build modsecurity fails on compile FreeBSD 12.1

ChiefZigZag

Verified User
Joined
Feb 17, 2020
Messages
31
Today I attempted to enable modsecurity on my nginx directadmin system on FreeBSD 12.1 the compile failed, any ideas?

Code:
# ./build update
# ./build set modsecurity yes
# ./build modsecurity
Code:
--- maxminddb_test_helper.lo ---
/bin/sh ../libtool  --tag=CC    --mode=compile clang -DHAVE_CONFIG_H  -I. -I.. -I../include  -I../include   -O2 -g -g  -fms-extensions -I../src -MT maxminddb_test_helper.lo -MD -MP -MF .deps/maxminddb_test_helper.Tpo -c -o maxminddb_test_helper.lo maxminddb_test_helper.c
--- all-local ---
make[3]: "/usr/local/directadmin/custombuild/libmaxminddb-1.4.2/t/libtap/Makefile" line 6: Need an operator
make[3]: "/usr/local/directadmin/custombuild/libmaxminddb-1.4.2/t/libtap/Makefile" line 10: Need an operator
make[3]: Fatal errors encountered -- cannot continue
make[3]: stopped in /usr/local/directadmin/custombuild/libmaxminddb-1.4.2/t/libtap
*** [all-local] Error code 1

make[2]: stopped in /usr/local/directadmin/custombuild/libmaxminddb-1.4.2/t
--- maxminddb_test_helper.lo ---
libtool: compile:  clang -DHAVE_CONFIG_H -I. -I.. -I../include -I../include -O2 -g -g -fms-extensions -I../src -MT maxminddb_test_helper.lo -MD -MP -MF .deps/maxminddb_test_helper.Tpo -c maxminddb_test_helper.c  -fPIC -DPIC -o .libs/maxminddb_test_helper.o
libtool: compile:  clang -DHAVE_CONFIG_H -I. -I.. -I../include -I../include -O2 -g -g -fms-extensions -I../src -MT maxminddb_test_helper.lo -MD -MP -MF .deps/maxminddb_test_helper.Tpo -c maxminddb_test_helper.c -o maxminddb_test_helper.o >/dev/null 2>&1
mv -f .deps/maxminddb_test_helper.Tpo .deps/maxminddb_test_helper.Plo
1 error

make[2]: stopped in /usr/local/directadmin/custombuild/libmaxminddb-1.4.2/t
*** [all-recursive] Error code 1

make[1]: stopped in /usr/local/directadmin/custombuild/libmaxminddb-1.4.2
1 error

make[1]: stopped in /usr/local/directadmin/custombuild/libmaxminddb-1.4.2
*** [all] Error code 2

make: stopped in /usr/local/directadmin/custombuild/libmaxminddb-1.4.2
1 error

make: stopped in /usr/local/directadmin/custombuild/libmaxminddb-1.4.2
 

wattie

Verified User
Joined
May 31, 2008
Messages
1,099
Location
Bulgaria
Looking in all other threads that you started, it looks like you have something which is not standard in your installation - there are lots of failed compilations for you. Please tell us more about your setup.
 

ChiefZigZag

Verified User
Joined
Feb 17, 2020
Messages
31
Looking in all other threads that you started, it looks like you have something which is not standard in your installation - there are lots of failed compilations for you. Please tell us more about your setup.
It is nothing out of the ordinary. Fresh install of FreeBSD 12.1 dedicated for directadmin... I documented the steps I took to get directadmin installed:

Code:
# uname -a
FreeBSD xxxx FreeBSD 12.1-RELEASE-p2 GENERIC  amd64


Installed the usual packages, added ssmtp to get around failing exim. I also installed git to download the recent version of brotli for a custom nginx compile which works perfectly fine. Installed ca_root_nss(certificate problems), zip(zip compression for file manager), bash(startips script) to fix some missing bits and pieces.

