[tools] update.script

Do you like use update.script ?

  • yes, all time

    Votes: 221 69.1%
  • no, some time

    Votes: 44 13.8%
  • some time

    Votes: 55 17.2%

  • Total voters
    320
I have a brand new clean install of DA with Apache 2.2.8 and PHP5 and i used this script to install MODSecurity2 and I get these errors on install:

PHP:
msc_xml.h:17:31: error: libxml/xmlschemas.h: No such file or directory
msc_xml.h:18:26: error: libxml/xpath.h: No such file or directory
In file included from modsecurity.h:38,
                 from mod_security2.c:16:
msc_xml.h:23: error: expected specifier-qualifier-list before 'xmlSAXHandler'
make: *** [mod_security2.slo] Error 1
make[1]: Entering directory `/usr/local/updatescript/modsecurity2/modsecurity-apache_2.1.5/apache2'
/usr/local/directadmin/custombuild/httpd-2.2.8/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthread -I/usr/local/include  -O2 -g -Wuninitialized -Wall -Wmissing-prototypes -Wshadow -Wunused-variable -Wunused-value -Wchar-subscripts -Wsign-compare -DWITH_LIBXML2 -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE   -I /usr/include/libxml2 -I /path/to/httpd-x.y/srclib/pcre -I. -I/usr/local/directadmin/custombuild/httpd-2.2.8/os/unix -I/usr/local/directadmin/custombuild/httpd-2.2.8/server/mpm/prefork -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/http -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/filters -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/proxy -I/usr/local/directadmin/custombuild/httpd-2.2.8/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/generators -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/mappers -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/database -I/usr/local/directadmin/custombuild/httpd-2.2.8/srclib/apr/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/srclib/apr-util/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/srclib/apr-util/xml/expat/lib -I/usr/local/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/proxy/../generators -I/usr/include -I/usr/kerberos/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/ssl -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/dav/main -prefer-pic -c mod_security2.c && touch mod_security2.slo
In file included from modsecurity.h:38,
                 from mod_security2.c:16:
msc_xml.h:17:31: error: libxml/xmlschemas.h: No such file or directory
msc_xml.h:18:26: error: libxml/xpath.h: No such file or directory
In file included from modsecurity.h:38,
                 from mod_security2.c:16:
msc_xml.h:23: error: expected specifier-qualifier-list before 'xmlSAXHandler'
make[1]: *** [mod_security2.slo] Error 1
make[1]: Leaving directory `/usr/local/updatescript/modsecurity2/modsecurity-apache_2.1.5/apache2'
make: *** [install-recursive] Error 1

And when I try to restart apache it tells me:

PHP:
Starting httpd: [Wed Jan 30 18:44:12 2008] [warn] module php5_module is already loaded, skipping
httpd: Syntax error on line 20 of /etc/httpd/conf/httpd.conf: Cannot load /usr/lib/libxml2.so into server: /usr/lib/libxml2.so: cannot open shared object file: No such file or directory
 
BTW, why can't I modify /etc/modsecrity2/config.conf to allow looging for example? When edited, the httpd is stalled.
 
Last edited:
Problem with squirrelmail's attachments directory

In our installation, we have specified a directory for squirrelmail to store attachments in that is outside of data. This directory is not created when squirrelmail is updated.

Fix: make sure that you create a directory attachments inside squirrelmail's directory like this:

Code:
[root@rack15 squirrelmail-1.4.13]# ls -la
total 4152
drwxr-xr-x  17 root   root      4096 Feb  5 10:31 .
drwxr-xr-x  10 root   root      4096 Feb  1 11:38 ..
-rw-r--r--   1 root   root   3958484 Jan  6  2007 all_locales-1.4.9-20070106.tar.gz
drwx------   2 apache apache    4096 Feb  5 10:36 attachments
etc...
 
Last edited:
Code:
<IfModule mod_security2.c>
# ModSecurity2 ONLY
# All time config.conf and apache2-rules.conf ON
# Do not change anything in included files
#
Include /etc/modsecurity2/config.conf
#Include /etc/modsecurity2/apache2-rules.conf
#Include /etc/modsecurity2/bad_robots.conf
#Include /etc/modsecurity2/blacklist.conf
#Include /etc/modsecurity2/blacklist2.conf
#Include /etc/modsecurity2/exclude.conf
## stop #Include /etc/modsecurity2/generic_attacks.conf
#Include /etc/modsecurity2/http_policy.conf
#Include /etc/modsecurity2/jitp.conf
#Include /etc/modsecurity2/outbound.conf
#Include /etc/modsecurity2/protocol_anomalies.conf
#Include /etc/modsecurity2/protocol_violations.conf
#Include /etc/modsecurity2/recons.conf
#Include /etc/modsecurity2/request_limits.conf
#Include /etc/modsecurity2/rootkits.conf
#Include /etc/modsecurity2/trojans.conf
#Include /etc/modsecurity2/useragents.conf
</IfModule>
restart apache or remove # trojans.conf , useragents.conf
use any rules you want :)

Wael

But these are gotroot rules? From my experience I must use these rules and not the standard rules? Or can I add them to the above list? Also, why can I not activate the log function by editing the config.conf file of the modsecurity module?
 
But these are gotroot rules? From my experience I must use these rules and not the standard rules? Or can I add them to the above list? Also, why can I not activate the log function by editing the config.conf file of the modsecurity module?

yes, you can edit if you want activate log.
all gotroot rules = server load high :D



Wael
 
Hi.

Try to run: ./update.script OPENSSL
It's a new clean CentOS 4.6 with custombuild latest "standard" version.
Xen VPS server

Here are the error I revcived:

/sbin/ldconfig: Cannot stat /usr/lib/tls/i686/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so
/usr/lib/tls/i486: (hwcap: 0x8002000000000000)
/sbin/ldconfig: Cannot stat /usr/lib/tls/i486/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so
/usr/lib/tls/i586: (hwcap: 0x8004000000000000)
/sbin/ldconfig: Cannot stat /usr/lib/tls/i586/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so


Openssl update done

I try the "ldconfig" gives error down in post.

bash-3.00# /sbin/ldconfig
/sbin/ldconfig: /usr/lib/mysql/libmysqlclient.so.15 is not a symbolic link
 
Hi.

Try to run: ./update.script OPENSSL
It's a new clean CentOS 4.6 with custombuild latest "standard" version.
Xen VPS server

Here are the error I revcived:

/sbin/ldconfig: Cannot stat /usr/lib/tls/i686/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so
/usr/lib/tls/i486: (hwcap: 0x8002000000000000)
/sbin/ldconfig: Cannot stat /usr/lib/tls/i486/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so
/usr/lib/tls/i586: (hwcap: 0x8004000000000000)
/sbin/ldconfig: Cannot stat /usr/lib/tls/i586/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so


Openssl update done

I try the "ldconfig" gives error down in post.

bash-3.00# /sbin/ldconfig
/sbin/ldconfig: /usr/lib/mysql/libmysqlclient.so.15 is not a symbolic link

No one that have any idea about this error :(
 
Hi Wael,

Is there a option to select which sourceforge mirror do we use? I wonder because your default one is usually very slow with my server, having faster options. (Sometimes I even modify the script to use other mirror) but I don't know if there's a way to select it (maybe a config file on the same folder would help)
 
Possibly, although I dont use custombuild as the first time i used it after a rebuild of the OS, my server was basically messed up, and wasn't long before it was hacked and brought down to such a state that i or the server provider couldnt get it to work or retrieve anything off it lol

Such a waste of my time that was... had about 2 hrs sleep the night it died because had to rebuild again, set everything back up, get some old backups uploaded and get things going again. Managed it but was not impressed.

excuse the rant there and its in no way meant to be sound nasty... It just didnt work for me and as someone who has a normal 9-5 job and does this on the side, i cant afford for these things to happen you see.

But back on topic, I believe you could use this script alongside.

I do with customapache, but hopefully Wael will answer for you too.

As they both do different stuff, its a useful thing :)

Regards
Nath
 
Great script, just a question.

I did setup mod_security reload the apache server and checked all configuration were done as instruction you wrote.

So, my question is, why the SecServerSignature "string" does not change the http header with the name of string but keeps apache ?

Any idea ?

Thanks.
 
Back
Top