we just upgrade our server which is using Direct admin.
I copied the config file and ran the unattended install and then created the db.
There were some errors displayed during the install but it appears to have completed.
There are some errors displayed at the end of the asl -s scan
Generating Report ...
httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory
complete
I am also seeing some error messages at the bottom of the console and I'm not sure where to find those.
Do you have some suggestions for making sure everything is working properly?
Thanks
error duing asl -s scan
Re: error duing asl -s scan
here are some of the messages from the bottom of the screen
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-logcollec
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-syscheckd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-monitord
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-dbd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-logcollec
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-syscheckd
(502) ASLW::_test_ossec - An OSSEC component is not running: ossec-monitord
Re: error duing asl -s scan
when I run asl -s -f I receive this at the end
Warning: Not an array or iterable object in foreach, variable is NULL in component/c_apache.php on line 29
-------------------------------------------------------------------------------
Errors were encountered:
L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'
2 601 c_modsec::apply_rules There is a problem with the apache config: 1
2 601 c_modsec::apply_rules There is a problem with the apache config: Rolling back to the previous update
2 48 c_modsec::apply_rules Reverting all changes
2 48 ASLRBC::rollback_file Could not retrieve versions for /etc/asl/system.properties
2 48 ASLRBC::rollback_file No valid previous version found for /etc/httpd/modsecurity.d/05_asl_exclude.conf
3 600 c_modsec::apply_rules Errors occurred with Apache
Warning: Not an array or iterable object in foreach, variable is NULL in component/c_apache.php on line 29
-------------------------------------------------------------------------------
Errors were encountered:
L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'
2 601 c_modsec::apply_rules There is a problem with the apache config: 1
2 601 c_modsec::apply_rules There is a problem with the apache config: Rolling back to the previous update
2 48 c_modsec::apply_rules Reverting all changes
2 48 ASLRBC::rollback_file Could not retrieve versions for /etc/asl/system.properties
2 48 ASLRBC::rollback_file No valid previous version found for /etc/httpd/modsecurity.d/05_asl_exclude.conf
3 600 c_modsec::apply_rules Errors occurred with Apache
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: error duing asl -s scan
So this error:
aum -uf
And then do you see any error with "asl -s"?
If you do, then re-run the ASL/AWP installer and please contact support if that doesnt resolve the issue so we can take a closer look at what removed modsecurity from your system.
Means modsecurity has been removed from the system. Lets try forcing an update to see if that fixes it. Whats the output of:2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: cannot open shared object file: No such file or directory'
aum -uf
And then do you see any error with "asl -s"?
If you do, then re-run the ASL/AWP installer and please contact support if that doesnt resolve the issue so we can take a closer look at what removed modsecurity from your system.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: error duing asl -s scan
I reinstalled modsecurity and then ran the update and now the error is gone, so that looks like it fixed it.
There are some items in the asl -s that say they are off but from what I see in the config they are turned on. like the malware items
Advanced Malware Removal Ruleset: off [MODERATE]
Just In Time Patches: off [HIGH]
Basic Malware Removal Ruleset: off [MODERATE]
Malicious Output Detector: off [MODERATE]
Web Malware Upload Scanner: off [HIGH]
TrueStats Protection Ruleset: off [PASS]
There are some items in the asl -s that say they are off but from what I see in the config they are turned on. like the malware items
Advanced Malware Removal Ruleset: off [MODERATE]
Just In Time Patches: off [HIGH]
Basic Malware Removal Ruleset: off [MODERATE]
Malicious Output Detector: off [MODERATE]
Web Malware Upload Scanner: off [HIGH]
TrueStats Protection Ruleset: off [PASS]
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: error duing asl -s scan
That means these options are disabled in ASL/AWP:
Advanced Malware Removal Ruleset: off [MODERATE]
https://wiki.atomicorp.com/wiki/index.p ... V_REDACTOR
Just In Time Patches: off [HIGH]
https://wiki.atomicorp.com/wiki/index.p ... EC_99_JITP
Basic Malware Removal Ruleset: off [MODERATE]
https://wiki.atomicorp.com/wiki/index.p ... 9_REDACTOR
Malicious Output Detector: off [MODERATE]
https://wiki.atomicorp.com/wiki/index.p ... ARE_OUTPUT
Web Malware Upload Scanner: off [HIGH]
https://wiki.atomicorp.com/wiki/index.p ... 99_SCANNER
TrueStats Protection Ruleset: off [PASS]
This is new and not something you can enable yet, when its released (next week is the plan) that ruleset will be enabled by default.
Advanced Malware Removal Ruleset: off [MODERATE]
https://wiki.atomicorp.com/wiki/index.p ... V_REDACTOR
Just In Time Patches: off [HIGH]
https://wiki.atomicorp.com/wiki/index.p ... EC_99_JITP
Basic Malware Removal Ruleset: off [MODERATE]
https://wiki.atomicorp.com/wiki/index.p ... 9_REDACTOR
Malicious Output Detector: off [MODERATE]
https://wiki.atomicorp.com/wiki/index.p ... ARE_OUTPUT
Web Malware Upload Scanner: off [HIGH]
https://wiki.atomicorp.com/wiki/index.p ... 99_SCANNER
TrueStats Protection Ruleset: off [PASS]
This is new and not something you can enable yet, when its released (next week is the plan) that ruleset will be enabled by default.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone