mod-security-developers Mailing List for ModSecurity (Page 20)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Breno S. <bre...@gm...> - 2013-07-20 18:45:59
|
Hello Ben, Take a look how your umask is set. Maybe you need to change it to have the permission you want. Thanks Breno On Sat, Jul 20, 2013 at 11:04 AM, Ben Empson <be...@ar...> wrote: > Hi there, is there any chance of getting a response on this? This is a > critical issue for all users of mod_ruid2 and ModSecurity…**** > > ** ** > > Regards, Ben **** > > ** ** > > > ============================================================================== > **** > > ** ** > > = Array[x] =**** > > = professional technical outsourcing =**** > > = www.arrayx.co.uk = = be...@ar... =**** > > = t UK: +44 (0)20 8144 9102 = **** > > = t ES: +34 938 021 278 = **** > > = m ES: +34 667 065 397 =**** > > = Paseig Sant Joan 25 3-1, 08010, Barcelona, Spain =**** > > ** ** > > Array[x] and Profitable Web Projects are trademarks of Profitable Web > Projects SL of Passeig Sant Joan 25 3-1, 08010 Barcelona, Spain, which is > inscribed in the Mercantile Register of Barcelona; Tomo 40322, Folio 59, > Hoja B363676, Company registration number B64798101. This message may > contain information that is legally privileged, confidential or exempt from > disclosure. If you are not an intended recipient or an employee or agent > responsible for delivering this message to an intended recipient, please > notify us immediately and permanently destroy this message and any copies > you may have. Any dissemination or copying of this message by anyone other > than the intended recipient is strictly prohibited. Prices exclude taxes > and are valid for one month unless otherwise stated.**** > > ** ** > > *From:* Ben Empson > *Sent:* 10 July 2013 18:09 > *To:* 'mod...@li...' > *Subject:* Compatibility with mod_ruid2**** > > ** ** > > Hi there, I'm running mod_ruid 0.9.7 on Apache 2.2 with ModSecurity 2.7.3 > and the GotRoot/Atomicorp delayed ruleset, all on cPanel 11.38. I am unable > to get ModSecurity to successfully log it's activities since mod_ruid is > causing audit directories and logs to be created with the username of the > running process, and more importantly with permissions for that user only, > overriding a specific setting in the ModSecurity conf to create audit > folders and logs to be created world-writable.**** > > ** ** > > I have documented my setup here: > https://www.atomicorp.com/forum/viewtopic.php?f=15&t=6932&sid=23c91691756075ec7fc5cfe86a6630d1 > **** > > ** ** > > I also posted this to the mod_ruid2 forums: > https://github.com/mind04/mod-ruid2/issues/1**** > > ** ** > > One of the mod_ruid2 developers has suggested that ModSecurity should be > using the special ap_hook_log_transaction() hook which would mean in my > configuration that ModSecurity would try to write it’s audit logs as > nobody, which would not cause permissions issues.**** > > ** ** > > I did follow the suggestion of the developer in terms of “Maybe you can > work around the problem if you make the log directory group writable for > apache and add apache to R_Groups for every user.” but this did not fix the > problem since new log folders are still created without group write > permissions.**** > > ** ** > > It seems as though the only possible fix is that ModSecurity uses the > ap_hook_log_transaction() hook. It is certain that I’m not the only person > suffering this problem: > http://www.google.co.uk/search?q=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&{google:acceptedSuggestion}oq=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&sourceid=chrome&ie=UTF-8<http://www.google.co.uk/search?q=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&%7bgoogle:acceptedSuggestion%7doq=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&sourceid=chrome&ie=UTF-8> > **** > > ** ** > > Is there any chance of this getting fixed / changed?**** > > ** ** > > Regards, Ben**** > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Ben E. <be...@ar...> - 2013-07-20 14:19:27
|
Hi there, is there any chance of getting a response on this? This is a critical issue for all users of mod_ruid2 and ModSecurity... Regards, Ben ============================================================================== = Array[x] = = professional technical outsourcing = = www.arrayx.co.uk<http://www.arrayx.co.uk/> = = be...@ar...<mailto:be...@ar...> = = t UK: +44 (0)20 8144 9102 = = t ES: +34 938 021 278 = = m ES: +34 667 065 397 = = Paseig Sant Joan 25 3-1, 08010, Barcelona, Spain = Array[x] and Profitable Web Projects are trademarks of Profitable Web Projects SL of Passeig Sant Joan 25 3-1, 08010 Barcelona, Spain, which is inscribed in the Mercantile Register of Barcelona; Tomo 40322, Folio 59, Hoja B363676, Company registration number B64798101. This message may contain information that is legally privileged, confidential or exempt from disclosure. If you are not an intended recipient or an employee or agent responsible for delivering this message to an intended recipient, please notify us immediately and permanently destroy this message and any copies you may have. Any dissemination or copying of this message by anyone other than the intended recipient is strictly prohibited. Prices exclude taxes and are valid for one month unless otherwise stated. From: Ben Empson Sent: 10 July 2013 18:09 To: 'mod...@li...' Subject: Compatibility with mod_ruid2 Hi there, I'm running mod_ruid 0.9.7 on Apache 2.2 with ModSecurity 2.7.3 and the GotRoot/Atomicorp delayed ruleset, all on cPanel 11.38. I am unable to get ModSecurity to successfully log it's activities since mod_ruid is causing audit directories and logs to be created with the username of the running process, and more importantly with permissions for that user only, overriding a specific setting in the ModSecurity conf to create audit folders and logs to be created world-writable. I have documented my setup here: https://www.atomicorp.com/forum/viewtopic.php?f=15&t=6932&sid=23c91691756075ec7fc5cfe86a6630d1 I also posted this to the mod_ruid2 forums: https://github.com/mind04/mod-ruid2/issues/1 One of the mod_ruid2 developers has suggested that ModSecurity should be using the special ap_hook_log_transaction() hook which would mean in my configuration that ModSecurity would try to write it's audit logs as nobody, which would not cause permissions issues. I did follow the suggestion of the developer in terms of "Maybe you can work around the problem if you make the log directory group writable for apache and add apache to R_Groups for every user." but this did not fix the problem since new log folders are still created without group write permissions. It seems as though the only possible fix is that ModSecurity uses the ap_hook_log_transaction() hook. It is certain that I'm not the only person suffering this problem: http://www.google.co.uk/search?q=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&{google:acceptedSuggestion}oq=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&sourceid=chrome&ie=UTF-8<http://www.google.co.uk/search?q=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&%7bgoogle:acceptedSuggestion%7doq=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&sourceid=chrome&ie=UTF-8> Is there any chance of this getting fixed / changed? Regards, Ben |
|
From: Ian W. <per...@gm...> - 2013-07-18 21:02:22
|
On Thu, Jul 18, 2013 at 4:25 PM, Breno Silva <bre...@gm...> wrote: > Do you have multiple apache versions in this box ? If so.. make sure you ara > using the right apache version devel tools and code. > > For some reason i think mod_security is using apache 2.3 or 2.4 files. > > Thanks > I had only 2.4 installed, and ModSecurity 2.7.4 compiled fine but 2.7.5 would not compile. I just tried uninstalling Apache 2.4 entirely and installing Apache 2.2; now 2.7.5 compiles correctly. Thanks, Ian |
|
From: Breno S. <bre...@gm...> - 2013-07-18 20:25:26
|
Do you have multiple apache versions in this box ? If so.. make sure you ara using the right apache version devel tools and code. For some reason i think mod_security is using apache 2.3 or 2.4 files. Thanks On Thu, Jul 18, 2013 at 5:17 PM, Ian Webb <per...@gm...> wrote: > On Thu, Jul 18, 2013 at 3:29 PM, Breno Silva <bre...@gm...> > wrote: > > Right. I tested it in my Ubuntu (mod_security 2.7.5 + nginx 1.5.2) and > all > > compiled fine. Maybe some issue related to CentOS ? > > > > Did you run "make install" after ./configure --enable-standalone-module > ? > > > > Thanks > > > > Breno > > > > That got me a lot closer to compiled. Now it still errors, but at the > very last part of the build: > > cc -o objs/nginx \ > objs/src/core/nginx.o \ > objs/src/core/ngx_log.o \ > objs/src/core/ngx_palloc.o \ > objs/src/core/ngx_array.o \ > <bunch more modules> > objs/src/http/modules/ngx_http_upstream_keepalive_module.o \ > objs/src/http/modules/ngx_http_stub_status_module.o \ > objs/addon/modsecurity/ngx_http_modsecurity.o \ > objs/addon/modsecurity/apr_bucket_nginx.o \ > objs/addon/modsecurity/ngx_pool_context.o \ > objs/ngx_modules.o \ > -lpthread -lcrypt > > /root/modsecurity-apache_2.7.5/nginx/modsecurity/../../standalone/.libs/standalone.a > -L/usr/lib64 -lapr-1 -L/usr/lib64 -laprutil-1 -L/usr/local/lib -lpcre > -lxml2 -lz -lm -llua -lm -ldl /root/pcre-8.33/.libs/libpcre.a > /root/openssl-1.0.1e/.openssl/lib/libssl.a > /root/openssl-1.0.1e/.openssl/lib/libcrypto.a -ldl -lz > > /root/modsecurity-apache_2.7.5/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-modsecurity.o): > In function `modsecurity_init': > /root/modsecurity-apache_2.7.5/standalone/../apache2/modsecurity.c:131: > undefined reference to `ap_unixd_set_global_mutex_perms' > /root/modsecurity-apache_2.7.5/standalone/../apache2/modsecurity.c:149: > undefined reference to `ap_unixd_set_global_mutex_perms' > collect2: ld returned 1 exit status > make[1]: *** [objs/nginx] Error 1 > make[1]: Leaving directory `/root/nginx-1.5.2' > make: *** [build] Error 2 > > I've confirmed that 2.7.4 still builds fine on this machine, so the > libraries and dependencies are all present. > > Thanks, > Ian > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Ian W. <per...@gm...> - 2013-07-18 20:18:22
|
On Thu, Jul 18, 2013 at 3:29 PM, Breno Silva <bre...@gm...> wrote:
> Right. I tested it in my Ubuntu (mod_security 2.7.5 + nginx 1.5.2) and all
> compiled fine. Maybe some issue related to CentOS ?
>
> Did you run "make install" after ./configure --enable-standalone-module ?
>
> Thanks
>
> Breno
>
That got me a lot closer to compiled. Now it still errors, but at the
very last part of the build:
cc -o objs/nginx \
objs/src/core/nginx.o \
objs/src/core/ngx_log.o \
objs/src/core/ngx_palloc.o \
objs/src/core/ngx_array.o \
<bunch more modules>
objs/src/http/modules/ngx_http_upstream_keepalive_module.o \
objs/src/http/modules/ngx_http_stub_status_module.o \
objs/addon/modsecurity/ngx_http_modsecurity.o \
objs/addon/modsecurity/apr_bucket_nginx.o \
objs/addon/modsecurity/ngx_pool_context.o \
objs/ngx_modules.o \
-lpthread -lcrypt
/root/modsecurity-apache_2.7.5/nginx/modsecurity/../../standalone/.libs/standalone.a
-L/usr/lib64 -lapr-1 -L/usr/lib64 -laprutil-1 -L/usr/local/lib -lpcre
-lxml2 -lz -lm -llua -lm -ldl /root/pcre-8.33/.libs/libpcre.a
/root/openssl-1.0.1e/.openssl/lib/libssl.a
/root/openssl-1.0.1e/.openssl/lib/libcrypto.a -ldl -lz
/root/modsecurity-apache_2.7.5/nginx/modsecurity/../../standalone/.libs/standalone.a(standalone_la-modsecurity.o):
In function `modsecurity_init':
/root/modsecurity-apache_2.7.5/standalone/../apache2/modsecurity.c:131:
undefined reference to `ap_unixd_set_global_mutex_perms'
/root/modsecurity-apache_2.7.5/standalone/../apache2/modsecurity.c:149:
undefined reference to `ap_unixd_set_global_mutex_perms'
collect2: ld returned 1 exit status
make[1]: *** [objs/nginx] Error 1
make[1]: Leaving directory `/root/nginx-1.5.2'
make: *** [build] Error 2
I've confirmed that 2.7.4 still builds fine on this machine, so the
libraries and dependencies are all present.
Thanks,
Ian
|
|
From: Breno S. <bre...@gm...> - 2013-07-18 19:55:30
|
Just tested with my CentOS 5.3 and looks OK. I will need to build a CentOS 6.4 and try. Breno On Thu, Jul 18, 2013 at 4:29 PM, Breno Silva <bre...@gm...> wrote: > Right. I tested it in my Ubuntu (mod_security 2.7.5 + nginx 1.5.2) and all > compiled fine. Maybe some issue related to CentOS ? > > Did you run "make install" after ./configure --enable-standalone-module ? > > Thanks > > Breno > > > On Thu, Jul 18, 2013 at 4:19 PM, Ian Webb <per...@gm...> wrote: > >> Hi, >> >> (Attempting to reply to a thread from before I joined the list, >> apologies if this doesn't thread correctly) >> >> I grabbed your latest tarball of 2.7.5 RC and it compiles and passes >> all unit tests for me on CentOS 6.4. However, when I compile the Nginx >> module with --enable-standalone-module, Nginx compilation with the >> module fails. Make in the modsecurity directory works fine, as does >> Nginx make with including the ModSecurity 2.7.4 module. But when I >> include the 2.7.5 module I get this: >> >> >> <many lines snipped> >> >> /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c: >> In function ‘ngx_http_modsecurity_cleanup’: >> >> >> /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1376: >> error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ >> >> >> /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1377: >> error: implicit declaration of function ‘modsecFinishRequest’ >> >> >> /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1377: >> error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ >> >> /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c: >> At top level: >> >> >> /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1434: >> error: expected ‘)’ before ‘*’ token >> >> make[1]: *** [objs/addon/modsecurity/ngx_http_modsecurity.o] Error 1 >> >> make[1]: Leaving directory `/root/nginx-1.5.2' >> >> make: *** [build] Error 2 >> >> >> I am using this configure for modsecurity: ./configure >> --enable-standalone-module --enable-pcre-jit --with-pcre=../pcre-8.33 >> >> >> And this configure for Nginx 1.5.2: ./configure --with-debug >> --with-ipv6 --with-http_ssl_module --with-http_spdy_module >> --with-http_realip_module --with-http_stub_status_module >> --with-pcre=/root/pcre-8.33 --with-pcre-jit >> --with-openssl=/root/openssl-1.0.1e >> --add-module=/root/modsecurity-apache_2.7.4/nginx/modsecurity >> >> >> Thanks, >> >> Ian >> >> >> ------------------------------------------------------------------------------ >> See everything from the browser to the database with AppDynamics >> Get end-to-end visibility with application monitoring from AppDynamics >> Isolate bottlenecks and diagnose root cause in seconds. >> Start your free trial of AppDynamics Pro today! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
|
From: Breno S. <bre...@gm...> - 2013-07-18 19:29:44
|
Right. I tested it in my Ubuntu (mod_security 2.7.5 + nginx 1.5.2) and all compiled fine. Maybe some issue related to CentOS ? Did you run "make install" after ./configure --enable-standalone-module ? Thanks Breno On Thu, Jul 18, 2013 at 4:19 PM, Ian Webb <per...@gm...> wrote: > Hi, > > (Attempting to reply to a thread from before I joined the list, > apologies if this doesn't thread correctly) > > I grabbed your latest tarball of 2.7.5 RC and it compiles and passes > all unit tests for me on CentOS 6.4. However, when I compile the Nginx > module with --enable-standalone-module, Nginx compilation with the > module fails. Make in the modsecurity directory works fine, as does > Nginx make with including the ModSecurity 2.7.4 module. But when I > include the 2.7.5 module I get this: > > > <many lines snipped> > > /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c: > In function ‘ngx_http_modsecurity_cleanup’: > > > /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1376: > error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ > > > /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1377: > error: implicit declaration of function ‘modsecFinishRequest’ > > > /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1377: > error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ > > /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c: > At top level: > > > /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1434: > error: expected ‘)’ before ‘*’ token > > make[1]: *** [objs/addon/modsecurity/ngx_http_modsecurity.o] Error 1 > > make[1]: Leaving directory `/root/nginx-1.5.2' > > make: *** [build] Error 2 > > > I am using this configure for modsecurity: ./configure > --enable-standalone-module --enable-pcre-jit --with-pcre=../pcre-8.33 > > > And this configure for Nginx 1.5.2: ./configure --with-debug > --with-ipv6 --with-http_ssl_module --with-http_spdy_module > --with-http_realip_module --with-http_stub_status_module > --with-pcre=/root/pcre-8.33 --with-pcre-jit > --with-openssl=/root/openssl-1.0.1e > --add-module=/root/modsecurity-apache_2.7.4/nginx/modsecurity > > > Thanks, > > Ian > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Ian W. <per...@gm...> - 2013-07-18 19:19:33
|
Hi, (Attempting to reply to a thread from before I joined the list, apologies if this doesn't thread correctly) I grabbed your latest tarball of 2.7.5 RC and it compiles and passes all unit tests for me on CentOS 6.4. However, when I compile the Nginx module with --enable-standalone-module, Nginx compilation with the module fails. Make in the modsecurity directory works fine, as does Nginx make with including the ModSecurity 2.7.4 module. But when I include the 2.7.5 module I get this: <many lines snipped> /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c: In function ‘ngx_http_modsecurity_cleanup’: /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1376: error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1377: error: implicit declaration of function ‘modsecFinishRequest’ /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1377: error: ‘ngx_http_modsecurity_ctx_t’ has no member named ‘req’ /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c: At top level: /root/modsecurity-apache_2.7.5/nginx/modsecurity/ngx_http_modsecurity.c:1434: error: expected ‘)’ before ‘*’ token make[1]: *** [objs/addon/modsecurity/ngx_http_modsecurity.o] Error 1 make[1]: Leaving directory `/root/nginx-1.5.2' make: *** [build] Error 2 I am using this configure for modsecurity: ./configure --enable-standalone-module --enable-pcre-jit --with-pcre=../pcre-8.33 And this configure for Nginx 1.5.2: ./configure --with-debug --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_stub_status_module --with-pcre=/root/pcre-8.33 --with-pcre-jit --with-openssl=/root/openssl-1.0.1e --add-module=/root/modsecurity-apache_2.7.4/nginx/modsecurity Thanks, Ian |
