Thread: [Mod-security-developers] cross compiling modsecurity for nginx on openwrt for raspberry pi platfor
Brought to you by:
victorhora,
zimmerletw
[Mod-security-developers] cross compiling modsecurity for nginx on
openwrt for raspberry pi platform
From: Derek W. <the...@gm...> - 2014-02-23 01:51:55
|
Working on setting modsecurity with nginx in a forward proxy configuration on a raspberry pi. I've got modsecurity building ok it seems. Have nginx building with out modsecurity ok. But nginx will not link properly with modsecurity. nginx 1.5.10 apache 2.2.26 modsecurity 2.7.7 Getting lots of messages like modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined reference to `apr_bucket_free' nginx doesn't have a with-apr section in its configure script, so I figure this is referring to modsecurity's use of apr. Also seems to be having trouble finding the libxml2 libraries. Bunch of these messages too. ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): In function `hash_response_body_links': msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' Any guidance on getting this compiled correctly? Cheers |
From: Felipe C. <FC...@tr...> - 2014-02-24 16:58:02
|
Hi Derek, ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and _tested_ through our build farm. Here you can access the logs: http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache We are using a Beagle Bone Black to compile and to test it. It is running Ubuntu linux with RobertCNelson's kernel. I believe that you are facing a problem with your cross compiling environment. Can you share more details about your host system? How you are trying to make this cross-compilation? Do you have Scratchbox? OpenEmbeeded? are you using Linaro's gcc? So far, I can tell you that the "config" script, which will be later used by Nginx, is generated while you got ModSecurity configured as standalone module. It is done that way to reflect on the Nginx configuration the very same options that you have used in ModSecurity compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS with something else, you probably is losing the right paths to the cross compiled dependencies. Check if it is replacing the cflags. You can have a look at: $ cat /your/path/to/ModSecurity/nginx/modsecurity/config This file should contain the right paths to the cross compiled dependencies. Also check if, while compiling Nginx, this paths are being used by gcc. Other thing that you can do, is to check which libraries ModSecurity standalone so file is linked to, just to confirm that it is linked to the right dependencies (which should reflect your target compilation platform). Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <the...@gm...<mailto:the...@gm...>> wrote: Working on setting modsecurity with nginx in a forward proxy configuration on a raspberry pi. I've got modsecurity building ok it seems. Have nginx building with out modsecurity ok. But nginx will not link properly with modsecurity. nginx 1.5.10 apache 2.2.26 modsecurity 2.7.7 Getting lots of messages like modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined reference to `apr_bucket_free' nginx doesn't have a with-apr section in its configure script, so I figure this is referring to modsecurity's use of apr. Also seems to be having trouble finding the libxml2 libraries. Bunch of these messages too. ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): In function `hash_response_body_links': msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' Any guidance on getting this compiled correctly? Cheers ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Derek & V. <the...@gm...> - 2014-03-01 01:22:15
|
Thanks for the diagnostics. ld shows that the linker is not finding libraries properly as you suspected. This is the openwr t platform. Looks to use gcc. The Issue I'm having I believe really has to do with the make file creation. It suggests using rpath or rpath-link so I'm working to properly integrate them into the Makefile. I'll report progress when get this working. Cheers Derek On 02/24/2014 11:53 AM, Felipe Costa wrote: > Hi Derek, > > ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and > _tested_ through our build farm. Here you can access the logs: > > http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx > http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache > > We are using a Beagle Bone Black to compile and to test it. It is > running Ubuntu linux with RobertCNelson's kernel. > > I believe that you are facing a problem with your cross compiling > environment. Can you share more details about your host system? > How you are trying to make this cross-compilation? Do you have > Scratchbox? OpenEmbeeded? are you using Linaro's gcc? > > So far, I can tell you that the "config" script, which will be later > used by Nginx, is generated while you got ModSecurity configured as > standalone module. It is done that way to reflect on the Nginx > configuration the very same options that you have used in ModSecurity > compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS > with something else, you probably is losing the right paths to the > cross compiled dependencies. Check if it is replacing the cflags. You > can have a look at: > > $ cat /your/path/to/ModSecurity/nginx/modsecurity/config > > This file should contain the right paths to the cross compiled > dependencies. Also check if, while compiling Nginx, this paths are > being used by gcc. > > Other thing that you can do, is to check which libraries ModSecurity > standalone so file is linked to, just to confirm that it is linked to > the right dependencies (which should reflect your target compilation > platform). > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <the...@gm... > <mailto:the...@gm...>> > wrote: > >> Working on setting modsecurity with nginx in a forward proxy >> configuration on a raspberry pi. >> I've got modsecurity building ok it seems. Have nginx building with >> out modsecurity ok. But nginx will not link properly with modsecurity. >> >> nginx 1.5.10 >> apache 2.2.26 >> modsecurity 2.7.7 >> >> Getting lots of messages like >> modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: >> undefined reference to `apr_bucket_free' >> >> nginx doesn't have a with-apr section in its configure script, so I >> figure this is referring to modsecurity's use of apr. >> >> Also seems to be having trouble finding the libxml2 libraries. >> Bunch of these messages too. >> ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): >> In function `hash_response_body_links': >> msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' >> msc_crypt.c:(.text+0x184c): undefined reference to >> `xmlXPathEvalExpression' >> >> Any guidance on getting this compiled correctly? >> Cheers >> >> ------------------------------------------------------------------------------ >> Managing the Performance of Cloud-Based Applications >> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. >> Read the Whitepaper. >> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If > you are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the > sender and destroy the material in its entirety, whether in electronic > or hard copy format. > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
From: Felipe C. <FC...@tr...> - 2014-03-01 02:13:58
|
Hi Derek, I am happy that you managed to get it working. ModSecurity running on OpenWRT is something cool. Are you planning to pack it into an "ipk"? It will be nice to install ModSecurity using "opkg" ;) Contributions are very welcome. Once you have the changes ready to go, just place a merge request using Github. If you need to discuss something just use this thread ;) Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 28, 2014, at 10:22 PM, Derek & Vicky <the...@gm...<mailto:the...@gm...>> wrote: Thanks for the diagnostics. ld shows that the linker is not finding libraries properly as you suspected. This is the openwr t platform. Looks to use gcc. The Issue I'm having I believe really has to do with the make file creation. It suggests using rpath or rpath-link so I'm working to properly integrate them into the Makefile. I'll report progress when get this working. Cheers Derek On 02/24/2014 11:53 AM, Felipe Costa wrote: Hi Derek, ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and _tested_ through our build farm. Here you can access the logs: http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache We are using a Beagle Bone Black to compile and to test it. It is running Ubuntu linux with RobertCNelson's kernel. I believe that you are facing a problem with your cross compiling environment. Can you share more details about your host system? How you are trying to make this cross-compilation? Do you have Scratchbox? OpenEmbeeded? are you using Linaro's gcc? So far, I can tell you that the "config" script, which will be later used by Nginx, is generated while you got ModSecurity configured as standalone module. It is done that way to reflect on the Nginx configuration the very same options that you have used in ModSecurity compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS with something else, you probably is losing the right paths to the cross compiled dependencies. Check if it is replacing the cflags. You can have a look at: $ cat /your/path/to/ModSecurity/nginx/modsecurity/config This file should contain the right paths to the cross compiled dependencies. Also check if, while compiling Nginx, this paths are being used by gcc. Other thing that you can do, is to check which libraries ModSecurity standalone so file is linked to, just to confirm that it is linked to the right dependencies (which should reflect your target compilation platform). Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <the...@gm...<mailto:the...@gm...>> wrote: Working on setting modsecurity with nginx in a forward proxy configuration on a raspberry pi. I've got modsecurity building ok it seems. Have nginx building with out modsecurity ok. But nginx will not link properly with modsecurity. nginx 1.5.10 apache 2.2.26 modsecurity 2.7.7 Getting lots of messages like modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined reference to `apr_bucket_free' nginx doesn't have a with-apr section in its configure script, so I figure this is referring to modsecurity's use of apr. Also seems to be having trouble finding the libxml2 libraries. Bunch of these messages too. ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): In function `hash_response_body_links': msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' Any guidance on getting this compiled correctly? Cheers ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Derek & V. <the...@gm...> - 2014-03-01 17:51:51
|
Felipe, I don't plan on packaging ModSecurity on its own, but more like a library so that nginx can pull it it when built. I think it would be nice to add it as a build option for the default nginx install/build for some platforms. I don't think all the platforms that run nginx will have the resources to take advantage of modsecurity too. BTW - I'll have to figure out a method to get the relevant rule sets. CRS? like freshcalm is for calmav. Any recommendations on that front? Thanks Derek On 02/28/2014 09:13 PM, Felipe Costa wrote: > Hi Derek, > > I am happy that you managed to get it working. > > ModSecurity running on OpenWRT is something cool. Are you planning to > pack it into an "ipk"? It will be nice to install ModSecurity using > "opkg" ;) > > Contributions are very welcome. Once you have the changes ready to go, > just place a merge request using Github. If you need to discuss > something just use this thread ;) > > Thanks, > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > On Feb 28, 2014, at 10:22 PM, Derek & Vicky <the...@gm... > <mailto:the...@gm...>> > wrote: > >> Thanks for the diagnostics. ld shows that the linker is not finding >> libraries properly as you suspected. This is the openwr t platform. >> Looks to use gcc. The Issue I'm having I believe really has to do >> with the make file creation. >> It suggests using rpath or rpath-link so I'm working to properly >> integrate them into the Makefile. >> >> I'll report progress when get this working. >> Cheers >> Derek >> >> >> On 02/24/2014 11:53 AM, Felipe Costa wrote: >>> Hi Derek, >>> >>> ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and >>> _tested_ through our build farm. Here you can access the logs: >>> >>> http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx >>> http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache >>> >>> We are using a Beagle Bone Black to compile and to test it. It is >>> running Ubuntu linux with RobertCNelson's kernel. >>> >>> I believe that you are facing a problem with your cross compiling >>> environment. Can you share more details about your host system? >>> How you are trying to make this cross-compilation? Do you have >>> Scratchbox? OpenEmbeeded? are you using Linaro's gcc? >>> >>> So far, I can tell you that the "config" script, which will be later >>> used by Nginx, is generated while you got ModSecurity configured as >>> standalone module. It is done that way to reflect on the Nginx >>> configuration the very same options that you have used in >>> ModSecurity compilation. If your cross compiling is replacing the >>> CFLAGS/LDFLAGS with something else, you probably is losing the right >>> paths to the cross compiled dependencies. Check if it is replacing >>> the cflags. You can have a look at: >>> >>> $ cat /your/path/to/ModSecurity/nginx/modsecurity/config >>> >>> This file should contain the right paths to the cross compiled >>> dependencies. Also check if, while compiling Nginx, this paths are >>> being used by gcc. >>> >>> Other thing that you can do, is to check which libraries ModSecurity >>> standalone so file is linked to, just to confirm that it is linked >>> to the right dependencies (which should reflect your target >>> compilation platform). >>> >>> Br., >>> *Felipe "Zimmerle" Costa* >>> Security Researcher, SpiderLabs >>> >>> *Trustwave* | SMART SECURITY ON DEMAND >>> www.trustwave.com <http://www.trustwave.com/> >>> >>> >>> >>> >>> On Feb 22, 2014, at 10:51 PM, Derek Werthmuller >>> <the...@gm... <mailto:the...@gm...>> >>> wrote: >>> >>>> Working on setting modsecurity with nginx in a forward proxy >>>> configuration on a raspberry pi. >>>> I've got modsecurity building ok it seems. Have nginx building with >>>> out modsecurity ok. But nginx will not link properly with modsecurity. >>>> >>>> nginx 1.5.10 >>>> apache 2.2.26 >>>> modsecurity 2.7.7 >>>> >>>> Getting lots of messages like >>>> modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: >>>> undefined reference to `apr_bucket_free' >>>> >>>> nginx doesn't have a with-apr section in its configure script, so I >>>> figure this is referring to modsecurity's use of apr. >>>> >>>> Also seems to be having trouble finding the libxml2 libraries. >>>> Bunch of these messages too. >>>> ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): >>>> In function `hash_response_body_links': >>>> msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' >>>> msc_crypt.c:(.text+0x184c): undefined reference to >>>> `xmlXPathEvalExpression' >>>> >>>> Any guidance on getting this compiled correctly? >>>> Cheers >>>> >>>> ------------------------------------------------------------------------------ >>>> Managing the Performance of Cloud-Based Applications >>>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. >>>> Read the Whitepaper. >>>> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________ >>>> mod-security-developers mailing list >>>> mod...@li... >>>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>>> ModSecurity Services from Trustwave's SpiderLabs: >>>> https://www.trustwave.com/spiderLabs.php >>> >>> >>> ------------------------------------------------------------------------ >>> >>> This transmission may contain information that is privileged, >>> confidential, and/or exempt from disclosure under applicable law. If >>> you are not the intended recipient, you are hereby notified that any >>> disclosure, copying, distribution, or use of the information >>> contained herein (including any reliance thereon) is strictly >>> prohibited. If you received this transmission in error, please >>> immediately contact the sender and destroy the material in its >>> entirety, whether in electronic or hard copy format. >>> >>> >>> ------------------------------------------------------------------------------ >>> Flow-based real-time traffic analytics software. Cisco certified tool. >>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer >>> Customize your own dashboards, set traffic alerts and generate reports. >>> Network behavioral analysis & security monitoring. All-in-one tool. >>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk >>> >>> >>> _______________________________________________ >>> mod-security-developers mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> ModSecurity Services from Trustwave's SpiderLabs: >>> https://www.trustwave.com/spiderLabs.php >> >> ------------------------------------------------------------------------------ >> Flow-based real-time traffic analytics software. Cisco certified tool. >> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer >> Customize your own dashboards, set traffic alerts and generate reports. >> Network behavioral analysis & security monitoring. All-in-one tool. >> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk_______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If > you are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the > sender and destroy the material in its entirety, whether in electronic > or hard copy format. > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
From: Derek W. <the...@gm...> - 2014-03-02 23:46:41
|
Felipe, How did you get around cross compiling with-apxs=/usr/sbin/apxs ? When the apxs config wants to start httpd? But httpd can't run on the i686 arch when the binary is for arm? Can the build host use its own i686 httpd binary in the case? Cheers Derek On Sat, Mar 1, 2014 at 12:51 PM, Derek & Vicky <the...@gm...>wrote: > > Felipe, > I don't plan on packaging ModSecurity on its own, but more like a library > so that nginx can pull it it when built. I think it would be nice to add > it as a build option for the default nginx install/build for some > platforms. I don't think all the platforms that run nginx will have the > resources to take advantage of modsecurity too. > > BTW - I'll have to figure out a method to get the relevant rule sets. > CRS? like freshcalm is for calmav. Any recommendations on that front? > Thanks > Derek > > > > > On 02/28/2014 09:13 PM, Felipe Costa wrote: > > Hi Derek, > > I am happy that you managed to get it working. > > ModSecurity running on OpenWRT is something cool. Are you planning to > pack it into an "ipk"? It will be nice to install ModSecurity using "opkg" > ;) > > Contributions are very welcome. Once you have the changes ready to go, > just place a merge request using Github. If you need to discuss something > just use this thread ;) > > Thanks, > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > On Feb 28, 2014, at 10:22 PM, Derek & Vicky <the...@gm...