Re: [Mod-security-developers] Compatibility with mod_ruid2
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Compatibility with mod_ruid2
|
From: Breno S. <bre...@gm...> - 2013-07-24 17:01:22
|
Ben, I can try it here. I already installed mod_ruid2. Could you please send me your mod_ruid2 config ? Then i can reproduce. Thanks On Wed, Jul 24, 2013 at 1:53 PM, Ben Empson <be...@ar...> wrote: > Hi Breno, OK thanks for that. FYI I’m on holiday from tomorrow until 12 > August, I don’t think I’ll get time to look at this before that. I will do > the update to 2.7.5 ASAP on my return.**** > > ** ** > > Thanks for your help, I’ll also feedback to the mod_ruid2 dev that you > already use ap_hook_log_transaction().**** > > ** ** > > *From:* Breno Silva [mailto:bre...@gm...] > *Sent:* 24 July 2013 18:48 > > *To:* mod-security-developers > *Subject:* Re: [Mod-security-developers] Compatibility with mod_ruid2**** > > ** ** > > Ben,**** > > ** ** > > Please download the 2.7.5 candidate tarball: > https://www.modsecurity.org/tarball/2.7.4/modsecurity-apache_2.7.5.tar.gz* > *** > > ** ** > > I will send you a code for testing.**** > > ** ** > > We already use ap_hook_log_transaction for logging phase. **** > > ** ** > > Thanks**** > > ** ** > > Breno**** > > ** ** > > On Wed, Jul 24, 2013 at 1:22 PM, Ben Empson <be...@ar...> wrote:**** > > Hi Breno, sorry, this is confusing. You seem to be referring to **my** > umask (I’m logging in as root). However, I’m using Apache with mod_ruid2, > mod_ruid2 changes the process owner in Apache for each request to the user > associated with the website account (in cPanel).**** > > **** > > As such, Apache is creating the audit log folders using the process > request owner, which could be a different user for each request. The > permissions are 755 because I believe that mod_ruid2 implements that > restriction – it’s by design.**** > > **** > > The mod_ruid2 developer tells me (here: > https://github.com/mind04/mod-ruid2/issues/1) that if mod_security were > to use the ap_hook_log_transaction() call in order to write the logs, then > by this point mod_ruid2 has returned the process owner to “nobody” and > therefore none of the current problems would apply, assuming that “nobody” > has write permissions to the audit log folders.**** > > **** > > According to the mod_ruid2 dev, mod_security is using some other mechanism > to write the logs, which is at a point in the pipeline where the process > still has the specific website account owner assigned, and it is this which > is causing the permissions problems.**** > > **** > > I don’t know if I’m barking up the wrong tree here, but this is what the > mod_ruid2 developer tells me.**** > > **** > > Regards, Ben**** > > **** > > **** > > *From:* Breno Silva [mailto:bre...@gm...] > *Sent:* 24 July 2013 18:06**** > > > *To:* mod-security-developers > *Subject:* Re: [Mod-security-developers] Compatibility with mod_ruid2**** > > **** > > Hello Ben,**** > > **** > > I was looking to your debug info : > https://www.atomicorp.com/forum/viewtopic.php?f=15&t=6932&sid=23c91691756075ec7fc5cfe86a6630d1 > **** > > **** > > And looks like you tried to change the file/dir permission using > SecAuditLogDirMode and SecAuditLogFileMode.**** > > However it is still being created as 755 permission. It could be related > to your umask**** > > **** > > So please try to change your umask in your /etc/profile then set above > directives as 0777. Start your apache again (make sure your umask has been > changed) and let us know what happens with your file/dir permission.**** > > **** > > Thanks**** > > **** > > Breno**** > > **** > > On Wed, Jul 24, 2013 at 12:05 PM, Ben Empson <be...@ar...> wrote:**** > > Hi Breno, sorry but I don’t understand what you mean by “You can try to > set it into /etc/profile ?”**** > > **** > > Also, I’m not clear on what you’re demonstrating with your example below. > Also in my setup logs are created by the first user which tries to log, > since that user creates the directory and has permissions on it. However > any subsequent users are unable to log to the same directory since they do > not have permissions.**** > > **** > > Regards, Ben**** > > **** > > *From:* Breno Silva [mailto:bre...@gm...] > *Sent:* 22 July 2013 14:08**** > > > *To:* mod-security-developers > *Subject:* Re: [Mod-security-developers] Compatibility with mod_ruid2**** > > **** > > Ben,**** > > **** > > You can try to set it into /etc/profile ?**** > > It works for me :**** > > **** > > root@ubuntu:/home/brenosilva# ls -lisa > /var/log/apache2/20130720/20130720-1140/20130720-114050-UerZscCoAGUAAFcXJFcAAAAe > **** > > 194655 4 -rwxrwxrwx 1 www-data www-data 3342 2013-07-22 11:40 > /var/log/apache2/20130722/20130722-1140/20130722-114050-UerZscCoAGUAAFcXJFcAAAAe > **** > > **** > > **** > > On Mon, Jul 22, 2013 at 12:07 AM, Ben Empson <be...@ar...> wrote:**** > > Hi Breno, **** > > **** > > I tried:**** > > SecAuditLogDirMode 0000 > SecAuditLogFileMode 0000**** > > But on Apache restart I got the following error: “ModSecurity: Invalid > value for SecAuditLogDirMode: 0000”. So I reset these 2 values to 0777.*** > * > > **** > > Then I went to /var/asl/data and did**** > > **** > > umask 0000**** > > **** > > However I’m still getting errors in the Apache log: “ModSecurity: Audit > log: Failed to create file: > /var/asl/data/audit0722/20130722-0756/20130722-075623-UezXl1nIjfEAAHYWJ@oAAAAK(Permission denied)” > **** > > **** > > Note that the first website to get an error in each minute creates the > audit folder and there are logs for that site. However any subsequent > requests for other websites (and therefore users) get the error above since > they don’t have write permissions, eg:**** > > **** > > drwxr-xr-x 2 use11 use11 4096 Jul 22 07:55 20130722-0755/**** > > drwxr-xr-x 2 use22 use22 4096 Jul 22 07:56 20130722-0756/**** > > **** > > Regards, Ben**** > > **** > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php**** > > **** > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php**** > > ** ** > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
