have problem with mod security installation from source. (tried 2.5, 2.6.7 and 2.7 rc3 versions)
main problem: i am able to build it, but apache2 doesn't load with mod security enabled:
config test gives: > /opt/apache2/bin/apachectl configtest
httpd: Syntax error on line 149 of /opt/apache2/conf/httpd.conf: Cannot load modules/mod_security2.so into server: /opt/apache2/modules/mod_security2.so: undefined symbol: ap_log_error
libxml2.so is loaded beforehand as LoadFile option
(this error is present in all mod_security versions tried)
(remark - in version 2.5x and 2.6.7 -with-pcre-jit not used as not supported)
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for a thread-safe mkdir -p… /bin/mkdir -p
checking for gawk… no
checking for mawk… mawk
checking whether make sets $(MAKE)… yes
checking build system type… x86_64-unknown-linux-gnu
checking host system type… x86_64-unknown-linux-gnu
checking for style of include used by make… GNU
checking for gcc… gcc
checking whether the C compiler works… yes
checking for C compiler default output file name… a.out
checking for suffix of executables…
checking whether we are cross compiling… no
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ISO C89… none needed
checking dependency style of gcc… gcc3
checking for a sed that does not truncate output… /bin/sed
checking for grep that handles long lines and -e… /bin/grep
checking for egrep… /bin/grep -E
checking for fgrep… /bin/grep -F
checking for ld used by gcc… /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld… yes
checking for BSD- or MS-compatible name lister (nm)… /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface… BSD nm
checking whether ln -s works… yes
checking the maximum length of command line arguments… 1572864
checking whether the shell understands some XSI constructs… yes
checking whether the shell understands "+="… yes
checking for /usr/bin/ld option to reload object files… -r
checking for objdump… objdump
checking how to recognize dependent libraries… pass_all
checking for ar… ar
checking for strip… strip
checking for ranlib… ranlib
checking command to parse /usr/bin/nm -B output from gcc object… ok
checking how to run the C preprocessor… gcc -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking for dlfcn.h… yes
checking for objdir… .libs
checking if gcc supports -fno-rtti -fno-exceptions… no
checking for gcc option to produce PIC… -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works… yes
checking if gcc static flag -static works… yes
checking if gcc supports -c -o file.o… yes
checking if gcc supports -c -o file.o… (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
checking whether -lc should be explicitly linked in… no
checking dynamic linker characteristics… GNU/Linux ld.so
checking how to hardcode library paths into programs… immediate
checking for shl_load… no
checking for shl_load in -ldld… no
checking for dlopen… no
checking for dlopen in -ldl… yes
checking whether a program can dlopen itself… yes
checking whether a statically linked program can dlopen itself… no
checking whether stripping libraries is possible… yes
checking if libtool supports shared libraries… yes
checking whether to build shared libraries… yes
checking whether to build static libraries… yes
checking for gawk… (cached) mawk
checking for gcc… (cached) gcc
checking whether we are using the GNU C compiler… (cached) yes
checking whether gcc accepts -g… (cached) yes
checking for gcc option to accept ISO C89… (cached) none needed
checking dependency style of gcc… (cached) gcc3
checking how to run the C preprocessor… gcc -E
checking whether ln -s works… yes
checking whether make sets $(MAKE)… (cached) yes
checking for grep that handles long lines and -e… (cached) /bin/grep
checking for perl… /usr/bin/perl
checking for env… /usr/bin/env
checking for ANSI C header files… (cached) yes
checking fcntl.h usability… yes
checking fcntl.h presence… yes
checking for fcntl.h… yes
checking limits.h usability… yes
checking limits.h presence… yes
checking for limits.h… yes
checking for stdlib.h… (cached) yes
checking for string.h… (cached) yes
checking for unistd.h… (cached) yes
checking for sys/types.h… (cached) yes
checking for sys/stat.h… (cached) yes
checking for an ANSI C-conforming const… yes
checking for inline… inline
checking for C/C++ restrict keyword… __restrict
checking for pid_t… yes
checking for size_t… yes
checking whether struct tm is in sys/time.h or time.h… time.h
checking for uint8_t… yes
checking for stdlib.h… (cached) yes
checking for GNU libc compatible malloc… yes
checking for working memcmp… yes
checking for atexit… yes
checking for getcwd… yes
checking for memmove… yes
checking for memset… yes
checking for strcasecmp… yes
checking for strchr… yes
checking for strdup… yes
checking for strerror… yes
checking for strncasecmp… yes
checking for strrchr… yes
checking for strstr… yes
checking for strtol… yes
checking for fchmod… yes
checking for strcasestr… yes
Checking plataform… Identified as Linux
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /opt/apache2/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script… /usr/local/bin/pcre-config
configure: using pcre v8.31
checking for libapr config script… /usr/src/httpd-2.4.3/srclib/apr/apr-1-config
configure: using apr v1.4.6
checking for libapu config script… /usr/src/httpd-2.4.3/srclib/apr-util//apu-1-config
configure: using apu v1.4.1
checking for libxml2 config script… /usr/bin/xml2-config
checking if libxml2 is at least v2.6.29… yes, 2.7.6
configure: using libxml2 v2.7.6
checking for pkg-config… /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0… yes
checking for liblua config script… /usr/bin/pkg-config
configure: using lua v5.1.4
checking for libcurl config script… /usr/bin/curl-config
checking if libcurl is at least v… yes, 7.19.7
checking if libcurl is linked with gnutls… no
configure: using curl v7.19.7
configure: creating ./config.status
config.status: creating Makefile
config.status: creating tools/Makefile
config.status: creating alp2/Makefile
config.status: creating apache2/Makefile
config.status: creating ext/Makefile
config.status: creating build/apxs-wrapper
config.status: creating mlogc/mlogc-batch-load.pl
config.status: creating tests/run-unit-tests.pl
config.status: creating tests/run-regression-tests.pl
config.status: creating tests/gen_rx-pm.pl
config.status: creating tests/csv_rx-pm.pl
config.status: creating tests/regression/server_root/conf/httpd.conf
config.status: creating tools/rules-updater.pl
config.status: creating mlogc/Makefile
config.status: creating tests/Makefile
config.status: creating apache2/modsecurity_config_auto.h
config.status: apache2/modsecurity_config_auto.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands.
make runs ok, but make test fails with error:
In function `update_rule_target_ex':
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:365: undefined reference to `ap_log_error_'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:376: undefined reference to `ap_log_error_'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:310: undefined reference to `ap_log_error_'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:355: undefined reference to `ap_log_error_'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:485: undefined reference to `ap_log_error_'
msc_test-re.o:/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:435: more undefined references to `ap_log_error_' follow
msc_test-re_operators.o: In function `msre_op_rsub_execute':
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:610: undefined reference to `ap_regexec'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:575: undefined reference to `ap_pregcomp'
msc_test-re_operators.o: In function `msre_op_rsub_param_init':
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:502: undefined reference to `ap_pregcomp'
msc_test-modsecurity.o: In function `modsecurity_init':
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/modsecurity.c:131: undefined reference to `ap_unixd_set_global_mutex_perms'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/modsecurity.c:149: undefined reference to `ap_unixd_set_global_mutex_perms'
collect2: ld returned 1 exit status
make: *** Error 1
make: Leaving directory `/usr/src/modsecurity-apache_2.7.0-rc3/tests'
make: *** Error 2
make: Leaving directory `/usr/src/modsecurity-apache_2.7.0-rc3/tests'
make: *** Error 1
how to solve this?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
have problem with mod security installation from source. (tried 2.5, 2.6.7 and 2.7 rc3 versions)
main problem: i am able to build it, but apache2 doesn't load with mod security enabled:
config test gives: > /opt/apache2/bin/apachectl configtest
httpd: Syntax error on line 149 of /opt/apache2/conf/httpd.conf: Cannot load modules/mod_security2.so into server: /opt/apache2/modules/mod_security2.so: undefined symbol: ap_log_error
libxml2.so is loaded beforehand as LoadFile option
(this error is present in all mod_security versions tried)
configured as such:
:/usr/src/modsecurity-apache_2.7.0-rc3# ./configure -enable-extentions -enable-alp2 -enable-pcre-study -enable-pcre-jit -enable-pcre-match-limit=10000000 -enable-pcre-match-limit-recursion=10000000 -enable-performance-measurement -with-apxs=/opt/apache2/bin/apxs -with-apr=/usr/src/httpd-2.4.3/srclib/apr -with-apu=/usr/src/httpd-2.4.3/srclib/apr-util/
(remark - in version 2.5x and 2.6.7 -with-pcre-jit not used as not supported)
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for a thread-safe mkdir -p… /bin/mkdir -p
checking for gawk… no
checking for mawk… mawk
checking whether make sets $(MAKE)… yes
checking build system type… x86_64-unknown-linux-gnu
checking host system type… x86_64-unknown-linux-gnu
checking for style of include used by make… GNU
checking for gcc… gcc
checking whether the C compiler works… yes
checking for C compiler default output file name… a.out
checking for suffix of executables…
checking whether we are cross compiling… no
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ISO C89… none needed
checking dependency style of gcc… gcc3
checking for a sed that does not truncate output… /bin/sed
checking for grep that handles long lines and -e… /bin/grep
checking for egrep… /bin/grep -E
checking for fgrep… /bin/grep -F
checking for ld used by gcc… /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld… yes
checking for BSD- or MS-compatible name lister (nm)… /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface… BSD nm
checking whether ln -s works… yes
checking the maximum length of command line arguments… 1572864
checking whether the shell understands some XSI constructs… yes
checking whether the shell understands "+="… yes
checking for /usr/bin/ld option to reload object files… -r
checking for objdump… objdump
checking how to recognize dependent libraries… pass_all
checking for ar… ar
checking for strip… strip
checking for ranlib… ranlib
checking command to parse /usr/bin/nm -B output from gcc object… ok
checking how to run the C preprocessor… gcc -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking for dlfcn.h… yes
checking for objdir… .libs
checking if gcc supports -fno-rtti -fno-exceptions… no
checking for gcc option to produce PIC… -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works… yes
checking if gcc static flag -static works… yes
checking if gcc supports -c -o file.o… yes
checking if gcc supports -c -o file.o… (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
checking whether -lc should be explicitly linked in… no
checking dynamic linker characteristics… GNU/Linux ld.so
checking how to hardcode library paths into programs… immediate
checking for shl_load… no
checking for shl_load in -ldld… no
checking for dlopen… no
checking for dlopen in -ldl… yes
checking whether a program can dlopen itself… yes
checking whether a statically linked program can dlopen itself… no
checking whether stripping libraries is possible… yes
checking if libtool supports shared libraries… yes
checking whether to build shared libraries… yes
checking whether to build static libraries… yes
checking for gawk… (cached) mawk
checking for gcc… (cached) gcc
checking whether we are using the GNU C compiler… (cached) yes
checking whether gcc accepts -g… (cached) yes
checking for gcc option to accept ISO C89… (cached) none needed
checking dependency style of gcc… (cached) gcc3
checking how to run the C preprocessor… gcc -E
checking whether ln -s works… yes
checking whether make sets $(MAKE)… (cached) yes
checking for grep that handles long lines and -e… (cached) /bin/grep
checking for perl… /usr/bin/perl
checking for env… /usr/bin/env
checking for ANSI C header files… (cached) yes
checking fcntl.h usability… yes
checking fcntl.h presence… yes
checking for fcntl.h… yes
checking limits.h usability… yes
checking limits.h presence… yes
checking for limits.h… yes
checking for stdlib.h… (cached) yes
checking for string.h… (cached) yes
checking for unistd.h… (cached) yes
checking for sys/types.h… (cached) yes
checking for sys/stat.h… (cached) yes
checking for an ANSI C-conforming const… yes
checking for inline… inline
checking for C/C++ restrict keyword… __restrict
checking for pid_t… yes
checking for size_t… yes
checking whether struct tm is in sys/time.h or time.h… time.h
checking for uint8_t… yes
checking for stdlib.h… (cached) yes
checking for GNU libc compatible malloc… yes
checking for working memcmp… yes
checking for atexit… yes
checking for getcwd… yes
checking for memmove… yes
checking for memset… yes
checking for strcasecmp… yes
checking for strchr… yes
checking for strdup… yes
checking for strerror… yes
checking for strncasecmp… yes
checking for strrchr… yes
checking for strstr… yes
checking for strtol… yes
checking for fchmod… yes
checking for strcasestr… yes
Checking plataform… Identified as Linux
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /opt/apache2/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script… /usr/local/bin/pcre-config
configure: using pcre v8.31
checking for libapr config script… /usr/src/httpd-2.4.3/srclib/apr/apr-1-config
configure: using apr v1.4.6
checking for libapu config script… /usr/src/httpd-2.4.3/srclib/apr-util//apu-1-config
configure: using apu v1.4.1
checking for libxml2 config script… /usr/bin/xml2-config
checking if libxml2 is at least v2.6.29… yes, 2.7.6
configure: using libxml2 v2.7.6
checking for pkg-config… /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0… yes
checking for liblua config script… /usr/bin/pkg-config
configure: using lua v5.1.4
checking for libcurl config script… /usr/bin/curl-config
checking if libcurl is at least v… yes, 7.19.7
checking if libcurl is linked with gnutls… no
configure: using curl v7.19.7
configure: creating ./config.status
config.status: creating Makefile
config.status: creating tools/Makefile
config.status: creating alp2/Makefile
config.status: creating apache2/Makefile
config.status: creating ext/Makefile
config.status: creating build/apxs-wrapper
config.status: creating mlogc/mlogc-batch-load.pl
config.status: creating tests/run-unit-tests.pl
config.status: creating tests/run-regression-tests.pl
config.status: creating tests/gen_rx-pm.pl
config.status: creating tests/csv_rx-pm.pl
config.status: creating tests/regression/server_root/conf/httpd.conf
config.status: creating tools/rules-updater.pl
config.status: creating mlogc/Makefile
config.status: creating tests/Makefile
config.status: creating apache2/modsecurity_config_auto.h
config.status: apache2/modsecurity_config_auto.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands.
make runs ok, but make test fails with error:
In function `update_rule_target_ex':
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:365: undefined reference to `ap_log_error_'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:376: undefined reference to `ap_log_error_'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:310: undefined reference to `ap_log_error_'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:355: undefined reference to `ap_log_error_'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:485: undefined reference to `ap_log_error_'
msc_test-re.o:/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re.c:435: more undefined references to `ap_log_error_' follow
msc_test-re_operators.o: In function `msre_op_rsub_execute':
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:610: undefined reference to `ap_regexec'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:575: undefined reference to `ap_pregcomp'
msc_test-re_operators.o: In function `msre_op_rsub_param_init':
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/re_operators.c:502: undefined reference to `ap_pregcomp'
msc_test-modsecurity.o: In function `modsecurity_init':
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/modsecurity.c:131: undefined reference to `ap_unixd_set_global_mutex_perms'
/usr/src/modsecurity-apache_2.7.0-rc3/tests/../apache2/modsecurity.c:149: undefined reference to `ap_unixd_set_global_mutex_perms'
collect2: ld returned 1 exit status
make: *** Error 1
make: Leaving directory `/usr/src/modsecurity-apache_2.7.0-rc3/tests'
make: *** Error 2
make: Leaving directory `/usr/src/modsecurity-apache_2.7.0-rc3/tests'
make: *** Error 1
how to solve this?
forgot to mention:
apache1:/usr/src/modsecurity-apache_2.7.0-rc3# /opt/apache2/bin/apachectl -V
Server version: Apache/2.4.3 (Unix)
Server built: Sep 13 2012 10:01:27
Server's Module Magic Number: 20120211:6
Server loaded: APR 1.4.6, APR-UTIL 1.4.1
Compiled using: APR 1.4.6, APR-UTIL 1.4.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with….
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/opt/apache2"
-D SUEXEC_BIN="/opt/apache2/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"