Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

mod_security from source

Andronik
2012-09-13
2013-06-12
  • Andronik
    Andronik
    2012-09-13

    have problem with mod security installation from source. (tried 2.5, 2.6.7 and 2.7 rc3 versions)

    main problem: i am able to build it, but apache2 doesn't load with mod security enabled:
    config test gives: > /opt/apache2/bin/apachectl configtest
    httpd: Syntax error on line 149 of /opt/apache2/conf/httpd.conf: Cannot load modules/mod_security2.so into server: /opt/apache2/modules/mod_security2.so: undefined symbol: ap_log_error

    libxml2.so is loaded beforehand as LoadFile option

    (this error is present in all mod_security versions tried)

    configured as such:
    :/usr/src/modsecurity-apache_2.7.0-rc3# ./configure -enable-extentions -enable-alp2 -enable-pcre-study -enable-pcre-jit -enable-pcre-match-limit=10000000 -enable-pcre-match-limit-recursion=10000000 -enable-performance-measurement -with-apxs=/opt/apache2/bin/apxs -with-apr=/usr/src/httpd-2.4.3/srclib/apr -with-apu=/usr/src/httpd-2.4.3/srclib/apr-util/

    (remark - in version 2.5x and 2.6.7 -with-pcre-jit not used as not supported)

    checking for a BSD-compatible install… /usr/bin/install -c
    checking whether build environment is sane… yes
    checking for a thread-safe mkdir -p… /bin/mkdir -p
    checking for gawk… no
    checking for mawk… mawk
    checking whether make sets $(MAKE)… yes
    checking build system type… x86_64-unknown-linux-gnu
    checking host system type… x86_64-unknown-linux-gnu
    checking for style of include used by make… GNU
    checking for gcc… gcc
    checking whether the C compiler works… yes
    checking for C compiler default output file name… a.out
    checking for suffix of executables…
    checking whether we are cross compiling… no
    checking for suffix of object files… o
    checking whether we are using the GNU C compiler… yes
    checking whether gcc accepts -g… yes
    checking for gcc option to accept ISO C89… none needed
    checking dependency style of gcc… gcc3
    checking for a sed that does not truncate output… /bin/sed
    checking for grep that handles long lines and -e… /bin/grep
    checking for egrep… /bin/grep -E
    checking for fgrep… /bin/grep -F
    checking for ld used by gcc… /usr/bin/ld
    checking if the linker (/usr/bin/ld) is GNU ld… yes
    checking for BSD- or MS-compatible name lister (nm)… /usr/bin/nm -B
    checking the name lister (/usr/bin/nm -B) interface… BSD nm
    checking whether ln -s works… yes
    checking the maximum length of command line arguments… 1572864
    checking whether the shell understands some XSI constructs… yes
    checking whether the shell understands "+="… yes
    checking for /usr/bin/ld option to reload object files… -r
    checking for objdump… objdump
    checking how to recognize dependent libraries… pass_all
    checking for ar… ar
    checking for strip… strip
    checking for ranlib… ranlib
    checking command to parse /usr/bin/nm -B output from gcc object… ok
    checking how to run the C preprocessor… gcc -E
    checking for ANSI C header files… yes
    checking for sys/types.h… yes
    checking for sys/stat.h… yes
    checking for stdlib.h… yes
    checking for string.h… yes
    checking for memory.h… yes
    checking for strings.h… yes
    checking for inttypes.h… yes
    checking for stdint.h… yes
    checking for unistd.h… yes
    checking for dlfcn.h… yes
    checking for objdir… .libs
    checking if gcc supports -fno-rtti -fno-exceptions… no
    checking for gcc option to produce PIC… -fPIC -DPIC
    checking if gcc PIC flag -fPIC -DPIC works… yes
    checking if gcc static flag -static works… yes
    checking if gcc supports -c -o file.o… yes
    checking if gcc supports -c -o file.o… (cached) yes
    checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
    checking whether -lc should be explicitly linked in… no
    checking dynamic linker characteristics… GNU/Linux ld.so
    checking how to hardcode library paths into programs… immediate
    checking for shl_load… no
    checking for shl_load in -ldld… no
    checking for dlopen… no
    checking for dlopen in -ldl… yes
    checking whether a program can dlopen itself… yes
    checking whether a statically linked program can dlopen itself… no
    checking whether stripping libraries is possible… yes
    checking if libtool supports shared libraries… yes
    checking whether to build shared libraries… yes
    checking whether to build static libraries… yes
    checking for gawk… (cached) mawk
    checking for gcc… (cached) gcc
    checking whether we are using the GNU C compiler… (cached) yes
    checking whether gcc accepts -g… (cached) yes
    checking for gcc option to accept ISO C89… (cached) none needed
    checking dependency style of gcc… (cached) gcc3
    checking how to run the C preprocessor… gcc -E
    checking whether ln -s works… yes
    checking whether make sets $(MAKE)… (cached) yes
    checking for grep that handles long lines and -e… (cached) /bin/grep
    checking for perl… /usr/bin/perl
    checking for env… /usr/bin/env
    checking for ANSI C header files… (cached) yes
    checking fcntl.h usability… yes
    checking fcntl.h presence… yes
    checking for fcntl.h… yes
    checking limits.h usability… yes
    checking limits.h presence… yes
    checking for limits.h… yes
    checking for stdlib.h… (cached) yes
    checking for string.h… (cached) yes
    checking for unistd.h… (cached) yes
    checking for sys/types.h… (cached) yes
    checking for sys/stat.h… (cached) yes
    checking for an ANSI C-conforming const… yes
    checking for inline… inline
    checking for C/C++ restrict keyword… __restrict
    checking for pid_t… yes
    checking for size_t… yes
    checking whether struct tm is in sys/time.h or time.h… time.h
    checking for uint8_t… yes
    checking for stdlib.h… (cached) yes
    checking for GNU libc compatible malloc… yes
    checking for working memcmp… yes
    checking for atexit… yes
    checking for getcwd… yes
    checking for memmove… yes
    checking for memset… yes
    checking for strcasecmp… yes
    checking for strchr… yes
    checking for strdup… yes
    checking for strerror… yes
    checking for strncasecmp… yes
    checking for strrchr… yes
    checking for strstr… yes
    checking for strtol… yes
    checking for fchmod… yes
    checking for strcasestr… yes
    Checking plataform… Identified as Linux
    configure: looking for Apache module support via DSO through APXS
    configure: found apxs at /opt/apache2/bin/apxs
    configure: checking httpd version
    configure: httpd is recent enough
    checking for libpcre config script… /usr/local/bin/pcre-config
    configure: using pcre v8.31
    checking for libapr config script… /usr/src/httpd-2.4.3/srclib/apr/apr-1-config
    configure: using apr v1.4.6
    checking for libapu config script… /usr/src/httpd-2.4.3/srclib/apr-util//apu-1-config
    configure: using apu v1.4.1
    checking for libxml2 config script… /usr/bin/xml2-config
    checking if libxml2 is at least v2.6.29… yes, 2.7.6
    configure: using libxml2 v2.7.6
    checking for pkg-config… /usr/bin/pkg-config
    checking pkg-config is at least version 0.9.0… yes
    checking for liblua config script… /usr/bin/pkg-config
    configure: using lua v5.1.4
    checking for libcurl config script… /usr/bin/curl-config
    checking if libcurl is at least v… yes, 7.19.7
    checking if libcurl is linked with gnutls… no
    configure: using curl v7.19.7
    configure: creating ./config.status
    config.status: creating Makefile
    config.status: creating tools/Makefile
    config.status: creating alp2/Makefile
    config.status: creating apache2/Makefile
    config.status: creating ext/Makefile
    config.status: creating build/apxs-wrapper
    config.status: creating mlogc/mlogc-batch-load.pl
    config.status: creating tests/run-unit-tests.pl
    config.status: creating tests/run-regression-tests.pl
    config.status: creating tests/gen_rx-pm.pl
    config.status: creating tests/csv_rx-pm.pl
    config.status: creating tests/regression/server_root/conf/httpd.conf
    config.status: creating tools/rules-updater.pl
    config.status: creating mlogc/Makefile
    config.status: creating tests/Makefile
    config.status: creating apache2/modsecurity_config_auto.h
    config.status: apache2/modsecurity_config_auto.h is unchanged
    config.status: executing depfiles commands
    config.status: executing libtool commands.

    make runs ok, but make test fails with error:

    In function `update_rule_target_ex':
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:365: undefined reference to `ap_log_error_'
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:376: undefined reference to `ap_log_error_'
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:310: undefined reference to `ap_log_error_'
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:355: undefined reference to `ap_log_error_'
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:485: undefined reference to `ap_log_error_'
    msc_test-re.o:/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:435: more undefined references to `ap_log_error_' follow
    msc_test-re_operators.o: In function `msre_op_rsub_execute':
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:610: undefined reference to `ap_regexec'
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:575: undefined reference to `ap_pregcomp'
    msc_test-re_operators.o: In function `msre_op_rsub_param_init':
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:502: undefined reference to `ap_pregcomp'
    msc_test-modsecurity.o: In function `modsecurity_init':
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/modsecurity.c:131: undefined reference to `ap_unixd_set_global_mutex_perms'
    /usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/modsecurity.c:149: undefined reference to `ap_unixd_set_global_mutex_perms'
    collect2: ld returned 1 exit status
    make: ***  Error 1
    make: Leaving directory `/usr/src/modsecurity-apache_2.7.0-rc3/tests'
    make: ***  Error 2
    make: Leaving directory `/usr/src/modsecurity-apache_2.7.0-rc3/tests'
    make: ***  Error 1

    how to solve this?

     
  • Andronik
    Andronik
    2012-09-13

    forgot to mention:

    apache1:/usr/src/modsecurity-apache_2.7.0-rc3# /opt/apache2/bin/apachectl -V
    Server version: Apache/2.4.3 (Unix)
    Server built:   Sep 13 2012 10:01:27
    Server's Module Magic Number: 20120211:6
    Server loaded:  APR 1.4.6, APR-UTIL 1.4.1
    Compiled using: APR 1.4.6, APR-UTIL 1.4.1
    Architecture:   64-bit
    Server MPM:     event
      threaded:     yes (fixed thread count)
        forked:     yes (variable process count)
    Server compiled with….
    -D APR_HAS_SENDFILE
    -D APR_HAS_MMAP
    -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
    -D APR_USE_SYSVSEM_SERIALIZE
    -D APR_USE_PTHREAD_SERIALIZE
    -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
    -D APR_HAS_OTHER_CHILD
    -D AP_HAVE_RELIABLE_PIPED_LOGS
    -D DYNAMIC_MODULE_LIMIT=256
    -D HTTPD_ROOT="/opt/apache2"
    -D SUEXEC_BIN="/opt/apache2/bin/suexec"
    -D DEFAULT_PIDLOG="logs/httpd.pid"
    -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
    -D DEFAULT_ERRORLOG="logs/error_log"
    -D AP_TYPES_CONFIG_FILE="conf/mime.types"
    -D SERVER_CONFIG_FILE="conf/httpd.conf"