> > wrote: > > Thanks for the diagnostics. ld shows that the linker is not finding > libraries properly as you suspected. This is the openwr t platform. Looks > to use gcc. The Issue I'm having I believe really has to do with the make > file creation. > It suggests using rpath or rpath-link so I'm working to properly integrate > them into the Makefile. > > I'll report progress when get this working. > Cheers > Derek > > > On 02/24/2014 11:53 AM, Felipe Costa wrote: > > Hi Derek, > > ARM won't be a problem. We do have ModSecurity/ARM _compiled_ and > _tested_ through our build farm. Here you can access the logs: > > > http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Nginx > > http://www.modsecurity.org/developers/buildbot/builders/LinuxARM%20-%20Apache > > We are using a Beagle Bone Black to compile and to test it. It is > running Ubuntu linux with RobertCNelson's kernel. > > I believe that you are facing a problem with your cross compiling > environment. Can you share more details about your host system? > How you are trying to make this cross-compilation? Do you have Scratchbox? > OpenEmbeeded? are you using Linaro's gcc? > > So far, I can tell you that the "config" script, which will be later > used by Nginx, is generated while you got ModSecurity configured as > standalone module. It is done that way to reflect on the Nginx > configuration the very same options that you have used in ModSecurity > compilation. If your cross compiling is replacing the CFLAGS/LDFLAGS with > something else, you probably is losing the right paths to the cross > compiled dependencies. Check if it is replacing the cflags. You can have a > look at: > > $ cat /your/path/to/ModSecurity/nginx/modsecurity/config > > This file should contain the right paths to the cross compiled > dependencies. Also check if, while compiling Nginx, this paths are being > used by gcc. > > Other thing that you can do, is to check which libraries ModSecurity > standalone so file is linked to, just to confirm that it is linked to the > right dependencies (which should reflect your target compilation platform). > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > > > > On Feb 22, 2014, at 10:51 PM, Derek Werthmuller <the...@gm...> > wrote: > > Working on setting modsecurity with nginx in a forward proxy > configuration on a raspberry pi. > I've got modsecurity building ok it seems. Have nginx building with out > modsecurity ok. But nginx will not link properly with modsecurity. > > nginx 1.5.10 > apache 2.2.26 > modsecurity 2.7.7 > > Getting lots of messages like > modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined > reference to `apr_bucket_free' > > nginx doesn't have a with-apr section in its configure script, so I > figure this is referring to modsecurity's use of apr. > > Also seems to be having trouble finding the libxml2 libraries. > Bunch of these messages too. > ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): > In function `hash_response_body_links': > msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' > msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' > > Any guidance on getting this compiled correctly? > Cheers > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > > http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk_______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool.http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > > > > _______________________________________________ > mod-security-developers mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs:https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk_______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool.http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > > > > _______________________________________________ > mod-security-developers mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs:https://www.trustwave.com/spiderLabs.php > > > |
From: Derek W. <the...@gm...> - 2014-04-02 12:32:37
|
I've given up on nginx and modsecurity. Not because I don't think it works but because nginx is not a good forward proxy. I'm now working to get the cross compile to work for the modsecurity and apache. I'm using the latest rc 2.8.0 and am getting a compile error, not sure if its due to tool chain issues or an issue with the code. I've downloaded the code from git. https://github.com/SpiderLabs/ModSecurity/releases/download/v2.8.0-rc1/ msc_status_engine.c: In function 'msc_status_engine_machine_name': msc_status_engine.c:137:26: error: storage size of 'u' isn't known static struct utsname u; ^ make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 Thanks Derek On Sat, Feb 22, 2014 at 8:51 PM, Derek Werthmuller <the...@gm...>wrote: > Working on setting modsecurity with nginx in a forward proxy configuration > on a raspberry pi. > I've got modsecurity building ok it seems. Have nginx building with out > modsecurity ok. But nginx will not link properly with modsecurity. > > nginx 1.5.10 > apache 2.2.26 > modsecurity 2.7.7 > > Getting lots of messages like > modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined > reference to `apr_bucket_free' > > nginx doesn't have a with-apr section in its configure script, so I figure > this is referring to modsecurity's use of apr. > > Also seems to be having trouble finding the libxml2 libraries. > Bunch of these messages too. > ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): > In function `hash_response_body_links': > msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' > msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' > > Any guidance on getting this compiled correctly? > Cheers > > |
From: Felipe C. <FC...@tr...> - 2014-04-02 13:25:58
|
Hi Derek, The problem probably happens due to the lack of the inclusion of this header: sys/utsname.h This header is just used on Linux, so prior to the inclusion I am doing a verification to see if the target machine is a Linux or not, for that, I was using the following condition: #ifdef __gnu_linux__ … #endif Probably your cross compiler was not setting this macro. I have changed it to: #if (defined(__linux__) || defined(__gnu_linux__)) … #endif This sound more `fail proof`. The modification is available at the branch: cross_test https://github.com/SpiderLabs/ModSecurity/tree/cross_test Can you check if it is working fine? If not, can you send me the list of pre-defined macros of your compiler? Easy to get the list: touch /tmp/somefile.c cpp -dM /tmp/somefile.c Change cpp for your C++ cross compiler alternative. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Apr 2, 2014, at 9:32 AM, Derek Werthmuller <the...@gm...<mailto:the...@gm...>> wrote: I've given up on nginx and modsecurity. Not because I don't think it works but because nginx is not a good forward proxy. I'm now working to get the cross compile to work for the modsecurity and apache. I'm using the latest rc 2.8.0 and am getting a compile error, not sure if its due to tool chain issues or an issue with the code. I've downloaded the code from git. https://github.com/SpiderLabs/ModSecurity/releases/download/v2.8.0-rc1/ msc_status_engine.c: In function 'msc_status_engine_machine_name': msc_status_engine.c:137:26: error: storage size of 'u' isn't known static struct utsname u; ^ make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 Thanks Derek On Sat, Feb 22, 2014 at 8:51 PM, Derek Werthmuller <the...@gm...<mailto:the...@gm...