Install Modsecurity 2.5.0?
Feb 22, 2008how i can install modsecurity 2.5.0?
View 3 Replieshow i can install modsecurity 2.5.0?
View 3 Repliesi installed it from whm
cpanel > Manage Plugins > Name: modsecurity > Install and Keep Updated
but its not working
( i think this is add-one for make configuration in Plugins options )
so i want to install it from ssh
i have apache 2.2.9
php 5
I recently leased a dedicated server and it has somethign called modsecurity installed and I "think" it is causing me a slight problem. I installed Tikiwiki (using FANTASTICO as teh installer) to put a wiki on my site. Problem: When I edit a page and hit "Save." I get "FOBIDDEN you do not have permission to access /tiki/tiki-editpage.php on this server". After playing around with it all day, I finally asked my server management folks if they could figure out the issue and they said it looked like a "modsecurity" issue. If I understand correctly, modsecurity will clocu URLs that have certain characteristics.
my questions are:
1) How can I determine exactly which modsecurity rule is being violated and
2) How can I remove just taht rule so that things will work with the wiki program?
I have a site on my server that is running a Flash splash-page and ModSecurity keeps getting tripped when anyone accesses the page.
I am running the default configuration supplied by CPanel 11. The rule that is getting tripped is the XSS rule.
Here is some more info:
Code:
Pattern match "(?:(?:on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)W*?=|abort)|(?:l(?:owsrcW*?(?:(?:java|vb)script|shell)|ivescript)|(?:href|url)W*? ..." at ARGS:texts. [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <src="http:>"] [severity "CRITICAL"]
[30/Nov/2007:12:11:10 --0500] hFuubkMPEAcAAHVLfHgAAAAL 76.118.117.41 62197 67.15.16.7 80
--f2de940f-B--
GET /widgets/business_splash5.swf?nazvanie=Bob+Brewer&skip_intro=SKIP+INTRO&button=gpage.html&
;sloganss=&titl=&zvuk=downloads/DTH_final.mp3&pic1=http://bobbrewer.info/images/bb2_serie
s2.jpg&pic2=http://bobbrewer.info/images/bb2_series2.jpg&pic3=http://bobbrewer.info/images/bb
3_series3.jpg&pic4=http://bobbrewer.info/images/bb_series2.jpg&texts=%3cP+align%3dcenter%3e%3
cFONT+face%3d%22Comic+Sans+MS%22+color%3d%23ffff00+size%3d5%3eBobby+Brewer+Guitarist%3c/FONT%3e%3c/P%
3e++%3cP+align%3dcenter%3e%3cA+class%3dRE+href%3d%22undefined%22%3e%3cIMG+height%3d128+alt%3d%22%22+h
space%3d0+src%3d%22http://bobbrewer.info/images/bb2_series2.jpg%22+width%3d170+border%3d0%3e%3c/A%3e%
3c/P%3e&colorline1=%23BEC7DB&colorline2=%235B71A4&colorline3=%2333ffff&colorline4=&am
p;colorline5=%23BEC7DB&colorname=%2333ffff&colorline6=%235B71A4&colorline7=%23BEC7DB&
colorline8=&colorline9=%23BEC7DB&colorline10=&colorline11=%235B71A4&colorline12=%2333
ffff&colorline13=%23BEC7DB&colortitle=%23000000&colorline14=%2333ffff&colorline17=%23
33ffff&colorline17=%23BEC7DB&colorpolosa2=%235B71A4&colorpolosa1=%23BEC7DB HTTP/1.1
Accept: */*
Referer: http://bobbrewer.info/index.html
x-flash-version: 9,0,28,0
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Host: bobbrewer.info
Connection: Keep-Alive
--f2de940f-F--
HTTP/1.1 406 Not Acceptable
Content-Length: 455
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
--f2de940f-H--
Message: Access denied with code 406 (phase 2). Pattern match "(?:(?:on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:e
