asl -s scan

Unread post by mikeshinn »

That means these options are disabled in ASL/AWP:

Advanced Malware Removal Ruleset: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... V_REDACTOR

Just In Time Patches: off [HIGH]

https://wiki.atomicorp.com/wiki/index.p ... EC_99_JITP

Basic Malware Removal Ruleset: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... 9_REDACTOR

Malicious Output Detector: off [MODERATE]

https://wiki.atomicorp.com/wiki/index.p ... ARE_OUTPUT

Web Malware Upload Scanner: off [HIGH]

https://wiki.atomicorp.com/wiki/index.p ... 99_SCANNER

TrueStats Protection Ruleset: off [PASS]

This is new and not something you can enable yet, when its released (next week is the plan) that ruleset will be enabled by default.
Post Reply