|
From: Breno S. <bre...@gm...> - 2013-07-18 15:22:35
|
Hello guys, I updated the code with some fixes. Then created a tarball for testing. Hope those are the latest modifications: https://www.modsecurity.org/tarball/2.7.5/modsecurity-apache_2.7.5.tar.gz Let me known your feedback. Thanks Breno On Tue, Jul 16, 2013 at 5:52 PM, Christian Folini < chr...@ti...> wrote: > You rock, Rainer. > > And you hit the nail on the head: > > $> dpkg -l | grep perl > ... > ii perl 5.14.2-6ubuntu2.3 ... > ... > > Cheers, > > Christian > > > On Tue, Jul 16, 2013 at 10:15:31PM +0200, Rainer Jung wrote: > > On 16.07.2013 21:05, Christian Folini wrote: > > > Hello Rainer, > > > > > > On Tue, Jul 16, 2013 at 01:05:08PM +0200, Rainer Jung wrote: > > >> Hi Christian, > > >> > > >> I think when running the unit tests via "make test" you should add > > >> -DMSC_TEST to CFLAGS. That flag comments all httpd calls and produces > > >> standalone binaries. > > > > > > Thanks for the info. True, it's mentioned in the reference guide. > > > It's just that I used outdated documentation. > > > > > > Here we have the culprit: > > > $> make CFLAGS=-DMSC_TEST test > > > ... > > > Loaded 8 tests from ./op/rx.t > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > 2) op "rx": passed > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.) > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.) > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.) > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.) > > > 7) op "rx": passed > > > ERROR: Failed to create rule for op "rx": Error creating rule: Error > compiling pattern (offset 2): unrecognized character after (? or (?- > > > Test exited with signal 11. > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1" > > > 8) op "rx": failed > > > Passed: 7; Failed: 1 > > > ... > > > 576/577 tests passed. > > > FAIL: run-unit-tests.pl > > > ======================================== > > > 1 of 1 test failed > > > Please report to su...@mo... > > > ======================================== > > > make[2]: *** [check-TESTS] Error 1 > > > make[2]: Leaving directory > `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests' > > > make[1]: *** [check-am] Error 2 > > > make[1]: Leaving directory > `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests' > > > make: *** [check-recursive] Error 1 > > > > I was curious why this didn't fail for me. I vaguely remember other > > users had reported the same problem before. So here's what I think is > > the explanation: > > > > The original pattern in the unit test is in op/rx.t: > > > > qr/^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$/i > > > > The pattern is read by the perl script run-unit-tests.pl. Before Perl > > 5.14 the qr was converted to: > > > > (?i-xsm:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) > > > > Starting with Perl 5.14 there's a new syntax and the pattern results in > > > > (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) > > > > (See e.g. http://perldoc.perl.org/perlre.html#Extended-Patterns, there > > look for "Starting in Perl 5.14"). > > > > Now the unit tests feed the internal representation to the compiled > > msc_test binary, which calls the PCRE library to handle the regexp. > > Unfortunately the PCRE library only accepts the old way of expressing > > this pattern, not the new ?^ syntax. > > > > So if you run the unit tests with a Perl before 5.14 they succeed, with > > a newer Perl they fail, because a Perl pre-compiled pattern might no > > longer be compatible with PCRE (despite what PCRE means). > > > > I didn't find a bug report for the missing ?^ syntax in the PCRE bug > > tracker, but "?^" is not the best token to start a search with. > > > > Regards, > > > > Rainer > > > > > ------------------------------------------------------------------------------ > > See everything from the browser to the database with AppDynamics > > Get end-to-end visibility with application monitoring from AppDynamics > > Isolate bottlenecks and diagnose root cause in seconds. > > Start your free trial of AppDynamics Pro today! > > > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Christian F. <chr...@ti...> - 2013-07-16 20:52:35
|
You rock, Rainer.
And you hit the nail on the head:
$> dpkg -l | grep perl
...
ii perl 5.14.2-6ubuntu2.3 ...
...
Cheers,
Christian
On Tue, Jul 16, 2013 at 10:15:31PM +0200, Rainer Jung wrote:
> On 16.07.2013 21:05, Christian Folini wrote:
> > Hello Rainer,
> >
> > On Tue, Jul 16, 2013 at 01:05:08PM +0200, Rainer Jung wrote:
> >> Hi Christian,
> >>
> >> I think when running the unit tests via "make test" you should add
> >> -DMSC_TEST to CFLAGS. That flag comments all httpd calls and produces
> >> standalone binaries.
> >
> > Thanks for the info. True, it's mentioned in the reference guide.
> > It's just that I used outdated documentation.
> >
> > Here we have the culprit:
> > $> make CFLAGS=-DMSC_TEST test
> > ...
> > Loaded 8 tests from ./op/rx.t
> > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > 2) op "rx": passed
> > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> > 7) op "rx": passed
> > ERROR: Failed to create rule for op "rx": Error creating rule: Error compiling pattern (offset 2): unrecognized character after (? or (?-
> > Test exited with signal 11.
> > Executed: ./msc_test "-t" "op" "-n" "rx" "-p" "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
> > 8) op "rx": failed
> > Passed: 7; Failed: 1
> > ...
> > 576/577 tests passed.
> > FAIL: run-unit-tests.pl
> > ========================================
> > 1 of 1 test failed
> > Please report to su...@mo...
> > ========================================
> > make[2]: *** [check-TESTS] Error 1
> > make[2]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests'
> > make[1]: *** [check-am] Error 2
> > make[1]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests'
> > make: *** [check-recursive] Error 1
>
> I was curious why this didn't fail for me. I vaguely remember other
> users had reported the same problem before. So here's what I think is
> the explanation:
>
> The original pattern in the unit test is in op/rx.t:
>
> qr/^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$/i
>
> The pattern is read by the perl script run-unit-tests.pl. Before Perl
> 5.14 the qr was converted to:
>
> (?i-xsm:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
>
> Starting with Perl 5.14 there's a new syntax and the pattern results in
>
> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
>
> (See e.g. http://perldoc.perl.org/perlre.html#Extended-Patterns, there
> look for "Starting in Perl 5.14").
>
> Now the unit tests feed the internal representation to the compiled
> msc_test binary, which calls the PCRE library to handle the regexp.
> Unfortunately the PCRE library only accepts the old way of expressing
> this pattern, not the new ?^ syntax.
>
> So if you run the unit tests with a Perl before 5.14 they succeed, with
> a newer Perl they fail, because a Perl pre-compiled pattern might no
> longer be compatible with PCRE (despite what PCRE means).
>
> I didn't find a bug report for the missing ?^ syntax in the PCRE bug
> tracker, but "?^" is not the best token to start a search with.
>
> Regards,
>
> Rainer
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
|
|
From: Breno S. <bre...@gm...> - 2013-07-16 20:17:59
|
I will update this rx test
Thanks
Breno
On Tue, Jul 16, 2013 at 5:15 PM, Rainer Jung <rai...@ki...>wrote:
> On 16.07.2013 21:05, Christian Folini wrote:
> > Hello Rainer,
> >
> > On Tue, Jul 16, 2013 at 01:05:08PM +0200, Rainer Jung wrote:
> >> Hi Christian,
> >>
> >> I think when running the unit tests via "make test" you should add
> >> -DMSC_TEST to CFLAGS. That flag comments all httpd calls and produces
> >> standalone binaries.
> >
> > Thanks for the info. True, it's mentioned in the reference guide.
> > It's just that I used outdated documentation.
> >
> > Here we have the culprit:
> > $> make CFLAGS=-DMSC_TEST test
> > ...
> > Loaded 8 tests from ./op/rx.t
> > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > 2) op "rx": passed
> > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> > 7) op "rx": passed
> > ERROR: Failed to create rule for op "rx": Error creating rule: Error
> compiling pattern (offset 2): unrecognized character after (? or (?-
> > Test exited with signal 11.
> > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
> > 8) op "rx": failed
> > Passed: 7; Failed: 1
> > ...
> > 576/577 tests passed.
> > FAIL: run-unit-tests.pl
> > ========================================
> > 1 of 1 test failed
> > Please report to su...@mo...
> > ========================================
> > make[2]: *** [check-TESTS] Error 1
> > make[2]: Leaving directory
> `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests'
> > make[1]: *** [check-am] Error 2
> > make[1]: Leaving directory
> `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests'
> > make: *** [check-recursive] Error 1
>
> I was curious why this didn't fail for me. I vaguely remember other
> users had reported the same problem before. So here's what I think is
> the explanation:
>
> The original pattern in the unit test is in op/rx.t:
>
> qr/^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$/i
>
> The pattern is read by the perl script run-unit-tests.pl. Before Perl
> 5.14 the qr was converted to:
>
> (?i-xsm:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
>
> Starting with Perl 5.14 there's a new syntax and the pattern results in
>
> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
>
> (See e.g. http://perldoc.perl.org/perlre.html#Extended-Patterns, there
> look for "Starting in Perl 5.14").
>
> Now the unit tests feed the internal representation to the compiled
> msc_test binary, which calls the PCRE library to handle the regexp.
> Unfortunately the PCRE library only accepts the old way of expressing
> this pattern, not the new ?^ syntax.
>
> So if you run the unit tests with a Perl before 5.14 they succeed, with
> a newer Perl they fail, because a Perl pre-compiled pattern might no
> longer be compatible with PCRE (despite what PCRE means).
>
> I didn't find a bug report for the missing ?^ syntax in the PCRE bug
> tracker, but "?^" is not the best token to start a search with.
>
> Regards,
>
> Rainer
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>
|
|
From: Rainer J. <rai...@ki...> - 2013-07-16 20:15:42
|
On 16.07.2013 21:05, Christian Folini wrote:
> Hello Rainer,
>
> On Tue, Jul 16, 2013 at 01:05:08PM +0200, Rainer Jung wrote:
>> Hi Christian,
>>
>> I think when running the unit tests via "make test" you should add
>> -DMSC_TEST to CFLAGS. That flag comments all httpd calls and produces
>> standalone binaries.
>
> Thanks for the info. True, it's mentioned in the reference guide.
> It's just that I used outdated documentation.
>
> Here we have the culprit:
> $> make CFLAGS=-DMSC_TEST test
> ...
> Loaded 8 tests from ./op/rx.t
> 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> 2) op "rx": passed
> 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> 7) op "rx": passed
> ERROR: Failed to create rule for op "rx": Error creating rule: Error compiling pattern (offset 2): unrecognized character after (? or (?-
> Test exited with signal 11.
> Executed: ./msc_test "-t" "op" "-n" "rx" "-p" "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
> 8) op "rx": failed
> Passed: 7; Failed: 1
> ...
> 576/577 tests passed.
> FAIL: run-unit-tests.pl
> ========================================
> 1 of 1 test failed
> Please report to su...@mo...
> ========================================
> make[2]: *** [check-TESTS] Error 1
> make[2]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests'
> make[1]: *** [check-am] Error 2
> make[1]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests'
> make: *** [check-recursive] Error 1
I was curious why this didn't fail for me. I vaguely remember other
users had reported the same problem before. So here's what I think is
the explanation:
The original pattern in the unit test is in op/rx.t:
qr/^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$/i
The pattern is read by the perl script run-unit-tests.pl. Before Perl
5.14 the qr was converted to:
(?i-xsm:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
Starting with Perl 5.14 there's a new syntax and the pattern results in
(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
(See e.g. http://perldoc.perl.org/perlre.html#Extended-Patterns, there
look for "Starting in Perl 5.14").
Now the unit tests feed the internal representation to the compiled
msc_test binary, which calls the PCRE library to handle the regexp.
Unfortunately the PCRE library only accepts the old way of expressing
this pattern, not the new ?^ syntax.
So if you run the unit tests with a Perl before 5.14 they succeed, with
a newer Perl they fail, because a Perl pre-compiled pattern might no
longer be compatible with PCRE (despite what PCRE means).
I didn't find a bug report for the missing ?^ syntax in the PCRE bug
tracker, but "?^" is not the best token to start a search with.