lec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)W*?=|abort)|(?:l(?:owsrcW*?(?:(?:ja
va|vb)script|shell)|ivescript)|(?:href|url)W*? ..." at ARGS:texts. [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <src="http:>"] [severity "CRITICAL"]
Action: Intercepted (phase 2)
Stopwatch: 1196442670313070 6595 (855 5738 -)
Producer: ModSecurity v2.1.3 (Apache 2.x)
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1
The code in his web page that I think is tripping this is:
Code:
<!-- widgets/business_splash5.swf -->
<OBJECT WIDTH="550" HEIGHT="400" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553
540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflas
h.cab#version=7,0,0,0" align="middle" valign="top">
<PARAM NAME=movie VALUE="widgets/business_splash5.swf?nazvanie=Bob+Brewer&skip
_intro=SKIP+INTRO&button=gpage.html&sloganss=&titl=&zvuk=downloads/DTH_final.mp3
&pic1=http://bobbrewer.info/images/bb2_series2.jpg&pic2=http://bobbrewer.info/im
ages/bb2_series2.jpg&pic3=http://bobbrewer.info/images/bb3_series3.jpg&pic4=http
://bobbrewer.info/images/bb_series2.jpg&texts=%3cP+align%3dcenter%3e%3cFONT+face
%3d%22Comic+Sans+MS%22+color%3d%23ffff00+size%3d5%3eBobby+Brewer+Guitarist%3c/FO
NT%3e%3c/P%3e++%3cP+align%3dcenter%3e%3cA+class%3dRE+href%3d%22undefined%22%3e%3
cIMG+height%3d128+alt%3d%22%22+hspace%3d0+src%3d%22http://bobbrewer.info/images/
bb2_series2.jpg%22+width%3d170+border%3d0%3e%3c/A%3e%3c/P%3e&colorline1=%23BEC7D
B&colorline2=%235B71A4&colorline3=%2333ffff&colorline4=&colorline5=%23BEC7DB&col
orname=%2333ffff&colorline6=%235B71A4&colorline7=%23BEC7DB&colorline8=&colorline
9=%23BEC7DB&colorline10=&colorline11=%235B71A4&colorline12=%2333ffff&colorline13
=%23BEC7DB&colortitle=%23000000&colorline14=%2333ffff&colorline17=%2333ffff&colo
rline17=%23BEC7DB&colorpolosa2=%235B71A4&colorpolosa1=%23BEC7DB">
<PARAM NAME="scale" VALUE="noscale">
<PARAM NAME=quality VALUE=high>
<PARAM name="wmode" value="transparent">
<EMBED wmode="transparent" quality="high" WIDTH="550" HEIGHT="400"
src="widgets/business_splash5.swf?nazvanie=Bob+Brewer&skip_intro=SKIP+I
NTRO&button=gpage.html&sloganss=&titl=&zvuk=downloads/DTH_final.mp3&pic1=http://
bobbrewer.info/images/bb2_series2.jpg&pic2=http://bobbrewer.info/images/bb2_seri
es2.jpg&pic3=http://bobbrewer.info/images/bb3_series3.jpg&pic4=http://bobbrewer.
info/images/bb_series2.jpg&texts=%3cP+align%3dcenter%3e%3cFONT+face%3d%22Comic+S
ans+MS%22+color%3d%23ffff00+size%3d5%3eBobby+Brewer+Guitarist%3c/FONT%3e%3c/P%3e
++%3cP+align%3dcenter%3e%3cA+class%3dRE+href%3d%22undefined%22%3e%3cIMG+height%3
d128+alt%3d%22%22+hspace%3d0+src%3d%22http://bobbrewer.info/images/bb2_series2.j
pg%22+width%3d170+border%3d0%3e%3c/A%3e%3c/P%3e&colorline1=%23BEC7DB&colorline2=
%235B71A4&colorline3=%2333ffff&colorline4=&colorline5=%23BEC7DB&colorname=%2333f
fff&colorline6=%235B71A4&colorline7=%23BEC7DB&colorline8=&colorline9=%23BEC7DB&c
olorline10=&colorline11=%235B71A4&colorline12=%2333ffff&colorline13=%23BEC7DB&co
lortitle=%23000000&colorline14=%2333ffff&colorline17=%2333ffff&colorline17=%23BE
C7DB&colorpolosa2=%235B71A4&colorpolosa1=%23BEC7DB"
type="application/x-shockwave-flash" pluginspage=[url]
Upon reviewing my modsecurity log today, I found an interesting hit from google.
-------------------
Requesting IP: 66.249.65.67 is http://ws.arin.net/cgi-bin/whois.pl?...t=66.249.65.67
Date: 2006-10-03
Time: 07:10:16
Handler: mod_gzip_handler
Get: /page/index/1&show=25,07,2005?php%20echo%20$bmc_vars%5B'site_url'%5D;%20?%3E/profile.php?id=1
Mod_Security-Message: Access denied with code 406. Pattern match "echo " at THE_REQUEST
Mod_Security-Action: 406
------------
The rule that set off this 406 response was:
SecFilterSelective THE_REQUEST "echo "
What I find interesting is that I do not have any such URL structure on this website that google requested.
I am running apache 1.3 + modsecurity 1 my problem is i can not use ajax coz of modsecurity is there any way to make ajax work with modsecurity on apache 1 coz i know it's work on apache 2
View 1 Replies View Relatedwhere I can find or get the latest, and with better design ruleset for modsecurity? I have one, but it is really old.
View 1 Replies View RelatedI want to create logrotate in logrotate.d for modsecurity log.
I find following code, but it don't works.
Code:
/var/log/modsec_audit.log {
rotate 7
compress
missingok
notifempty
sharedscripts
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}
We have a small Hosting reseller account at eNom. We have a new customer that moved his website from another hosting company to ours. The website is on a shared IP. Enom also uses a internal IP for internal use associated to the domain.
The problem we have is that AOL users can not see the website. As far as we can tell no other ISP's are having this problem. Everyone can see it except AOL users.
When AOL users go to the site they get "Page can not be found". After several calls to eNom support and them triple checking the DNS we still have the problem.
I looked at the error log for the website this morning. I found several errors. I looked up the IP's with the errors and they all pointed back to AOL.. See below for two examples of the errors....
Is this a server problem or DNS?
What do these errors mean and what do I do about it?
The domain is http://2hotlicks.com . They sell Hot Sauce.. Would AOL block it because of the keywords in the Domain name?
[Wed Oct 17 08:11:56 2007] [error] [client 207.200.116.7] ModSecurity: Access denied with code 400 (phase 2). Pattern match "(?:\bhttp.(?:0\.9|1\.[01])|<(?:html|meta)\b)" at REQUEST_HEADERS:Via. [id "950911"] [msg "HTTP Response Splitting Attack. Matched signature <http/1.1>"] [severity "ALERT"] [hostname "www.2hotlicks.com"] [uri "/"] [unique_id "uPWvAgoHAlYAAA25N5AAAAAI"]
[Tue Oct 16 13:11:20 2007] [error] [client 207.200.116.137] ModSecurity: Access denied with code 400 (phase 2). Pattern match "(?:\bhttp.(?:0\.9|1\.[01])|<(?:html|meta)\b)" at REQUEST_HEADERS:Via. [id "950911"] [msg "HTTP Response Splitting Attack. Matched signature <http/1.1>"] [severity "ALERT"] [hostname "www.2hotlicks.com"] [uri "/combos.htm"] [unique_id "yddhwAoHAlYAAEEfgyEAAAAi"]
I currently have the Web Application Firewall (ModSecurity) installed but would like a visual interface to block IP's, subnets etc.. Can I install the Plesk firewall as well without any conflict with the Web Application Firewall?
View 3 Replies View RelatedAfter install the ModSecurity Web Application Firewall for Apache no button for manageing module is displayed in plesk.
Installation was successful. How can I repair the button in plesk / webbased manage mod_security?
I have a Real Time Web Application Security Rules Subscription. I change the ModSecurity Rule Setup and add the Atomic LoginData to Plesk. All looks fine but the ModSecurity Log is now empty.
- Debian 7 with all Updates
- Plesk Version 12.0.18 Update #49
Output from: ~# aum -df upgrade asl
[URL] ....
So I've been working on getting the modsecurity upload scan function to work for over 4 hours now and i'm done with this junk to say the least.
Using modsec 1.9
Cpanel 10x
Apache 1.3
in the modsec.conf
SecUploadDir /tmp
SecUploadApproveScript /usr/local/apache/htdocs/upload_scan.pl
All I get in the audit_log is:
Access denied with code 406. Error verifying files: Received no output from the approver script (execution failed?) "/usr/local/apache/htdocs/upload_scan.pl" ....
I have enabled modsecurity system and in 1 day the modsec_audit.log file has grown to more than 700Mb. Is there any way to reduce the number of messages that this module logs?
View 4 Replies View RelatedError when trying to set atomic subscription rule:
Failed to install the ModSecurity rule set: SecReadStateLimit is depricated, use SecConnReadStateLimit instead.
Syntax error on line 70 of /etc/httpd/conf/modsecurity.d/rules/atomic/modsec/00_asl_zz_strict.conf:
Error creating rule: Could not add entry "127.0.0.0/8" from: 127.0.0.0/8.
In directory /etc/httpd/conf/modsecurity.d/rules I have only: atomic.new modsecurity_crs-plesk tortix tortix.backup
There is no file 00_asl_zz_strict.conf
Once Atomic Basic is enabled, the following error appears:
Code:
Failed to install the ModSecurity rule set: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <support@atomicorp.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: Signature made Tue Jun 17 16:53:49 2014 CEST using RSA key ID 4520AFA9 gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key)
[Code] .....
OS Debian 7.5
Plesk version 12.0.18 Update #4, last updated at June 18, 2014 02:51 AM
Is it possible to install Plesk 12 to Debian Jessie with the autoinstall script?
View 7 Replies View Relatedproblem with install suhosin and ...
how i can install Mod_security
What difference between yum install php or manually install php from scrach (build, make and install)?
I know manually install could configure lots of parameters and paths, like --iconv, --mbsting, etc. I don't know anything behind yum install php. If I want to install php everything in the following:
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/local/webserver/mysql --with-mysqli=/usr/local/webserver/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-debug --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-sendmail=/usr/sbin/sendmail
to installing linux software and have been beating my head for a couple of days. I just learned that I can use something on my CENTOS 5 - which is the same as RHEL 5 - to install the rpm and all dependencies.
Numeric-24.2-1.i586.rpm is the rpm I want to install, if that matters.
How can I do install it AND any dependencies?
I am trying to install the kernel source.
I have downloaded kernel-2.6.20-1.2948.fc6.src.rpm
I am using fedora 6 64bit.
here are my current kernels:
kernel-headers-2.6.20-1.2948.fc6
kernel-devel-2.6.20-1.2944.fc6
yum-kernel-module-1.0.3-1.fc6
kernel-2.6.20-1.2944.fc6
kernel-devel-2.6.20-1.2948.fc6
kernel-2.6.20-1.2948.fc6
here is what I seen when I installed kernel-2.6.20-1.2948.fc6.src.rpm
rpm -ivh kernel-2.6.20-1.2948.fc6.src.rpm
1:kernel warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
warning: user brewbuilder does not exist - using root
########################################### [100%]
warning: user brewbuilder does not exist - using root
warning: group brewbuilder does not exist - using root
then when I ran:
rpmbuild -bp --target=$(uname -m) /usr/src/redhat/SPECS/kernel-2.6.spec
I seen this error:
+ Arch=x86_64
+ make ARCH=x86_64 nonint_oldconfig
In file included from /usr/include/sys/socket.h:35,
from /usr/include/netinet/in.h:24,
from /usr/include/arpa/inet.h:23,
from scripts/basic/fixdep.c:117:
/usr/include/bits/socket.h:310:24: error: asm/socket.h: No such file or directory
make[1]: *** [scripts/basic/fixdep] Error 1
make: *** [scripts_basic] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.93770 (%prep)
I need to have this installed to get a app installed etc...
suggestions or ideas?
thanks
So i have a dedicated server and here are the specs:
AMD64 X2 7750+
8192 MB DDR2 RAM
500 GB 7.200 RPM
2000 GB Traffic p/m
CentOS 5.3
I want to install several VPS's on this server so i have one for shared users, one for reseller users and then the rest can be purchased. Unfortunately i have no idea how to install VPS's. Which is the best visualization software for VPS's? And how do i install and how to get whmcs to create them. Or are they already created?
I am also wondering about control panels and do vps's have to have their own separate control panel or do they all run of the main control panel.
Also what is the rule of thumb on how many vps's per server.
I'm willing to setup a new dedicated server that hosts only one website. before I just used Centos, it was free and worked perfect.
I dont want to spend any money for OS.
Which OS do you use?
Well I ordered a virtuzzo server and I am wondering on how do you install yum. Its a centos
View 7 Replies View RelatedI tried to : yum install gcc
Quote:
root@name [~]# yum install gcc
Traceback (most recent call last):
File "/usr/bin/yum", line 28, in ?
import yummain
File "/usr/share/yum-cli/yummain.py", line 30, in ?
from yum import _
ImportError: cannot import name _
command : rpm -q yum
Quote:
root@name [~]# rpm -q yum
yum-3.2.8-9.el5.centos.2.1
command : rpm -ap | grep yum
Quote:
root@name [~]# rpm -aq | grep yum
yum-3.2.8-9.el5.centos.2.1
yum-fastestmirror-1.1.10-9.el5.centos
yum-metadata-parser-1.1.2-2.el5
command : rpm -e yum-metadata-parser-1.0-8.fc6
Quote:
root@name [~]# rpm -e yum-metadata-parser-1.0-8.fc6
error: package yum-metadata-parser-1.0-8.fc6 is not installed
I've tried to work with yum. but if I "yum install .." enter, then i get this error :
PHP Code:
error: no dbpath has been set
error: cannot open Packages database in /%{_dbpath}
Traceback (most recent call last):
File "/usr/bin/yum", line 30, in ?
yummain.main(sys.argv[1:])
File "/usr/share/yum/yummain.py", line 163, in main
(log, errorlog, filelog, conf, cmds) = parseCmdArgs(args)
File "/usr/share/yum/yummain.py", line 75, in parseCmdArgs
conf=yumconf(configfile=yumconffile)
File "/usr/share/yum/config.py", line 155, in __init__
self.yumvar['releasever'] = self._getsysver()
File "/usr/share/yum/config.py", line 285, in _getsysver
idx = ts.dbMatch('provides', self.distroverpkg)
TypeError: rpmdb open failed
I'm playing around with a test server, install Xen on a Centos 5 box.
[url]
I've tried two methods to create a vm.
virt-install
and
virt-install -x "ip=xxx.xxx.70.212 gateway=xxx.xxx.70.211 subnet=255.255.255.248"
If I do virt-install, it asks me this:
(first screenshot).
I have no idea what to put it. I did try this:
Quote:
IPv4 address: xxx.xxx.70.212__ / 255.255.255.248_
Gateway: xxx.xxx.70.211___________________________
Name Server: _________________________________________
note: only here in my post am I actually putting "xxx" in the IP for privacy reasons only. The 70.212 is the main server IP that I ssh into.
See 2nd screenshot for error. Same thing with various *valid* mirrors I tried.
This is my ifcfg-eth0 info:
DEVICE=eth0
BOOTPROTO=static
IPADDR=xxx.xxx.70.212
NETMASK=255.255.255.248
ONBOOT=yes TYPE=Ethernet
I have bought Dell Optiplex 760 and i would like to in stall Virtual Private Server (VPS) on it.. can anybody please tell me step by step tutorial to install VPS in my computer and have my own webserver?
View 14 Replies View Relatedi want to install custom os in Xen.
what do i do?
i want install Mikrotik , Cenos and ... in it.
also how can i create image from it to use it again?
can i use this image for hypervm?