>> wrote: Working on setting modsecurity with nginx in a forward proxy configuration on a raspberry pi. I've got modsecurity building ok it seems. Have nginx building with out modsecurity ok. But nginx will not link properly with modsecurity. nginx 1.5.10 apache 2.2.26 modsecurity 2.7.7 Getting lots of messages like modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: undefined reference to `apr_bucket_free' nginx doesn't have a with-apr section in its configure script, so I figure this is referring to modsecurity's use of apr. Also seems to be having trouble finding the libxml2 libraries. Bunch of these messages too. ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): In function `hash_response_body_links': msc_crypt.c:(.text+0x17ec): undefined reference to `xmlXPathNewContext' msc_crypt.c:(.text+0x184c): undefined reference to `xmlXPathEvalExpression' Any guidance on getting this compiled correctly? Cheers ------------------------------------------------------------------------------ _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Derek & V. <the...@gm...> - 2014-04-03 12:31:26
|
Felipe, Using the cross test code I no longer get that error message. I get others but those may be related to my cross compile build environment. Cheers Derek On 04/02/2014 09:25 AM, Felipe Costa wrote: > Hi Derek, > > The problem probably happens due to the lack of the inclusion of this > header: sys/utsname.h > > This header is just used on Linux, so prior to the inclusion I am > doing a verification to see if the target machine is a Linux or not, > for that, I was using the following condition: > #ifdef __gnu_linux__ > ... > #endif > > Probably your cross compiler was not setting this macro. I have > changed it to: > #if (defined(__linux__) || defined(__gnu_linux__)) > ... > #endif > > This sound more `fail proof`. The modification is available at the > branch: cross_test > > https://github.com/SpiderLabs/ModSecurity/tree/cross_test > > Can you check if it is working fine? > > If not, can you send me the list of pre-defined macros of your > compiler? Easy to get the list: > > touch /tmp/somefile.c > cpp -dM /tmp/somefile.c > > Change cpp for your C++ cross compiler alternative. > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > On Apr 2, 2014, at 9:32 AM, Derek Werthmuller <the...@gm... > <mailto:the...@gm...>> > wrote: > >> I've given up on nginx and modsecurity. Not because I don't think it >> works but because nginx is not a good forward proxy. I'm now working >> to get the cross compile to work for the modsecurity and apache. >> >> I'm using the latest rc 2.8.0 and am getting a compile error, not >> sure if its due to tool chain issues or an issue with the code. >> I've downloaded the code from git. >> https://github.com/SpiderLabs/ModSecurity/releases/download/v2.8.0-rc1/ >> >> msc_status_engine.c: In function 'msc_status_engine_machine_name': >> msc_status_engine.c:137:26: error: storage size of 'u' isn't known >> static struct utsname u; >> ^ >> make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 >> >> Thanks >> Derek >> >> >> On Sat, Feb 22, 2014 at 8:51 PM, Derek Werthmuller >> <the...@gm... <mailto:the...@gm...>> wrote: >> >> Working on setting modsecurity with nginx in a forward proxy >> configuration on a raspberry pi. >> I've got modsecurity building ok it seems. Have nginx building >> with out modsecurity ok. But nginx will not link properly with >> modsecurity. >> >> nginx 1.5.10 >> apache 2.2.26 >> modsecurity 2.7.7 >> >> Getting lots of messages like >> modsecurity-apache_2.7.7/nginx/modsecurity/apr_bucket_nginx.c:67: >> undefined reference to `apr_bucket_free' >> >> nginx doesn't have a with-apr section in its configure script, so >> I figure this is referring to modsecurity's use of apr. >> >> Also seems to be having trouble finding the libxml2 libraries. >> Bunch of these messages too. >> ../modsecurity-apache_2.7.7/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-msc_crypt.o): >> In function `hash_response_body_links': >> msc_crypt.c:(.text+0x17ec): undefined reference to >> `xmlXPathNewContext' >> msc_crypt.c:(.text+0x184c): undefined reference to >> `xmlXPathEvalExpression' >> >> Any guidance on getting this compiled correctly? >> Cheers >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> <mailto:mod...@li...> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If > you are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the > sender and destroy the material in its entirety, whether in electronic > or hard copy format. > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
From: Felipe C. <FC...@tr...> - 2014-04-03 12:53:04
|
Hi, On Apr 3, 2014, at 9:31 AM, Derek & Vicky <the...@gm...<mailto:the...@gm...>> wrote: Felipe, Using the cross test code I no longer get that error message. I get others but those may be related to my cross compile build environment. Cheers Derek Cool :) Can you give a try on: https://github.com/SpiderLabs/ModSecurity/tree/utsname_autotools I think this last one is a more appropriate fix. Regarding to the other problems that you are facing while cross-compiling, if you want to share... not sure if I can help, but I can try. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Derek W. <the...@gm...> - 2014-04-04 16:33:22
|
Felipe, That utsname_autotools gave me the "msc_status_engine.c:137:26: error: storage size of 'u' isn't known make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 " Error again. Should I try the other fix version you setup? On Thu, Apr 3, 2014 at 8:52 AM, Felipe Costa <FC...@tr...> wrote: > > Hi, > > On Apr 3, 2014, at 9:31 AM, Derek & Vicky <the...@gm...> > wrote: > > Felipe, > Using the cross test code I no longer get that error message. I get others > but those may be related to my cross compile build environment. > Cheers > Derek > > > Cool :) > > Can you give a try on: > https://github.com/SpiderLabs/ModSecurity/tree/utsname_autotools > > I think this last one is a more appropriate fix. > > Regarding to the other problems that you are facing while > cross-compiling, if you want to share... not sure if I can help, but I can > try. > > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
From: Felipe C. <FC...@tr...> - 2014-04-04 16:57:41
|
