Re: [mod-security-users] can't start apache with mod_security
Brought to you by:
victorhora,
zimmerletw
From: Brian R. <bri...@br...> - 2009-08-07 14:39:16
|
Please send me the configure options you used and the full output of configure, make and make install steps. -B -- Brian Rectanus Senior Engineer (760) 444-6149 (866) 205-7031 (toll-free) Breach Security, Inc. 2141 Palomar Airport Road, Suite 200 Carlsbad, CA 92011 www.breach.com ----- Original Message ----- From: ici...@ya... <ici...@ya...> To: Brian Rectanus Cc: mod...@li... <mod...@li...> Sent: Fri Aug 07 03:10:22 2009 Subject: Re: [mod-security-users] can't start apache with mod_security OK fixed the missing pcre header that the module was complaining about and managed to install the 2.5.9 version. But now I can't start teh server again (not in chroot just normal way) due to this error: httpd: Syntax error on line 115 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_security2.so into server: ld.so.1: ../bin/httpd: fatal: relocation error: file /usr/local/apache2/modules/mod_security2.so: symbol pdfp_output_filter: referenced symbol not found Any idea what is wrong now? Thanks, Igor --- On Fri, 8/7/09, ici...@ya... <ici...@ya...> wrote: > From: ici...@ya... <ici...@ya...> > Subject: Re: [mod-security-users] can't start apache with mod_security > To: "Brian Rectanus" <Bri...@br...> > Cc: "mod...@li..." <mod...@li...> > Date: Friday, August 7, 2009, 8:21 AM > Hi Brian, > > Well as I mentioned before I can't install the 2.5.9 > version. I get the following error: > > # /usr/local/apache2/bin/apxs -c -I > /usr/local/include/libxml2 -i -a mod_security2.c > /usr/local/apache2/build/libtool --silent --mode=compile > gcc -prefer-pic -DSOLARIS2=9 > -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT > -D_LARGEFILE64_SOURCE -g -O2 -pthreads > -I/usr/local/apache2/include > -I/usr/local/apache2/include -I/usr/local/apache2/include > -I/usr/local/include/libxml2 -c -o mod_security2.lo > mod_security2.c && touch mod_security2.slo > In file included from modsecurity.h:38, > > from mod_security2.c:24: > msc_pcre.h:24:18: pcre.h: No such file or directory > apxs:Error: Command failed with rc=65536 > > > I have tried with built in PCRE librarie in apache and also > with the PCRE librarie of the operating system (using > --with-pcre in configuration command) with same result. I > have the latest version of libxml2 installed 2.6.31 > > Cheers, > > Igor > > --- On Fri, 8/7/09, Brian Rectanus <Bri...@br...> > wrote: > > > From: Brian Rectanus <Bri...@br...> > > Subject: Re: [mod-security-users] can't start apache > with mod_security > > To: "ici...@ya..." > <ici...@ya...> > > Cc: "mod...@li..." > <mod...@li...> > > Date: Friday, August 7, 2009, 2:24 AM > > ModSecurity's lock file is created by > > the user running apache, not root > > (i.e. it is a per-request lock file). I cannot > really > > help w/chroot > > issues as these are really platform dependent. On > > solaris, truss is > > your friend ;) And again, I suggest you use > > ModSecurity 2.5. 1.9 is > > unsupported and very much out of date. > > > > -B > > > > ici...@ya... > > wrote: > > > Hi Brian, > > > > > > First thanks for the reply really appreciate it. > As I > > mentioned before, I have compiled and installed > apache > > 2.2.11 and after that I have installed mod_security > using > > apxs so the module was successfully included in the > apache > > lib directory and the necessary LoadModule line has > been > > appended to the httpd.conf file. > > > > > > Now, from the error I have sent I realized my > self > > that the problem is that the module can't create lock > file > > when I moved the server to chroot. And my question is > why? > > What am I missing in the chroot that prevents the > module to > > write on the disk in chroot? What is the lock file and > were > > is it being written by default? What should be the > > permitions then on the folder where the lock file > should be > > written? > > > > > > I need answer to this questions in order to fix > my > > problem. > > > > > > The whole apache directory is own by root and I > start > > the server from chroot as root, or any other user with > sudo > > privileges, and then the server drops to httpd user I > have > > created (for security reasons of course). > > > > > > Please tell me if you nedd any more info. > > > > > > Igor > > > > > > --- On Thu, 8/6/09, Brian Rectanus<Bri...@br...> > > wrote: > > > > > >> From: Brian Rectanus<Bri...@br...> > > >> Subject: Re: [mod-security-users] can't > start > > apache with mod_security > > >> To: "ici...@ya..."<ici...@ya...> > > >> Cc: "mod...@li..."<mod...@li...> > > >> Date: Thursday, August 6, 2009, 7:02 PM > > >> ici...@ya... > > >> wrote: > > >>> Hi all, > > >>> > > >>> I have apache2.2.11 built in chroot on > Solaris > > 9 but > > >> when trying to start the server I get the > > following > > >> complaint from mod_security: > > >>> (2)No such file or directory: > mod_security: > > Could not > > >> create modsec_auditlog_lock > > >>> The mod_security is 1.9.5 since the > newest > > one > > >> wouldn't install. Any idea what am I missing? > I > > thought > > >> might be problem with some of the device > missing. > > This is > > >> what I have in my dev file in chroot: > > >>> # ls -l /chroot/dev > > >>> total 0 > > >>> crw-rw-rw- 1 root > > >> other > > 13, 2 > > >> Aug 5 18:02 null > > >>> crw-r--r-- 1 root > > >> other > > 190, 0 Aug > > >> 5 18:03 random > > >>> crw-rw-rw- 1 root > > >> other > > 41, 0 > > >> Aug 5 17:27 udp > > >>> crw-r--r-- 1 root > > >> other > > 190, 1 Aug > > >> 5 18:03 urandom > > >>> crw-rw-rw- 1 root > > >> other > > 13, 12 > > >> Aug 5 18:02 zero > > >>> Thanks a lot for any help. > > >>> > > >> ModSecurity 1.9 is not supported anymore and > I > > suggest you > > >> do not bother with it unless you absolutely > have > > to use > > >> Apache 1.3.x. Use 2.5. > > >> > > >> This looks like a chroot issue to me and not > a > > mod_security > > >> issue. ModSecurity cannot create it's > lockfile > > under the > > >> chroot (probably does not have permissions to > do > > so or the > > >> directory does not exist, etc. Use truss > to > > start > > >> Apache to figure out more of what is going > on. > > >> > > >> Why don't you back up and explain in detail > what > > you have > > >> done and are trying to do (and possibly why > you > > are not > > >> using ModSecurity 2.5 - ie what issues you > had > > there). > > >> > > >> -B > > >> > > >> > > >> -- Brian Rectanus > > >> Breach Security > > >> > > > > > > > > > > > > > -- > > Brian Rectanus > > Breach Security > > > > > > |