ModSec/OSSEC Alert: What does this mean?

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
aftdesign
New Forum User
New Forum User
Posts: 4
Joined: Wed Dec 26, 2007 5:45 am

ModSec/OSSEC Alert: What does this mean?

Unread post by aftdesign »

I just installed CentOS5 fresh on my 1and1 server along with Plesk 8.3 and ASL and I am getting these alerts from OSSEC on a daily basis and I don't know what they mean...


Apr 8 08:00:49 246810 modprobe: WARNING: Error inserting x_tables (/lib/modules/2.6.23.1-3.art/kernel/net/netfilter/x_tables.ko): Operation not permitted
Apr 8 08:00:49 246810 kernel: grsec: From 68.106.**.***: denied modification of module state by /sbin/modprobe[modprobe:15324] uid/euid:0/0 gid/egid:102/102, parent /sbin/iptables[iptables:15323] uid/euid:0/0 gid/egid:102/102

Any help is appreciated!

Thanks!
Top
breun
Long Time Forum Regular
Long Time Forum Regular
Posts: 2813
Joined: Sat Aug 20, 2005 9:30 am
Location: The Netherlands

Unread post by breun »

The ASL kernel does not allow loading kernel modules at runtime. Apparently iptables is trying to load the x_tables module, but grsec is blocking this.
Lemonbit Internet Dedicated Server Management
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Unread post by scott »

We try and force the loading of those in /etc/init.d/asl-mod. Normally they are loaded by the scripts (like the firewall script) that runs before asl-mod. The system will allow modules to be loaded until asl-mod turns module loading off. This is why it runs last (/etc/rc3.d/S99asl-mod).
Top
Post Reply

Return to “General Help and Development Discussion”