Cpanel on Centos 7 with Easyapache4, Apache 2.4, nto work
Posted: Wed Dec 23, 2015 4:31 am
Hi.
I've installed on my server and VPS modsecurity and rules of AtomicCorp over Centos 6, Easypache3 an old Apache.
Now I'm trying to install on VPS with Centos 7, Easyapache 4 over Apache 2.4 and fail.
I use this https://www.atomicorp.com/wiki/index.ph ... rity_Rules
Well.. I search on files for 333946 and not any rule duplicate on my sistem.
httpd.conf
/etc/apache2/conf.modules.d/800-mod_security2.conf
/etc/apache2/conf.modules.d/modsec2.conf
/etc/apache2/conf.d/modsec2.user.conf
/etc/apache2/conf/pcre_modsecurity_exceeded_limits.conf
/etc/apache2/conf/modsec2.whitelist.conf (empty but exist)
/etc/apache2/conf.d/modsec2.cpanel.conf (empty file but exists)
Error when try up Apache2
I don't inderstand problem
Apreciate help.
I've installed on my server and VPS modsecurity and rules of AtomicCorp over Centos 6, Easypache3 an old Apache.
Now I'm trying to install on VPS with Centos 7, Easyapache 4 over Apache 2.4 and fail.
I use this https://www.atomicorp.com/wiki/index.ph ... rity_Rules
Code: Select all
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: AH00526: Syntax error on line 33 of /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: ModSecurity: Found another rule with the same id
Code: Select all
SecRule REQUEST_FILENAME "\.((m|j)pe?g4?|bmp|tiff?|p((p|g|b)m|n(g|m))|gif|js|css|ico|avi|w(mv|ebp)|mp(3|4)|cgm|svg|swf|og(m|v|x))$" phase:2,pass,t:none,t:lowercase,nolog,id:333946,skipAfter:END_ANTI_MALWARE
Well.. I search on files for 333946 and not any rule duplicate on my sistem.
httpd.conf
Code: Select all
Include "/etc/apache2/conf.modules.d/*.conf
Code: Select all
# Mod Security requires Apache's mod_unique_id to operate
<IfModule mod_unique_id.c>
LoadModule security2_module modules/mod_security2.so
</IfModule>
Code: Select all
LoadFile /opt/xml2/lib/libxml2.so
# LoadFile /opt/lua/lib/liblua.so
<IfModule mod_security2.c>
# See http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf
# "Add the rules that will do exactly the same as the directives"
# SecFilterCheckURLEncoding On
# SecFilterForceByteRange 0 255
<IfModule mod_ruid2.c>
SecAuditLogStorageDir /etc/apache2/logs/modsec_audit
SecAuditLogType Concurrent
</IfModule>
<IfModule itk.c>
SecAuditLogStorageDir /etc/apache2/logs/modsec_audit
SecAuditLogType Concurrent
</IfModule>
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 0
SecDefaultAction "phase:2,deny,log,status:406"
Include "/etc/apache2/conf.d/modsec2.user.conf"
Include "/etc/apache2/conf.d/modsec2.cpanel.conf"
</IfModule
Code: Select all
SecRequestBodyAccess On
#SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
#Files coment for tru with minimum conf. But this work on other server
#Include /etc/apache2/conf/modsec_rules/00_asl_z_antievasion.conf
#Include /etc/apache2/conf/modsec_rules/00_asl_zz_strict.conf
#Include /etc/apache2/conf/modsec_rules/09_asl_rules.conf
#Include /etc/apache2/conf/modsec_rules/10_asl_antimalware.conf
#Include /etc/apache2/conf/modsec_rules/10_asl_rules.conf
#Include /etc/apache2/conf/modsec_rules/11_asl_adv_rules.conf
#Include /etc/apache2/conf/modsec_rules/20_asl_useragents.conf
#Include /etc/apache2/conf/modsec_rules/30_asl_antispam.conf
#Include /etc/apache2/conf/modsec_rules/50_asl_rootkits.conf
#Include /etc/apache2/conf/modsec_rules/60_asl_recons.conf
#Include /etc/apache2/conf/modsec_rules/61_asl_recons_dlp.conf
#Include /etc/apache2/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
#PCRE lios
Include /etc/apache2/conf/pcre_modsecurity_exceeded_limits.conf
Include /etc/apache2/conf/modsec2.whitelist.conf
Code: Select all
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
/etc/apache2/conf.d/modsec2.cpanel.conf (empty file but exists)
Error when try up Apache2
Code: Select all
systemctl status httpd.service
● httpd.service - Apache web server managed by cPanel EasyApache
Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since mié 2015-12-23 09:17:40 CET; 1s ago
Process: 6938 ExecStart=/usr/local/cpanel/scripts/restartsrv_httpd --no-verbose (code=exited, status=1/FAILURE)
Main PID: 6280 (code=exited, status=0/SUCCESS)
dic 23 09:17:39 5.135.93.103.tamainut.net systemd[1]: Starting Apache web server managed by cPanel EasyApache...
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: AH00526: Syntax error on line 33 of /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf:
dic 23 09:17:40 5.135.93.103.tamainut.net restartsrv_httpd[6938]: ModSecurity: Found another rule with the same id
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: httpd.service: control process exited, code=exited status=1
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: Failed to start Apache web server managed by cPanel EasyApache.
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: Unit httpd.service entered failed state.
dic 23 09:17:40 5.135.93.103.tamainut.net systemd[1]: httpd.service failed.
Apreciate help.