Re: [mod-security-users] can't seem to get notification working...

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sat, 3 Apr 2004, Jeremy Hansen wrote:

> On Sat, 3 Apr 2004, Jeremy Hansen wrote:
> 
> > On Sat, 3 Apr 2004, Ivan Ristic wrote:
> > 
> > > 
> > > > So I tried 1.7.6 and still, no message so I'm obviously doing something 
> > > > wrong in my config.  Any clues?
> > > 
> > >   Your script works for me without modification. One thing to try
> > >   would be to use absolute paths for all binares (hostname and mail).
> > > 
> > >   Are you using suexec on your web server? Look in the suexec log
> > >   if you are, there may be clues there.
> > 
> > So yes...this actually leads to something:
> > 
> > [2004-04-03 10:23:15]: error: invalid command 
> > (/usr/webservers/httpd/conf/report-attack.sh)
> > 
> > but I'm not sure exactly what it means by invalid command.
> 
> So looking at the code:
> 
>     if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3))
>         || (strstr(cmd, "/../") != NULL)) {
>         log_err("error: invalid command (%s)\n", cmd);
>         exit(104);
>     }
> 
> so, because the line starts with a /, suexec says it's an invalid command.  
> What's the work around for this?

So the only way I could get this to work is to comment the above code and 
recompile suexec.  Obviously this is probably a bad idea but I just did it 
to prove the point.

Any ideas on how to make this work without hacking suexec?

Also, are there environment varibles I can use to get more specific in my 
alers?

Thanks again

-jeremy

> Thanks
> -jeremy
> 
> > Thanks
> > -jeremy
> > 
> > 
> 
> 