Re: [mod-security-users] @inspectFile script does not write to files
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] @inspectFile script does not write to files
|
From: Christian F. <chr...@ne...> - 2018-10-02 18:27:06
|
Hey Thorsten, I can't confirm. I'm getting the tmp file as expected. Do you have permissions restricting the www-data user from writing to /tmp? The next thing I would do is calling apache via $> strace httpd -X and then look for the write operation. (Did not do this myself, but I reckon is should be visible). Ahoj, Christian On Tue, Oct 02, 2018 at 08:05:29PM +0200, Thorsten Kampe wrote: > Hi, > > I have a script that inspects files for viruses (like in "Inspecting > Files" from https://www.feistyduck.com/library/modsecurity% > 2dhandbook%2dfree/online/ch04-logging.html). > > This script works fine - although any file that I want to write to or > create from this script is neither created nor modified. > > See this simple example script: > > ### > #! /usr/bin/env bash > > touch /tmp/MODSECURITY-WAS-HERE.txt > > printf '0 THREAD DETECTED\n' > ### > > This scripts denies all Uploads via Apache but no file "MODSECURITY- > WAS-HERE.txt" is created. > > This are the relevant lines from modsecurity.conf > ### (line break in line 2) > SecRuleEngine On > > SecTmpSaveUploadedFiles On > > SecRule FILES_TMPNAMES "@inspectFile /opt/sophos-av/runav.sh" > "id:'1',log,auditlog,deny,severity:2,phase:2,t:none" > ### > > This is mod-security 2.9.2 on Ubuntu 18.04. > > > Thorsten > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