Code:
# pkg info
apr-1.7.0.1.6.1                Apache Portability Library
autoconf-2.69_3                Automatically configure source code on many Un*x platforms
autoconf-wrapper-20131203      Wrapper script for GNU autoconf
bash-5.0.11                    GNU Project's Bourne Again SHell
bind-tools-9.14.9              Command line tools from BIND: delv, dig, host, nslookup...
bind911-9.11.14                BIND DNS suite with updated DNSSEC and DNS64
binutils-2.33.1,1              GNU binary tools
bison-3.4.2,1                  Parser generator from FSF, (mostly) compatible with Yacc
brotli-1.0.7_2,1               Generic-purpose lossless compression algorithm
ca_root_nss-3.50               Root certificate bundle from the Mozilla Project
cmake-3.15.5                   Cross-platform Makefile generator
curl-7.67.0                    Command line tool and library for transferring data with URLs
cvsps-2.1_2                    Create patchset information from CVS
cyrus-sasl-2.1.27              RFC 2222 SASL (Simple Authentication and Security Layer)
db5-5.3.28_7                   Oracle Berkeley DB, revision 5.3
dialog4ports-0.1.6             Console Interface to configure ports
expat-2.2.8                    XML 1.0 parser written in C
flex-2.6.4_1                   Fast lexical analyzer generator
fontconfig-2.12.6,1            XML-based font configuration API for X Windows
freetype2-2.10.1               Free and portable TrueType font rendering engine
gcc-9_4                        Meta-port for the default version of the GNU Compiler Collection
gcc9-9.2.0                     GNU Compiler Collection 9
gdbm-1.18.1_1                  GNU database manager
gettext-runtime-0.20.1         GNU gettext runtime libraries and programs
giflib-5.2.1                   Tools and library routines for working with GIF images
git-2.24.1                     Distributed source code management tool
gmake-4.2.1_3                  GNU version of 'make' utility
gmp-6.1.2_1                    Free library for arbitrary precision arithmetic
iconv-2.0_4                    Charset conversion library and utilities
indexinfo-0.3.1                Utility to regenerate the GNU info page index
jbigkit-2.1_1                  Lossless compression for bi-level images such as scanned pages, faxes
jpeg-turbo-2.0.3               SIMD-accelerated JPEG codec which replaces libjpeg
json-c-0.13.1_1                JSON (JavaScript Object Notation) implementation in C
jsoncpp-1.8.1_7                JSON reader and writer library for C++
krb5-1.17.1                    MIT implementation of RFC 4120 network authentication service
libarchive-3.4.0,1             Library to create and read several streaming archive formats
libedit-3.1.20191211,1         Command line editor library
libevent-2.1.11                API for executing callback functions on events or timeouts
libffi-3.2.1_3                 Foreign Function Interface
libgd-2.2.5_2,1                Graphics library for fast creation of images
libiconv-1.14_11               Character set conversion library
libidn2-2.3.0_1                Implementation of IDNA2008 internationalized domain names
liblz4-1.9.2,1                 LZ4 compression library, lossless and very fast
libnghttp2-1.40.0              HTTP/2.0 C Library
libtextstyle-0.20.1            Text styling library
libtool-2.4.6_1                Generic shared library support script
libunistring-0.9.10_1          Unicode string library
libuv-1.34.0                   Multi-platform support library with a focus on asynchronous I/O
libxml2-2.9.10                 XML parser library for GNOME
lmdb-0.9.24_1,1                OpenLDAP Lightning Memory-Mapped Database
lzo2-2.10_1                    Portable speedy, lossless data compression library
m4-1.4.18_1,1                  GNU M4
mailx-0.5_1                    Mail command with mailx extensions
mpc-1.1.0_2                    Library of complex numbers with arbitrarily high precision
mpfr-4.0.2                     Library for multiple-precision floating-point computations
ncurses-6.1.20190525           Library for terminal-independent, full-screen output
oniguruma-6.9.3                Regular expressions library compatible with POSIX/GNU/Perl
openssl-1.1.1d,1               TLSv1.3 capable SSL and crypto library
p5-Authen-SASL-2.16_1          Perl5 module for SASL authentication
p5-CGI-4.44                    Handle Common Gateway Interface requests and responses
p5-Digest-HMAC-1.03_1          Perl5 interface to HMAC Message-Digest Algorithms
p5-Error-0.17028               Error/exception handling in object-oriented programming style
p5-GSSAPI-0.28_1               Perl extension providing access to the GSSAPIv2 library
p5-HTML-Parser-3.72            Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.20_1          Some useful data table in parsing HTML
p5-IO-Socket-INET6-2.72_1      Perl module with object interface to AF_INET6 domain sockets
p5-IO-Socket-SSL-2.066         Perl5 interface to SSL sockets
p5-Mozilla-CA-20180117         Perl extension for Mozilla CA cert bundle in PEM format
p5-Net-SSLeay-1.85             Perl5 interface to SSL
p5-Socket6-0.29                IPv6 related part of the C socket.h defines and structure manipulators
p5-Term-ReadKey-2.38_1         Perl5 module for simple terminal control
p5-subversion-1.13.0           Perl bindings for Version control system
pcre-8.43_2                    Perl Compatible Regular Expressions library
perl5-5.30.1                   Practical Extraction and Report Language
pkg-1.12.0_1                   Package manager
pkgconf-1.6.3,1                Utility to help to configure compiler and linker flags
png-1.6.37                     Library for manipulating PNG images
psmisc-22.16_1                 Port of the Linux pstree, killall, and pidof commands
py37-ply-3.11                  Python Lex-Yacc
py37-setuptools-41.4.0_1       Python packages installer
python-3.7_3,2                 "meta-port" for the default version of Python interpreter
python3-3_3                    The "meta-port" for version 3 of the Python interpreter
python37-3.7.6                 Interpreted object-oriented programming language
readline-8.0.1                 Library for editing command lines as they are typed
rhash-1.3.5                    Utility and library for computing and checking of file hashes
serf-1.3.9_4                   Serf HTTP client library
sqlite3-3.30.1                 SQL database engine in a C library
ssmtp-2.64_3                   Extremely simple MTA to get mail off the system to a mail hub
subversion-1.13.0              Version control system
sudo-1.8.31                    Allow others to run commands as root
tiff-4.1.0                     Tools and library routines for working with TIFF images
udns-0.4_1                     DNS resolver library with sync and async queries
unixODBC-2.3.7                 ODBC library suite for Unix
utf8proc-2.4.0                 UTF-8 processing library
webalizer-2.23.8_12            Web server log file analysis program
webp-1.0.3_1                   Google WebP image format conversion tool
wget-1.20.3                    Retrieve files from the Net via HTTP(S) and FTP
zip-3.0_1                      Create/update ZIP files compatible with PKZIP
Nothing else has been change in custombuild involving the broken compiles exim/modsecurity.. the mariadb compile problem I discovered was a bug which was fixed.

Code:
# ./build version
2.0.0 (rev: 2420)
Here is my custombuild options.conf
Code:
root@admin:/usr/local/directadmin/custombuild # cat options.conf
#PHP Settings
php1_release=7.3
php1_mode=php-fpm
php2_release=7.4
php2_mode=php-fpm
php3_release=no
php3_mode=php-fpm
php4_release=no
php4_mode=php-fpm
secure_php=yes
opcache=no
htscanner=no
php_ini=no
php_timezone=America/Vancouver
php_ini_type=production
ioncube=yes
imagick=yes
zend=no
suhosin=no
x_mail_header=yes

#MySQL Settings
mysql=5.7
mariadb=10.3
mysql_inst=mariadb
mysql_backup=yes
mysql_backup_gzip=no
mysql_backup_dir=/usr/local/directadmin/custombuild/mysql_backups
mysql_force_compile=no

#WEB Server Settings
webserver=nginx
http_methods=ALL
litespeed_serialno=trial
modsecurity=yes
modsecurity_ruleset=comodo
apache_ver=2.4
apache_mpm=auto
mod_ruid2=no
userdir_access=no
harden_symlinks_patch=yes
use_hostname_for_alias=no
redirect_host=admin
redirect_host_https=no

#WEB Applications Settings
phpmyadmin=yes
phpmyadmin_public=yes
phpmyadmin_ver=5
squirrelmail=no
roundcube=no
webapps_inbox_prefix=no

#ClamAV-related Settings
clamav=no
clamav_exim=no
modsecurity_uploadscan=no
proftpd_uploadscan=no
pureftpd_uploadscan=no
suhosin_php_uploadscan=no

#Mail Settings
exim=no
eximconf=yes
eximconf_release=4.5
blockcracking=no
easy_spam_fighter=no
spamd=no
sa_update=no
dovecot=no
dovecot_conf=no
mail_compress=no
pigeonhole=no

#FTP Settings
ftpd=no

#Statistics Settings
awstats=no
webalizer=yes

#CustomBuild Settings
custombuild=2.0
custombuild_plugin=yes
autover=no
bold=yes
clean=yes
cleanapache=yes
clean_old_tarballs=yes
clean_old_webapps=yes
downloadserver=files-ca.directadmin.com

#Cronjob Settings
cron=yes
cron_frequency=daily
email=support@xxx
notifications=no
da_autoupdate=no
updates=no
webapps_updates=no

#CloudLinux Settings
cloudlinux=no
cloudlinux_beta=no
cagefs=no

#Advanced Settings
autoconf=yes
automake=yes
libtool=yes
curl=yes
new_pcre=yes
ssl_configuration=intermediate
Is there anything else you could use which would be useful?
 

ChiefZigZag

Verified User
Joined
Feb 17, 2020
Messages
31
Looking in all other threads that you started, it looks like you have something which is not standard in your installation - there are lots of failed compilations for you. Please tell us more about your setup.
I created another testing environment on a new FreeBSD 12.1 server and I am experiencing the same failure when trying to build modsecurity. Also found that ./setup.sh auto fails to install the system as well.. I had to mess around with custom options.conf just to get it to install! Lots of problems right now on stock install!
 

ReN

Verified User
Joined
Jul 2, 2005
Messages
200
any feedback on this, am now also getting this issue.
 

ReN

Verified User
Joined
Jul 2, 2005
Messages
200
ok what i did in this case was instill libmaxmind via ports

after this, i run into another issue

ModSecurity - v3.0.4 for FreeBSD

Mandatory dependencies
+ libInjection ....v3.9.2-30-gbf234eb
+ SecLang tests ....c8cf2c5

Optional dependencies
+ GeoIP/MaxMind ....found
* (MaxMind) v1.4.2
-lmaxminddb , -DWITH_MAXMIND -I/usr/local/include
+ LibCURL ....found v7.70.0
-L/usr/local/lib -lcurl -lnghttp2 -lidn2 -lssl -lcrypto -lssl -lcrypto -lz, -I/usr/local/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL
+ YAJL ....not found
+ LMDB ....disabled
+ LibXML2 ....found v2.9.10
-L/usr/local/lib -lxml2 -lz -L/usr/lib -llzma -L/usr/lib -lm, -I/usr/local/include/libxml2 -I/usr/include -DWITH_LIBXML2
+ SSDEEP ....not found
+ LUA ....found v503
-llua -L/usr/local/lib/, -DWITH_LUA -I/usr/local/include

Other Options
+ Test Utilities ....disabled
+ SecDebugLog ....enabled
+ afl fuzzer ....disabled
+ library examples ....enabled
+ Building parser ....disabled
+ Treating pm operations as critical section ....disabled

Done Configuration.
Trying to make LibModSecurity...
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3366: Missing dependency operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3368: Need an operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3370: Need an operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3374: Missing dependency operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3378: Need an operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3380: Need an operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3393: Need an operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3395: Error in archive specification: ""
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3400: warning: duplicate script for target "ifeq" ignored
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3377: warning: using previous script for "ifeq" defined here
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3401: Missing dependency operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3402: warning: duplicate script for target "ifeq" ignored
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3377: warning: using previous script for "ifeq" defined here
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3402: warning: duplicate script for target "(no,yes)" ignored
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3377: warning: using previous script for "(no,yes)" defined here
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3403: Need an operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3405: Need an operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3406: Need an operator
make: "/usr/local/directadmin/custombuild/modsecurity-v3.0.4/Makefile" line 3408: Need an operator
make: Fatal errors encountered -- cannot continue
make: stopped in /usr/local/directadmin/custombuild/modsecurity-v3.0.4

This error after some research, is related to the DA script using make and not gmake, if anyone can confirm this that would be great, i did a manual gmake in the modsecurity folder in custombuild, but dont have enough knowledge on what the DA script does t add it to apache/ngnix, any help from smtalk/wattie or the DA guys would be great here TY
 
Last edited:

wattie

Verified User
Joined
May 31, 2008
Messages
1,099
Location
Bulgaria
It should be addressed with a ticket to DA support.

If you want to dig inside for a custom installation, what DA is doing is written in the Build script. You can edit /usr/local/directadmin/custombuild/build with any text editor and find it. At first shot there are three functions to look at:

doModSecurity
doModSecurityAdj
doModSecurityRules

It does a lot of things.

Sorry, I do not use modSecurity.
 
Top