I am currently in the beginning phase of deploying MS on multiple web
servers and am looking for a simple way to monitor what would trigger MS
without actually blocking anything, yet.
The simplest method I thought of was to have the default action trigger a
script which (for now) just reads the ENV variables and then builds a log
file of potential alerts. In the future a similar script will be used to
modify firewalls, etc..
Anyway, my configuration is shown before. Every time I trigger a rule I am
getting (mod_security-executed: /tmp/test.pl (failed)). The server currentl=
y
is not chrooted and if I copy/paste the script into the command line it
executes just file, so the path and file name are correct. The script is
currently owned by the user/group the web service is running as and the
permissions are currently 755.
I can't find any reason as to why this script fails to execute from within
the MS system.
Any help in this matter would be greatly appreciated.
----------------------------------------------
#mod_security.conf snippet
SecFilterDefaultAction "exec:/tmp/test.pl,allow"
----------------------------------------------
Thank you,
Jason Ziemba
|