Hi Derek, On Apr 4, 2014, at 1:33 PM, Derek Werthmuller <the...@gm...<mailto:the...@gm...>> wrote: Felipe, That utsname_autotools gave me the "msc_status_engine.c:137:26: error: storage size of 'u' isn't known make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 " Error again. Thanks for test. Can you double check if you are really on the "utsname_autotools" branch? Can you try it in a fresh directory? It seems to me that this error is part of "master", as this line 137 is where this structure is used at the branch master. In utsname_autotools, if happens, it should be on line 140 (if i am not mistaken). Can you double check that? Also, can you check if there is something similar to "#define HAVE_SYS_UTSNAME_H 1" in your config.log ? Should I try the other fix version you setup? Lets have this second chance on the branch: "msc_status_engine" first. I want to push this to master, but first i want to make sure that it is working for everybody. Thanks for helping us to sort this out ;) Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Derek W. <the...@gm...> - 2014-04-09 12:11:01
|
Felipe, I Setup a clean build directory and now utsname.sys is found along with the signal.h and errno.h. But now I'm getting this "include nested too deeply" message. Now I added the path to the path to utsname.sys to my makefile by using the TARGET_CPPFLAGS, its found in toolchain/include/sys TARGET_CPPFLAGS += \ -I$(STAGING_DIR)/usr/include/libxml2 \ -I$(STAGING_DIR)/usr/share/build/ \ -I$(STAGING_DIR)/usr/include/apache \ -I$(STAGING_DIR)/usr/include/apr-1 \ -I$(STAGING_DIR)/usr/lib/ \ -I$(TOOLCHAIN_DIR)/include/sys \ development/openwrt/staging_dir/toolchain-arm_arm1176jzf-s+vfp_gcc-4.8-linaro_uClibc-0.9.33.2_eabi/include/sys/signal.h:1:20: error: #include nested too deeply #include <signal.h> ^ make[5]: *** [mod_security2_la-acmp.lo] Error 1 Any ideas how to get past this error, I'm not really sure what it means. Thanks Derek On Fri, Apr 4, 2014 at 12:56 PM, Felipe Costa <FC...@tr...> wrote: > Hi Derek, > > On Apr 4, 2014, at 1:33 PM, Derek Werthmuller <the...@gm...> > wrote: > > Felipe, > That utsname_autotools gave me the "msc_status_engine.c:137:26: error: > storage size of 'u' isn't known > make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 > " > Error again. > > > Thanks for test. > > Can you double check if you are really on the "utsname_autotools" > branch? Can you try it in a fresh directory? > > It seems to me that this error is part of "master", as this line 137 is > where this structure is used at the branch master. In utsname_autotools, if > happens, it should be on line 140 (if i am not mistaken). > > Can you double check that? Also, can you check if there is something > similar to "#define HAVE_SYS_UTSNAME_H 1" in your config.log ? > > > Should I try the other fix version you setup? > > Lets have this second chance on the branch: "msc_status_engine" first. I > want to push this to master, but first i want to make sure that it is > working for everybody. > > Thanks for helping us to sort this out ;) > > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
From: Derek & V. <the...@gm...> - 2014-04-11 02:24:32
|
Is there a configure option to disable the status engine? so its not built? My compile process is stuck on that right now and I'd like to disable it so I can get things working then go back and add things in. Thanks Derek On 04/09/2014 08:10 AM, Derek Werthmuller wrote: > Felipe, > I Setup a clean build directory and now utsname.sys is found along > with the signal.h and errno.h. But now I'm getting this "include > nested too deeply" message. > Now I added the path to the path to utsname.sys to my makefile by > using the TARGET_CPPFLAGS, its found in toolchain/include/sys > > TARGET_CPPFLAGS += \ > -I$(STAGING_DIR)/usr/include/libxml2 \ > -I$(STAGING_DIR)/usr/share/build/ \ > -I$(STAGING_DIR)/usr/include/apache \ > -I$(STAGING_DIR)/usr/include/apr-1 \ > -I$(STAGING_DIR)/usr/lib/ \ > -I$(TOOLCHAIN_DIR)/include/sys \ > > development/openwrt/staging_dir/toolchain-arm_arm1176jzf-s+vfp_gcc-4.8-linaro_uClibc-0.9.33.2_eabi/include/sys/signal.h:1:20: > error: #include nested too deeply > #include <signal.h> > ^ > make[5]: *** [mod_security2_la-acmp.lo] Error 1 > > Any ideas how to get past this error, I'm not really sure what it means. > > Thanks > Derek > > On Fri, Apr 4, 2014 at 12:56 PM, Felipe Costa <FC...@tr... > <mailto:FC...@tr...>> wrote: > > Hi Derek, > > On Apr 4, 2014, at 1:33 PM, Derek Werthmuller > <the...@gm... <mailto:the...@gm...>> > wrote: > >> Felipe, >> That utsname_autotools gave me the "msc_status_engine.c:137:26: >> error: storage size of 'u' isn't known >> make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 >> " >> Error again. > > Thanks for test. > > Can you double check if you are really on the "utsname_autotools" > branch? Can you try it in a fresh directory? > > It seems to me that this error is part of "master", as this line > 137 is where this structure is used at the branch master. > In utsname_autotools, if happens, it should be on line 140 (if i > am not mistaken). > > Can you double check that? Also, can you check if there is > something similar to "#define HAVE_SYS_UTSNAME_H 1" in your > config.log ? > > >> Should I try the other fix version you setup? > Lets have this second chance on the branch: "msc_status_engine" > first. I want to push this to master, but first i want to make > sure that it is working for everybody. > > Thanks for helping us to sort this out ;) > > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > ------------------------------------------------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. > If you are not the intended recipient, you are hereby notified > that any disclosure, copying, distribution, or use of the > information contained herein (including any reliance thereon) is > strictly prohibited. If you received this transmission in error, > please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > > ------------------------------------------------------------------------------ > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > |
From: Felipe C. <FC...@tr...> - 2014-04-11 12:44:01
|
