Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Web Interface Failed to open /20080517/20080517-17 ...

https://forums.atomicorp.com/viewtopic.php?t=2245

Page 1 of 1

Web Interface Failed to open /20080517/20080517-17 ...

Posted: Sat May 17, 2008 12:25 pm
by benji
Hi,

I just upgraded to the newst stable version of the asl web interface, as well as asl modsecurity clamav etc...

I want to report a problem with web interface, when i click to the firewall sign of one of the attack reports on the list, i get this message on the description:

Code: Select all

Virtual Host:  	www.domain.com  	 Whitelist Attacker  Disable/Enable Rule  Report as False
Attacker IP: 	81.220.xxx.xxx
Signature ID: 	330000
Logfile: 	/var/asl/data//20080517/20080517-1709/20080517-170925-hCLC8Fdq3RQAAHdmZU0AAAAL
Alert information
Failed to open /20080517/20080517-1709/20080517-170925-hCLC8Fdq3RQAAHdmZU0AAAAL
A strange thing is that there are two / after /var/asl/data// <--- on the log file.

No wonder why it cannot open it.

My config file is as reads:

Code: Select all

# Authentication information
USERNAME="myasluser"
PASSWORD="myaslpassword"
UPDATEPATH="www.atomicorp.com/channels/asl-2.0/rules/"
ASLHOME="/var/asl"

# ASL general configuration.
NOTIFY=yes
EMAIL="benji@girotecnics.net"
ADMIN_USERS="benji"
IP_WHITELIST="/etc/asl/whitelist"
SYSTEM_TYPE="webserver"
AUTOMATIC_UPDATES="daily"
RESTART_APACHE="yes"

# Kernel configuration.
ALLOW_kmod_loading="no"

# PSMON configuration.
PSMON_ENABLED="yes"
PSMON_EMAIL="$EMAIL"
PSMON_FROM="psmon@$HOSTNAME"

# OSSEC configuration
OSSEC_ENABLED="yes"
OSSEC_NOTIFY="no"
OSSEC_MODE="server"
OSSEC_SERVER=" "
OSSEC_EMAIL="$EMAIL"
OSSEC_SMTP_SERVER="localhost"
OSSEC_FROM="ossec@$HOSTNAME"
OSSEC_MAX_MSG="1"
OSSEC_ACTIVE_RESPONSE="on"
OSSEC_SHUN_ENABLE_TIMEOUT="yes"
OSSEC_SHUN_TIME="600"

# mod_security configuration
MODSEC_ENABLED="yes"
MODSEC_SERVERSIG="Apache"
MODSEC_UPLOADDIR="/var/asl/data/suspicious"
MODSEC_KEEPFILES="RelevantOnly"
MODSEC_LOGTYPE="Concurrent"
MODSEC_LOGFILE="audit_log"
MODSEC_LOGELEMENT="ABIFHZ"
MODSEC_REQMEMLIMIT="131072"
MODSEC_DEBUGLOG=yes
MODSEC_DATADIR="/var/asl/data/msa"
MODSEC_AUDITDIR="/var/asl/data/audit"
MODSEC_TMPDIR="/tmp"
MODSEC_RESPONSEBODYLIMIT="2621440"
MODSEC_00_WHITELIST="off"
MODSEC_00_RBL="off"
MODSEC_05_SCANNER="on"
MODSEC_10_ANTIMALWARE="on"
MODSEC_10_RULES="on"
MODSEC_20_USERAGENTS="on"
MODSEC_30_ANTISPAM="on"
MODSEC_40_APACHE="on"
MODSEC_50_ROOTKITS="on"
MODSEC_60_RECONS="on"
MODSEC_99_JITP="on"


# General PHP configuration options.
PHP_CHECKS="yes"
PHP_SAFE_MODE="no"
PHP_REGISTER_GLOBALS="off"
ALLOW_dl="no"
ALLOW_exec="no"
ALLOW_leak="no"
ALLOW_passthru="no"
ALLOW_pfsockopen="no"
ALLOW_phpinfo="yes"
ALLOW_popen="yes"
ALLOW_posix_kill="no"
ALLOW_posix_mkfifo="no"
ALLOW_posix_setpgid="no"
ALLOW_posix_setsid="no"
ALLOW_posix_setuid="no"
ALLOW_proc_close="no"
ALLOW_proc_get_status="no"
ALLOW_proc_nice="no"
ALLOW_proc_open="no"
ALLOW_proc_terminate="no"
ALLOW_shell_exec="no"
ALLOW_show_source="no"
ALLOW_system="no"

# Denyhosts settings.
DENYHOSTS_ENABLED="yes"
DENYHOSTS_NOTIFY="no"
DENYHOSTS_EMAIL="$EMAIL"
DENYHOSTS_FROM="denyhosts@$HOSTNAME"
DENYHOSTS_SYSLOG="yes"
DENYHOSTS_SHUN_TIME="10m"

# SSH daemon configuration.
SSH_PROTOCOL="2"
SSH_STRICTMODE="yes"
SSH_IGNORE_RHOSTS="yes"
SSH_PUBKEY="yes"
SSH_ROOTLOGINS="no"
SSH_PASSWORD_AUTH="no"
SSH_PRIV_SEPARATION="yes"
SSH_GSSAPI_AUTH="no"
SSH_GSSAPI_CLEANUP="no"
SSH_BANNER="/etc/asl/banner"

# Rkhunter settings.
RKHUNTER_ENABLED="yes"
RKHUNTER_EMAIL="$EMAIL"
RKHUNTER_SSH_ROOT_LOGIN="no"


# mod_evasive configuration.
MODEV_ENABLED="yes"
MODEV_DOSHashTableSize="4096"
MODEV_DOSPageCount="5"
MODEV_DOSSiteCount="200"
MODEV_DOSPageInterval="2"
MODEV_DOSSiteInterval="2"
MODEV_DOSBlockingPeriod="20"

# Web App Inventory
APPINV_CRON="daily"

# Master configuration flag. Do not modify
CONFIGURED="yes"
So, do i have anything wrong? its a asl-web-interface bug?, this bug its pretty anoying since i cannot se why is this rule is firing.. :(.

My system is Amd Opteron, Centos 5 , 64 bit, PSA 8.3, thanks!

Posted: Sat May 17, 2008 3:49 pm
by scott
You might want to put a bug report into the support portal for this.

Posted: Tue May 20, 2008 8:56 am
by benji
I've just sent a bug report from my newely created account for the support portal integrated in plesk web interface. Bug # 126

Thank you.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited