a few more questions, see highlighted, thanks in advance.

On Wed, Jun 24, 2009 at 3:48 PM, Yi Li <yi.li26@gmail.com> wrote:
Brian, thanks for the reply. see my comments below in yellow.

On Wed, Jun 24, 2009 at 12:30 PM, Brian Rectanus <Brian.Rectanus@breach.com> wrote:
Yi Li wrote:
greetings all, i am running a lot of issue in compiling mod_security on
IBM RHEL 5. will appreciate any help.

problem: make test fails.
env: RHEL 5 with IBM http server (not default apache), 32bit machine,
mod_security 2.5.9 source downloaded from mod_security site.

1. which OS user should mod_security be compiled as? the Apache owner or
root? or does it matter?

Anything except root :)  Only the install needs to run as root.  I do this:

./configure && make && make test && sudo make install

           if 'make test' fails, does it nessesarily mean the make fails or I can ignore the error msg from 'make test'?

2. the --with-pcre option, should it point to pcre-config or some
bin/lib dir?

The directory where pcre-config is (or the parent if it is in a 'bin' dir).  For example: --with-pcre=/usr will take /usr/bin/pcre-config. This is fixed for the next release so you can specify the full path to the pcre-config.

             does this apply with other parameters such as apxs, apr or apu? or I need to specify the full path to these parameters?

3. for all the apxs, pcre, apr. apu, which both devel and binary package
are installed, and some of which may have more than 1 binary package
installed, such as pcre, how do I make sure mod_security knows to point
to the right header in compiling and right lib in running? can I include
the specif binary path in LD_PATH env? if so, but for which OS user?
thanks in advance.

Never compile as root.  I would set the envs in a script or on the commandline.

Typically your OS will have some sort of preferences system (alternatives) or there will be different versions of the configs.  Do you have different pcre-config versions?

   -- I am not sure about this. does it matter if I have two PCRE installation on the host for compiling?  I guess the --with-pcre will point to one PCRE installation in compiling. do I need to do anything to make sure mod_security knows where to look for the header files?

4. is there an earlier version which is easier to compile? I do not have
to use the latest one.

No, but there may be a later version soon.

steps performed:
1. install the following devel packages;

# yum install libxml2-devel httpd-devel curl-devel pcre-devel

2. run configure with options:
./configure  --with-apxs=/opt/IBMIHS/bin/apxs
--with-apr=/opt/IBMIHS/bin/apr-config --with-apu=/opt/IBMIHS/bin/apu-config

Most vendors will build Apache httpd linked to the libpcre installed on the system.  This makes things much easier and more flexible.  However, IBMs IHS has pcre linked in.  So, you need to make sure you are building with the same pcre (version and 32-bit vs 64-bit).

try this (assuming a bourne shell):

PATH=/opt/IBMIHS/bin:$PATH \
CPPFLAGS='-I/opt/IBMIHS/include' \

./configure  \
 --with-apxs=/opt/IBMIHS/bin/apxs \
 --with-apr=/opt/IBMIHS/bin/apr-config \

PATH/CPPFLAGS may not be needed, but I cannot tell since you did not include any output from the make process.  If you still have issues, include the full output of each step.

this step completes but I suspect the right lib for apu is not located.
see msg.

configure: checking httpd version
configure: httpd is recent enough
Use of uninitialized value in concatenation (.) or string at
/opt/IBMIHS/bin/apxs line 275.
checking for libpcre config script... /usr/bin/pcre-config
configure: using '-lpcre' for pcre Library
checking for libapr config script... /opt/IBMIHS/bin/apr-config
configure: using ' -lrt -lm -lcrypt -lnsl  -ldl' for apr Library
checking for libapr-util config script... /opt/IBMIHS/bin/apu-config
configure: using ' -L/opt/IBMIHS/lib -laprutil-0' for apu Library
checking for libxml2 config script... /usr/bin/xml2-config
configure: using '-L/usr/lib -lxml2 -lz -lm' for libxml Library
checking for pkg-config script for lua library... no
configure: optional lua library not found
checking for libcurl config script... /usr/bin/curl-config
configure: using '-L/usr/kerberos/lib -lcurl -ldl -lgssapi_krb5 -lkrb5
-lk5crypto -lcom_err -lidn -lssl -lcrypto -lz ' for curl Library
configure: creating ./config.status

3. run make test to verify and see errors here;

You forgot to run "make" first.

gcc re.o re_operators.o re_actions.o re_tfns.o re_variables.o
msc_logging.o msc_xml.o msc_multipart.o modsecurity.o msc_parsers.o
msc_util.o msc_pcre.o persist_dbm.o msc_reqbody.o msc_geo.o acmp.o
msc_lua.o msc_release.o -o msc_test msc_test.o  -lpcre -L/usr/lib -lxml2
-lz -lm -L/opt/IBMIHS/lib /opt/IBMIHS/lib/libapr-0.so
/opt/IBMIHS/lib/libaprutil-0.so  -Wl,--rpath -Wl,/opt/IBMIHS/lib
-Wl,--rpath -Wl,/opt/IBMIHS/lib
gcc: re.o: No such file or directory
gcc: re_operators.o: No such file or directory
gcc: re_actions.o: No such file or directory
gcc: re_tfns.o: No such file or directory
gcc: re_variables.o: No such file or directory
gcc: msc_logging.o: No such file or directory
gcc: msc_xml.o: No such file or directory


Brian Rectanus
Breach Security