Hi Derek, You are able to compile a previous version (in a *fresh* directory), lets say version 2.7.7? I am asking that cause this "nested too deeply" is usually consequence of a circular dependency. Not sure what is happening, but it seems to be a cross compiling issue, if it was the case, disable the status engine you will not help you. Can you share your config.log ? Are you using this: http://wiki.openwrt.org/doc/howto/build ? After run the ./autogen and ./configure there should be a file named: "apache2/modsecurity_config_auto.h" inside this file, there is a definition: HAVE_SYS_UTSNAME_H. Set this definition to "0" and it should act like sys/utsname.h does not exist in your platform. Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Apr 10, 2014, at 11:24 PM, Derek & Vicky <the...@gm...<mailto:the...@gm...>> wrote: Is there a configure option to disable the status engine? so its not built? My compile process is stuck on that right now and I'd like to disable it so I can get things working then go back and add things in. Thanks Derek On 04/09/2014 08:10 AM, Derek Werthmuller wrote: Felipe, I Setup a clean build directory and now utsname.sys is found along with the signal.h and errno.h. But now I'm getting this "include nested too deeply" message. Now I added the path to the path to utsname.sys to my makefile by using the TARGET_CPPFLAGS, its found in toolchain/include/sys TARGET_CPPFLAGS += \ -I$(STAGING_DIR)/usr/include/libxml2 \ -I$(STAGING_DIR)/usr/share/build/ \ -I$(STAGING_DIR)/usr/include/apache \ -I$(STAGING_DIR)/usr/include/apr-1 \ -I$(STAGING_DIR)/usr/lib/ \ -I$(TOOLCHAIN_DIR)/include/sys \ development/openwrt/staging_dir/toolchain-arm_arm1176jzf-s+vfp_gcc-4.8-linaro_uClibc-0.9.33.2_eabi/include/sys/signal.h:1:20: error: #include nested too deeply #include <signal.h> ^ make[5]: *** [mod_security2_la-acmp.lo] Error 1 Any ideas how to get past this error, I'm not really sure what it means. Thanks Derek On Fri, Apr 4, 2014 at 12:56 PM, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Hi Derek, On Apr 4, 2014, at 1:33 PM, Derek Werthmuller <the...@gm...<mailto:the...@gm...>> wrote: Felipe, That utsname_autotools gave me the "msc_status_engine.c:137:26: error: storage size of 'u' isn't known make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 " Error again. Thanks for test. Can you double check if you are really on the "utsname_autotools" branch? Can you try it in a fresh directory? It seems to me that this error is part of "master", as this line 137 is where this structure is used at the branch master. In utsname_autotools, if happens, it should be on line 140 (if i am not mistaken). Can you double check that? Also, can you check if there is something similar to "#define HAVE_SYS_UTSNAME_H 1" in your config.log ? Should I try the other fix version you setup? Lets have this second chance on the branch: "msc_status_engine" first. I want to push this to master, but first i want to make sure that it is working for everybody. Thanks for helping us to sort this out ;) Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees_______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Derek & V. <the...@gm...> - 2014-04-13 20:12:43
|
Well I got it working for the 2.7.7 version, it turns out that the path I used to utsname.h was just a header file that referenced other locations. So I searched for other copies of the utsname.h and made sure that they were complete files. Then it finished compiling. I don't know if the image works yet but I know it builds. Going to try the 2.8.0 RC-1 and if that builds I'll try that image on the openwrt powered Pi. Thanks for your help Felipe. I'll be sending a note to get advice on what CRS rules make the most sense on a forward prox y. Derek On 04/11/2014 08:43 AM, Felipe Costa wrote: > Hi Derek, > > You are able to compile a previous version (in a *fresh* directory), > lets say version 2.7.7? > > I am asking that cause this "nested too deeply" is usually consequence > of a circular dependency. > > Not sure what is happening, but it seems to be a cross compiling > issue, if it was the case, disable the status engine you will not help > you. > > Can you share your config.log ? > > Are you using this: > http://wiki.openwrt.org/doc/howto/build ? > > After run the ./autogen and ./configure there should be a file named: > "apache2/modsecurity_config_auto.h" inside this file, there is a > definition: HAVE_SYS_UTSNAME_H. Set this definition to "0" and it > should act like sys/utsname.h does not exist in your platform. > > Br., > *Felipe "Zimmerle" Costa* > Security Researcher, SpiderLabs > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > On Apr 10, 2014, at 11:24 PM, Derek & Vicky <the...@gm... > <mailto:the...@gm...>> > wrote: > >> Is there a configure option to disable the status engine? so its not >> built? My compile process is stuck on that right now and I'd like to >> disable it so I can get things working then go back and add things in. >> >> Thanks >> Derek >> >> On 04/09/2014 08:10 AM, Derek Werthmuller wrote: >>> Felipe, >>> I Setup a clean build directory and now utsname.sys is found along >>> with the signal.h and errno.h. But now I'm getting this "include >>> nested too deeply" message. >>> Now I added the path to the path to utsname.sys to my makefile by >>> using the TARGET_CPPFLAGS, its found in toolchain/include/sys >>> >>> TARGET_CPPFLAGS += \ >>> -I$(STAGING_DIR)/usr/include/libxml2 \ >>> -I$(STAGING_DIR)/usr/share/build/ \ >>> -I$(STAGING_DIR)/usr/include/apache \ >>> -I$(STAGING_DIR)/usr/include/apr-1 \ >>> -I$(STAGING_DIR)/usr/lib/ \ >>> -I$(TOOLCHAIN_DIR)/include/sys \ >>> >>> development/openwrt/staging_dir/toolchain-arm_arm1176jzf-s+vfp_gcc-4.8-linaro_uClibc-0.9.33.2_eabi/include/sys/signal.h:1:20: >>> error: #include nested too deeply >>> #include <signal.h> >>> ^ >>> make[5]: *** [mod_security2_la-acmp.lo] Error 1 >>> >>> Any ideas how to get past this error, I'm not really sure what it means. >>> >>> Thanks >>> Derek >>> >>> On Fri, Apr 4, 2014 at 12:56 PM, Felipe Costa <FC...@tr... >>> <mailto:FC...@tr...>> wrote: >>> >>> Hi Derek, >>> >>> On Apr 4, 2014, at 1:33 PM, Derek Werthmuller >>> <the...@gm... <mailto:the...@gm...>> >>> wrote: >>> >>>> Felipe, >>>> That utsname_autotools gave me the "msc_status_engine.c:137:26: >>>> error: storage size of 'u' isn't known >>>> make[5]: *** [mod_security2_la-msc_status_engine.lo] Error 1 >>>> " >>>> Error again. >>> >>> Thanks for test. >>> >>> Can you double check if you are really on the >>> "utsname_autotools" branch? Can you try it in a fresh directory? >>> >>> It seems to me that this error is part of "master", as this line >>> 137 is where this structure is used at the branch master. >>> In utsname_autotools, if happens, it should be on line 140 (if i >>> am not mistaken). >>> >>> Can you double check that? Also, can you check if there is >>> something similar to "#define HAVE_SYS_UTSNAME_H 1" in your >>> config.log ? >>> >>> >>>> Should I try the other fix version you setup? >>> Lets have this second chance on the branch: "msc_status_engine" >>> first. I want to push this to master, but first i want to make >>> sure that it is working for everybody. >>> >>> Thanks for helping us to sort this out ;) >>> >>> >>> Br., >>> *Felipe "Zimmerle" Costa* >>> Security Researcher, SpiderLabs >>> >>> *Trustwave* | SMART SECURITY ON DEMAND >>> www.trustwave.com <http://www.trustwave.com/> >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> This transmission may contain information that is privileged, >>> confidential, and/or exempt from disclosure under applicable >>> law. If you are not the intended recipient, you are hereby >>> notified that any disclosure, copying, distribution, or use of >>> the information contained herein (including any reliance >>> thereon) is strictly prohibited. If you received this >>> transmission in error, please immediately contact the sender and >>> destroy the material in its entirety, whether in electronic or >>> hard copy format. >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> mod-security-developers mailing list >>> mod...@li... >>> <mailto:mod...@li...> >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> ModSecurity Services from Trustwave's SpiderLabs: >>> https://www.trustwave.com/spiderLabs.php >>> >>> >> >> ------------------------------------------------------------------------------ >> Put Bad Developers to Shame >> Dominate Development with Jenkins Continuous Integration >> Continuously Automate Build, Test & Deployment >> Start a new project now. Try Jenkins in the cloud. >> http://p.sf.net/sfu/13600_Cloudbees_______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If > you are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the > sender and destroy the material in its entirety, whether in electronic > or hard copy format. > > > ------------------------------------------------------------------------------ > Put Bad Developers to Shame > Dominate Development with Jenkins Continuous Integration > Continuously Automate Build, Test & Deployment > Start a new project now. Try Jenkins in the cloud. > http://p.sf.net/sfu/13600_Cloudbees > > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
From: Walter H. <mo...@sp...> - 2014-04-02 15:49:34
|
Hi Felipe, I have a similar compiler error when building on FreeBSD. The error remains after applying the patch. For completeness: msc_status_engine.c: In function 'msc_status_engine_machine_name': msc_status_engine.c:137: error: storage size of 'u' isn't known *** [mod_security2_la-msc_status_engine.lo] Error code 1 FreeBSD does have utsname.h. You can find the man page here: http://www.freebsd.org/cgi/man.cgi?query=uname&sektion=3&n=1 If necessary, my macros are at: http://lf.ms/macros.txt Glad to help so let us know if we should retry. Kind regards, WH On 02 Apr 2014, at 15:25, Felipe Costa <FC...@tr...> wrote: > Probably your cross compiler was not setting this macro. I have changed it to: > #if (defined(__linux__) || defined(__gnu_linux__)) > … > #endif > > This sound more `fail proof`. The modification is available at the branch: cross_test > > https://github.com/SpiderLabs/ModSecurity/tree/cross_test > > Can you check if it is working fine? > > If not, can you send me the list of pre-defined macros of your compiler? Easy to get the list: > > touch /tmp/somefile.c > cpp -dM /tmp/somefile.c -- Walter Hop | wa...@li... | PGP key: https://lifeforms.nl/pgp |
From: Felipe C. <FC...@tr...> - 2014-04-02 19:04:08
|
Hi Walter, It seems that a lot of platforms does have this header file and structure: Solaris: http://docs.oracle.com/cd/E23823_01/html/816-5167/uname-2.html#REFMAN2uname-2 AIX: http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.basetechref/doc/basetrf2/uname.htm NetWere: http://www.novell.com/documentation/developer/libc/libc_vol2/data/aioskrg.html MacOS: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/uname.3.html HPUX: http://www.hpmigrations.com/hpe3000_resources/MPE_to_HP-UX_cross-reference/system_administration_cross-reference/cmd.html?cmdid=MS_303 FreeBSD: http://www.freebsd.org/cgi/man.cgi?query=uname&sektion=3&n=1 OpenBSD: http://nixdoc.net/man-pages/OpenBSD/uname.3.html NetBSD: http://netbsd.gw.com/cgi-bin/man-cgi?uname+3+NetBSD-6.0.1 Linux: http://linux.die.net/man/2/uname Instead of have hardcoded #ifdefs, I am now checking for this header using autotools, during the configure. Here goes the new branch: https://github.com/SpiderLabs/ModSecurity/tree/utsname_autotools Can you guys check if it is working fine? Thanks, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Apr 2, 2014, at 12:49 PM, Walter Hop <mo...@sp...<mailto:mo...@sp...>> wrote: Hi Felipe, I have a similar compiler error when building on FreeBSD. The error remains after applying the patch. For completeness: msc_status_engine.c: In function 'msc_status_engine_machine_name': msc_status_engine.c:137: error: storage size of 'u' isn't known *** [mod_security2_la-msc_status_engine.lo] Error code 1 FreeBSD does have utsname.h. You can find the man page here: http://www.freebsd.org/cgi/man.cgi?query=uname&sektion=3&n=1 If necessary, my macros are at: http://lf.ms/macros.txt Glad to help so let us know if we should retry. Kind regards, WH On 02 Apr 2014, at 15:25, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Probably your cross compiler was not setting this macro. I have changed it to: #if (defined(__linux__) || defined(__gnu_linux__)) … #endif This sound more `fail proof`. The modification is available at the branch: cross_test https://github.com/SpiderLabs/ModSecurity/tree/cross_test Can you check if it is working fine? If not, can you send me the list of pre-defined macros of your compiler? Easy to get the list: touch /tmp/somefile.c cpp -dM /tmp/somefile.c -- Walter Hop | wa...@li...<mailto:wa...@li...> | PGP key: https://lifeforms.nl/pgp ------------------------------------------------------------------------------ _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Walter H. <mo...@sp...> - 2014-04-02 21:00:57
|
On 02 Apr 2014, at 21:03, Felipe Costa <FC...@tr...> wrote: > Instead of have hardcoded #ifdefs, I am now checking for this header using autotools, during the configure. > > Here goes the new branch: > https://github.com/SpiderLabs/ModSecurity/tree/utsname_autotools > > Can you guys check if it is working fine? Awesome! Looking good. It builds, installs, passes unit tests and passes our own regression tests on FreeBSD 9.2 amd64 + Apache. I haven’t had time to check the new features yet, I will look at those probably Monday. Kind regards, WH |
From: Felipe C. <FC...@tr...> - 2014-04-02 21:15:33
|
Hey, On Apr 2, 2014, at 6:00 PM, Walter Hop <mo...@sp...<mailto:mo...@sp...>> wrote: Awesome! Looking good. It builds, installs, passes unit tests and passes our own regression tests on FreeBSD 9.2 amd64 + Apache. I haven’t had time to check the new features yet, I will look at those probably Monday. Nice to hear that :) FreeBSD is on the list to be part of our Build farms, as you can see here: http://www.modsecurity.org/developers/buildbot/builders/FreeBSD%20-%20Apache We don't have the virtual machine ready yet. I will work on that for the next release. Thanks for you help testing and reporting, Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |