Thanks. I just finished trying a bash script to send me an email. It looks like this:
/bin/mail -s "My subject" email@example.com
This is a test email.
It's permissions are:
[root@cp mod_sec]# ls -l
-rwxr-xr-x 1 root root 93 Apr 26 10:34 report-attack.sh
The permissions on /bin/mail are:
[root@cp mod_sec]# ls -l /bin/mail
-rwxr-xr-x 1 root mail 66492 Jun 24 2001 /bin/mail
Again, I have no problems doing this from the command line,
it's just when mod_sec tries to do it. Our apache is not chrooted nor
are we using the mod_sec chroot path.
I increased the dubug
level to 9 and there were no error messages, just it's normal stuff.
Another interesting thing I noticed was that the error code returned is
403, but it should be 500 as the default is set:
# By default log and deny suspicious requests
# with HTTP status 500
ideas why it would be giving a different error code for this rule with
an exec on it as well? Here is the entire entry from the audit log:
Request: REMOVED xx.xx.xx.xx - - [26/Apr/2006:10:33:55 -0400] "GET /index.php?act=rssout&id=1&/
bin/davetest HTTP/1.1" 403 219 "-" "Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:22.214.171.124
) Gecko/20060308 Firefox/1.
5.0.2" RE@E0woBlkYAAEUAj4k "-"
GET /index.php?act=rssout&id=1&/bin/davetest HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
) Gecko/20060308 Firefox/126.96.36.199