Regards,
Rainer
|
|
From: Christian F. <chr...@ti...> - 2013-07-16 19:05:54
|
Hello Rainer,
On Tue, Jul 16, 2013 at 01:05:08PM +0200, Rainer Jung wrote:
> Hi Christian,
>
> I think when running the unit tests via "make test" you should add
> -DMSC_TEST to CFLAGS. That flag comments all httpd calls and produces
> standalone binaries.
Thanks for the info. True, it's mentioned in the reference guide.
It's just that I used outdated documentation.
Here we have the culprit:
$> make CFLAGS=-DMSC_TEST test
...
Loaded 8 tests from ./op/rx.t
1) op "rx": passed (Pattern match "" at UNIT_TEST.)
2) op "rx": passed
3) op "rx": passed (Pattern match "" at UNIT_TEST.)
4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
7) op "rx": passed
ERROR: Failed to create rule for op "rx": Error creating rule: Error compiling pattern (offset 2): unrecognized character after (? or (?-
Test exited with signal 11.
Executed: ./msc_test "-t" "op" "-n" "rx" "-p" "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
8) op "rx": failed
Passed: 7; Failed: 1
...
576/577 tests passed.
FAIL: run-unit-tests.pl
========================================
1 of 1 test failed
Please report to su...@mo...
========================================
make[2]: *** [check-TESTS] Error 1
make[2]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests'
make[1]: *** [check-am] Error 2
make[1]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests'
make: *** [check-recursive] Error 1
Cheers,
Christian
--
You cannot force ideas. Successful ideas are the result of slow
growth. Ideas do not reach perfection in a day, no matter how much
study is put upon them.
--- Alexander Graham Bell
|
|
From: Rainer J. <rai...@ki...> - 2013-07-16 11:05:21
|
On 16.07.2013 10:55, Christian Folini wrote: > Hi there, > > On Fri, Jul 12, 2013 at 10:38:06PM -0300, Breno Silva wrote: >> We are planning to release ModSecurity 2.7.5 next week. I would like to ask >> you guys to help us testing it. >> >> To get it please access : >> https://github.com/SpiderLabs/ModSecurity/tree/remotes/2.7.x > > Compiles just fine on Ubuntu 12.04 LTS. > Linux Kernel 3.2.0 > CPU: Intel(R) Atom(TM) CPU D2700 @ 2.13GHz > Apache: 2.2.25 > > However, make test bails out with the following info: > > ... > libtool: link: gcc -I/opt/apache-2.2.25/include -I/opt/apache-2.2.25/include -I/opt/apache-2.2.25/include -I/usr/include/libxml2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -g -O2 -o msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o msc_test-re_actions.o msc_test-re_tfns.o msc_test-re_variables.o msc_test-msc_logging.o msc_test-msc_xml.o msc_test-msc_multipart.o msc_test-modsecurity.o msc_test-msc_parsers.o msc_test-msc_util.o msc_test-msc_pcre.o msc_test-msc_unicode.o msc_test-persist_dbm.o msc_test-msc_reqbody.o msc_test-msc_crypt.o msc_test-msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o msc_test-acmp.o msc_test-msc_lua.o msc_test-msc_release.o msc_test-libinjection_sqli.o -lrt -lcrypt -lpthread -ldl /usr/lib/x86_64-linux-gnu/libexpat.so /opt/apache-2.2.25/lib/libapr-1.so /opt/apache-2.2.25/lib/libaprutil-1.so -L/usr/lib/x86_64-linux-gnu -lpcre /usr/lib/x86_64-linux-gnu/libxml2.so -pthread ! -Wl,-rpa th -Wl,/opt/apache-2.2.25/lib -Wl,-rpath -Wl,/opt/apache-2.2.25/lib > msc_test-re.o: In function `update_rule_target_ex': > /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:366: undefined reference to `ap_log_error' > /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:436: undefined reference to `ap_log_error' > /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:311: undefined reference to `ap_log_error' > /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:486: undefined reference to `ap_log_error' > /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:377: undefined reference to `ap_log_error' > msc_test-re.o:/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:356: more undefined references to `ap_log_error' follow > msc_test-re_operators.o: In function `msre_op_rsub_execute': > /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re_operators.c:624: undefined reference to `ap_regexec' > /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re_operators.c:589: undefined reference to `ap_pregcomp' > msc_test-re_operators.o: In function `msre_op_rsub_param_init': > /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re_operators.c:516: undefined reference to `ap_pregcomp' > collect2: ld returned 1 exit status > make[2]: *** [msc_test] Error 1 > make[2]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests' > make[1]: *** [check-am] Error 2 > make[1]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests' > make: *** [check-recursive] Error 1 Hi Christian, I think when running the unit tests via "make test" you should add -DMSC_TEST to CFLAGS. That flag comments all httpd calls and produces standalone binaries. Regards, Rainer |
|
From: Rainer J. <rai...@ki...> - 2013-07-16 10:03:05
|
Hi breno, On 13.07.2013 03:38, Breno Silva wrote: > Hello people, > > We are planning to release ModSecurity 2.7.5 next week. I would like to > ask you guys to help us testing it. > > To get it please access : > https://github.com/SpiderLabs/ModSecurity/tree/remotes/2.7.x > > I'm planning to start the build process on Wed if we don't have any > feedback. If you really want to get quality feedback, I think you should provide an RC tarball. Otherwise people will have to run the autogen.sh script using locally installed auto tools and you get to much uncontrolled variation for the test results. Note that autogen.sh produces some warnings here (see below). Test report: - platform Solaris 10 Sparc, 32 bit build - gcc 4.8.1 - httpd 2.4.4 - pcre 8.32 - libxml2 2.9.0 - build succeeds - "make test" with -DMSC_TEST in CFLAGS produces no failure - no functional tests done autogen.sh output: libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `build'. libtoolize: copying file `build/ltmain.sh' libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `build'. libtoolize: copying file `build/libtool.m4' libtoolize: copying file `build/ltoptions.m4' libtoolize: copying file `build/ltsugar.m4' libtoolize: copying file `build/ltversion.m4' libtoolize: copying file `build/lt~obsolete.m4' configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level mlogc/Makefile.am:3: warning: compiling 'mlogc.c' with per-target flags requires 'AM_PROG_CC_C_O' in 'configure.ac' standalone/Makefile.am:75: warning: whitespace following trailing backslash configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level mlogc/Makefile.am:3: warning: compiling 'mlogc.c' with per-target flags requires 'AM_PROG_CC_C_O' in 'configure.ac' standalone/Makefile.am:75: warning: whitespace following trailing backslash configure.ac:695: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd build/find_lua.m4:7: CHECK_LUA is expanded from... configure.ac:695: the top level Regards, Rainer |
|
From: Christian F. <chr...@ti...> - 2013-07-16 08:55:38
|
Hi there, On Fri, Jul 12, 2013 at 10:38:06PM -0300, Breno Silva wrote: > We are planning to release ModSecurity 2.7.5 next week. I would like to ask > you guys to help us testing it. > > To get it please access : > https://github.com/SpiderLabs/ModSecurity/tree/remotes/2.7.x Compiles just fine on Ubuntu 12.04 LTS. Linux Kernel 3.2.0 CPU: Intel(R) Atom(TM) CPU D2700 @ 2.13GHz Apache: 2.2.25 However, make test bails out with the following info: ... libtool: link: gcc -I/opt/apache-2.2.25/include -I/opt/apache-2.2.25/include -I/opt/apache-2.2.25/include -I/usr/include/libxml2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -g -O2 -o msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o msc_test-re_actions.o msc_test-re_tfns.o msc_test-re_variables.o msc_test-msc_logging.o msc_test-msc_xml.o msc_test-msc_multipart.o msc_test-modsecurity.o msc_test-msc_parsers.o msc_test-msc_util.o msc_test-msc_pcre.o msc_test-msc_unicode.o msc_test-persist_dbm.o msc_test-msc_reqbody.o msc_test-msc_crypt.o msc_test-msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o msc_test-acmp.o msc_test-msc_lua.o msc_test-msc_release.o msc_test-libinjection_sqli.o -lrt -lcrypt -lpthread -ldl /usr/lib/x86_64-linux-gnu/libexpat.so /opt/apache-2.2.25/lib/libapr-1.so /opt/apache-2.2.25/lib/libaprutil-1.so -L/usr/lib/x86_64-linux-gnu -lpcre /usr/lib/x86_64-linux-gnu/libxml2.so -pthread -Wl,-rpath -Wl,/opt/apache-2.2.25/lib -Wl,-rpath -Wl,/opt/apache-2.2.25/lib msc_test-re.o: In function `update_rule_target_ex': /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:366: undefined reference to `ap_log_error' /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:436: undefined reference to `ap_log_error' /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:311: undefined reference to `ap_log_error' /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:486: undefined reference to `ap_log_error' /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:377: undefined reference to `ap_log_error' msc_test-re.o:/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re.c:356: more undefined references to `ap_log_error' follow msc_test-re_operators.o: In function `msre_op_rsub_execute': /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re_operators.c:624: undefined reference to `ap_regexec' /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re_operators.c:589: undefined reference to `ap_pregcomp' msc_test-re_operators.o: In function `msre_op_rsub_param_init': /usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests/../apache2/re_operators.c:516: undefined reference to `ap_pregcomp' collect2: ld returned 1 exit status make[2]: *** [msc_test] Error 1 make[2]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests' make[1]: *** [check-am] Error 2 make[1]: Leaving directory `/usr/src/modsecurity/ModSecurity-remotes-2.7.x/tests' make: *** [check-recursive] Error 1 Cheers, Christian -- Wenn ich Naturforschung betreibe, interessieren mich keine Wunder. --- Albertus Magnus, De Generatione et Corruptione, 13. Jh. |
|
From: Breno S. <bre...@gm...> - 2013-07-13 01:38:15
|
Hello people, We are planning to release ModSecurity 2.7.5 next week. I would like to ask you guys to help us testing it. To get it please access : https://github.com/SpiderLabs/ModSecurity/tree/remotes/2.7.x I'm planning to start the build process on Wed if we don't have any feedback. Thanks Breno Silva |
|
From: Breno S. P. (JIRA) <no...@mo...> - 2013-07-11 18:31:58
|
[ https://www.modsecurity.org/tracker/browse/MODSEC-391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-391.
--------------------------------------
Resolution: Cannot Reproduce
Closing it. No more feedback
> ModsecurityIIS_2.7.3 on IIS7 64bit has Event0 Unknown Command In Config: Header
> --------------------------------------------------------------------------------
>
> Key: MODSEC-391
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-391
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Environment: IIS 7.5 on windows
> Reporter: Kimberly T
> Assignee: Breno Silva Pinto
> Labels: 0, Command, Error, IIS, ModsecurityIIS_2_7_3, Unknown
>
> I have installed ModsecurityIIS_2.7.3 Added all the rules from optional_rules to activated rules folder. I see Event0 Unknown Command In Config: Header in the event viewer. I had installed the same setup on another system & it does not have the errror. Both systems are using the original rule files from the installer. I have already installed visual studio runtime 2010. Is there other requirements or dependencies needed?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
|
From: Ben E. <be...@ar...> - 2013-07-10 16:24:27
|
Hi there, I'm running mod_ruid 0.9.7 on Apache 2.2 with ModSecurity 2.7.3 and the GotRoot/Atomicorp delayed ruleset, all on cPanel 11.38. I am unable to get ModSecurity to successfully log it's activities since mod_ruid is causing audit directories and logs to be created with the username of the running process, and more importantly with permissions for that user only, overriding a specific setting in the ModSecurity conf to create audit folders and logs to be created world-writable. I have documented my setup here: https://www.atomicorp.com/forum/viewtopic.php?f=15&t=6932&sid=23c91691756075ec7fc5cfe86a6630d1 I also posted this to the mod_ruid2 forums: https://github.com/mind04/mod-ruid2/issues/1 One of the mod_ruid2 developers has suggested that ModSecurity should be using the special ap_hook_log_transaction() hook which would mean in my configuration that ModSecurity would try to write it's audit logs as nobody, which would not cause permissions issues. I did follow the suggestion of the developer in terms of "Maybe you can work around the problem if you make the log directory group writable for apache and add apache to R_Groups for every user." but this did not fix the problem since new log folders are still created without group write permissions. It seems as though the only possible fix is that ModSecurity uses the ap_hook_log_transaction() hook. It is certain that I'm not the only person suffering this problem: http://www.google.co.uk/search?q=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&{google:acceptedSuggestion}oq=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&sourceid=chrome&ie=UTF-8<http://www.google.co.uk/search?q=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&%7bgoogle:acceptedSuggestion%7doq=ModSecurity%3A+Audit+log%3A+Failed+to+create+subdirectories&sourceid=chrome&ie=UTF-8> Is there any chance of this getting fixed / changed? Regards, Ben |
|
From: M.Rajender <raj...@vi...> - 2013-06-25 07:14:37
|
Hello All, We are using Mod-Security-2.7.3 version and we need to log all the details to mod-security audit file and not for the apache error log file. We have been using the nolog,auditlog sequence, both in the generic .conf file that holds initial settings as well as in each .conf file separately. But logs do continue to show up in Apache’s error_log. Is there any settings that might more cleanly separate ModSecurity logs from Apache logs? -- Regards, Rajender.M |
|
From: Breno S. <bre...@gm...> - 2013-06-12 01:04:45
|
Will fix this Thanks Breno On Tue, Jun 11, 2013 at 7:26 AM, <bd...@bi...> wrote: > Hi All, > > I'm trying to compile mod_security on Centos 6.4 using nginx 1.4.1 as the > server. I am getting the following error which after looking at the code I > think is a bug. I'm getting: > > ../mod_security/nginx/modsecurity/ngx_http_modsecurity.c:1362: error: > array subscript is above array bounds > > When reviewing the code I see that salt[] is being NULL terminated at > offset salt[25]. The salt array is defined in size to be 25. I'm not sure > if the correct action is to modify the code to make the salt[] array one > larger or having the prior loop fall out one sooner. > > Any help would be appreciated. I'm not very proficient in coding so I > don't feel comfortable trying to get the current sources and submitting a > patch. Especially when I don't really understand what that code is doing. > > Thanks for your help! > > Bill > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: <bd...@bi...> - 2013-06-11 14:42:18
|
Hi All, I'm trying to compile mod_security on Centos 6.4 using nginx 1.4.1 as the server. I am getting the following error which after looking at the code I think is a bug. I'm getting: ../mod_security/nginx/modsecurity/ngx_http_modsecurity.c:1362: error: array subscript is above array bounds When reviewing the code I see that salt[] is being NULL terminated at offset salt[25]. The salt array is defined in size to be 25. I'm not sure if the correct action is to modify the code to make the salt[] array one larger or having the prior loop fall out one sooner. Any help would be appreciated. I'm not very proficient in coding so I don't feel comfortable trying to get the current sources and submitting a patch. Especially when I don't really understand what that code is doing. Thanks for your help! Bill |
|
From: Matthew H. <mat...@pe...> - 2013-06-10 10:36:14
|
Hi Mod_Secs, Apologies for hijacking your mailing list but I am in search of a ModSecurity specialist and I can think of no better place than those contributing to the open-source community. I'm hiring for a Contract Linux Engineer with specialist skills in ModSecurity to work for a super client that are based in the UK. These guys have built a genuine, multi-tenanted cloud application that is delivered using the SaaS model. Currently, the product sits on a MySQL database, running on a Windows platform and is deployed to the company's own datacentres. However, the team is about to migrate to Linux, bring in a host of open-source tools and build an Amazon AWS solution for the new geographical territories which they are moving into (USA & Australia). The company is making a commitment to open-source security tools e.g. Mod_Sec and software-based Intrusion Detection Systems e.g. Snort. There is also plenty of design work to be done around Network Monitoring (Nagios / Cacti) and orchestration/automation using Chef. However, there is a need for an outright Mod_Sec specialist right now. Role details: 3-6 month contract Day-rate: open to suggestion but we have a good budget for other roles Based: Basingstoke, UK (you must be eligible and able to live and work in the UK) If you are interested, then please reply with some details about your ModSecurity experience / a recent CV and I'll gladly have a more detailed conversation. Many thanks, Matt My LinkedIn Profile: uk.linkedin.com/in/matthewhyatt/ Matthew Hyatt Managing Consultant People Source Consulting T +44 (0)117 9227000 E mat...@pe... W www.peoplesource.co.uk Registered in England and Wales 4389799, Vat registered 79345529 |
|
From: Justin S. <ju...@me...> - 2013-06-06 14:06:32
|
Thanks Ryan. I have it mostly figured out and implemented however I have a question. For the ModSec demo page, did you add a setenv to every core rule so the rules name gets added to the response headers? Mind sharing the rules folder for the demo page so I can see how you have it implemented? Justin Searle Managing Partner - UtiliSec +1 801-784-2052 On Sat, May 25, 2013 at 11:32 AM, Ryan Barnett <RBa...@tr...> wrote: > Yes it can be done as we do this as part of our demo here - > http://www.modsecurity.org/demo/phpids?test=YourPayloadHere%27+or+%272%27+%21%3D+%275%27%3B-- > > Take a look at these rules for some similar functionality - > https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/optional_rules/modsecurity_crs_49_header_tagging.conf > > Basically you need to use setenv and then in the HTML page use SSI to > populate the data from setenv. > > -- > Ryan Barnett > > > On May 25, 2013, at 12:00 PM, "Justin Searle" <ju...@me...> wrote: > > Hi guys. I'm working on a new security course, and I was wondering if > there is a simple way to have ModSec add which rule was triggered (and > maybe the rule's regex) in the 403 response. Is that possible by > throwing in the some variable in the SecDefaultAction directive, or by > some other means? > > Justin Searle > Managing Partner - UtiliSec > +1 801-784-2052 > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Ryan B. <RBa...@tr...> - 2013-05-29 11:13:35
|
On 5/28/13 2:28 PM, "Diego Elio Pettenò" <fla...@fl...> wrote: >On 28/05/2013 13:15, Breno Silva wrote: >> I fixed it in the tarball. Could you download again and try ? > >Seriously, never do that again. > >If you need to fix the tarball, name it 2.7.4a or something, but if I >did bump this before in Gentoo in the morning, I would have been pissed >that the tarball changed on me. > >Tarballs should be immutable. I understand your point here. We won't do this again. We can rename the actual tarball to differentiate without changing the actual ModSecurity version. Thanks Diego. -Ryan ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
10 messages has been excluded from this view by a project administrator.
