Modsecurity: errors on installing and apache stopped

flexjoly

Verified User
Joined
Nov 2, 2016
Messages
89
Location
Apeldoorn, Netherlands
Hi,

We are configuring a new server, dedicated for wordpress sites.
Only using default settings etc and installing from directadmin and custombuild.
But Modsecurity gives errors after minutes of installing and apache crashes on it.


Our specs are:
Initial default server-install from transip.nl: 4.096 MB / Directadmin 1.61.0 + CentOS 8
DA version: 1.61.3
Custombuild version: 2.0.0 rev 2555

See below for the errors and settings we used.

I hope someone can help us out here.
Thanks in advance!
flexjoly


Error from install modsecurity (with owasp):
Code:
[1m*** MD5 Checksum for modsecurity-apache-v0.0.9-beta1.tar.gz Failed. Redownloading...***(B[m
Downloading modsecurity-apache-v0.0.9-beta1.tar.gz...
--2020-09-12 16:30:10-- https://files.directadmin.com/services/custombuild/modsecurity-apache-v0.0.9-beta1.tar.gz
Resolving files.directadmin.com (files.directadmin.com)... 69.162.69.58, 104.128.54.74, 185.42.221.168
Connecting to files.directadmin.com (files.directadmin.com)|69.162.69.58|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63722 (62K) [application/x-gzip]
Saving to: '/usr/local/directadmin/custombuild/modsecurity-apache-v0.0.9-beta1.tar.gz'
0K .......... .......... .......... .......... .......... 80% 202K 0s
50K .......... .. 100% 80.7M=0.2s
2020-09-12 16:30:11 (251 KB/s) - '/usr/local/directadmin/custombuild/modsecurity-apache-v0.0.9-beta1.tar.gz' saved [63722/63722]
[1m*** MD5 Checksum for modsecurity-apache-v0.0.9-beta1.tar.gz failed *again*.***(B[m
The md5 checksum value may be incorrect, or a wrong file is being downloaded.
Install continuing with this possibly corrupted file. (it may also be fine)
/usr/local/directadmin/custombuild/build: line 22340: cd: modsecurity-apache-v0.0.9-beta1: No such file or directory
/usr/local/directadmin/custombuild/build: line 22341: ./autogen.sh: No such file or directory
/usr/local/directadmin/custombuild/build: line 22342: ./configure: Is a directory
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target 'install'. Stop.
ModSecurity Connector v1.0.1 is now enabled in Nginx
LibModSecurity has been installed successfully.
Installing OWASP Core Rule Set for ModSecurity...
Installation of ModSecurity Rule Set has been finished.
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.

Error from apache:
Code:
Sep 12 16:58:01 vps4 httpd[28247]: httpd: Syntax error on line 50 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf/extra/httpd-phpmodules.conf: Syntax error on line 2 of /etc/httpd/conf/extra/httpd-modsecurity.conf: Cannot load /usr/lib/apache/mod_security2.so into server: /usr/lib/apache/mod_security2.so: cannot open shared object file: No such file or directory
Sep 12 16:58:01 vps4 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 16:58:01 vps4 systemd[1]: httpd.service: Failed with result 'exit-code'.
Sep 12 16:58:01 vps4 systemd[1]: Failed to start The Apache HTTP Server.
Sep 12 16:58:01 vps4 systemd[1]: Reloading The PHP FastCGI Process Manager.
Sep 12 16:58:01 vps4 systemd[1]: Reloaded The PHP FastCGI Process Manager.
Sep 12 16:58:06 vps4 systemd[1]: Starting The Apache HTTP Server...
Sep 12 16:58:06 vps4 httpd[28260]: httpd: Syntax error on line 50 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf/extra/httpd-phpmodules.conf: Syntax error on line 2 of /etc/httpd/conf/extra/httpd-modsecurity.conf: Cannot load /usr/lib/apache/mod_security2.so into server: /usr/lib/apache/mod_security2.so: cannot open shared object file: No such file or directory
Sep 12 16:58:06 vps4 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 16:58:06 vps4 systemd[1]: httpd.service: Failed with result 'exit-code'.
Sep 12 16:58:06 vps4 systemd[1]: Failed to start The Apache HTTP Server.
Sep 12 16:58:06 vps4 systemd[1]: Reloading The PHP FastCGI Process Manager.
Sep 12 16:58:06 vps4 systemd[1]: Reloaded The PHP FastCGI Process Manager.



directadmin.conf:
INI:
add_userdb_quota=1
addip=/usr/local/directadmin/scripts/addip
admin_helper=admin.site-helper.com
admindir=./data/admin
apache_public_html=0
apache_ver=2.0
apachecert=/etc/httpd/conf/ssl.crt/server.crt
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
apacheips=/etc/httpd/conf/ips.conf
apachekey=/etc/httpd/conf/ssl.key/server.key
apachelogdir=/var/log/httpd/domains
apachemimetypes=/etc/mime.types
awstats=1
brute_dos_count=10
brute_force_log_scanner=1
brute_force_scan_apache_logs=2
brute_force_time_limit=12000
brutecount=5
bruteforce=1
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem
check_partitions=2
check_subdomain_owner=0
clear_blacklist_ip_time=0
clear_brute_log_entry_time=4
clear_brute_log_time=24
cloud_cache=0
demodocsroot=./data/skins/evolution
docsroot=./data/skins/evolution
dovecot=1
emailspoolvirtual=/var/spool/virtual
emailvirtual=/etc/virtual
enable_ssl_sni=1
enforce_difficult_passwords=1
ethernet_dev=eth0
exempt_local_block=0
frontpage_on=0
ftpconfig=/etc/proftpd.conf
ftppasswd=/etc/proftpd.passwd
ftpvhosts=/etc/proftpd.vhosts.conf
hide_brute_force_notifications=1http2=1
http2=1
ip_brutecount=20
ipv6=1
license=/usr/local/directadmin/conf/license.key
litespeed=0
log_rotate_size=5
logdir=/var/log/directadmin
logger=/usr/local/directadmin/logger
loghostname=0
login_history=10
logs_to_keep=5
lost_password=0
mail_sni=1
max_per_email_send_limit=-1
max_username_length=10
maxfilesize=209715200
mysql_detect_correct_methods=1
mysqlconf=/usr/local/directadmin/conf/mysql.conf
namedconfig=/etc/named.conf
nameddir=/var/named
nginx=0
nginx_proxy=0
ns1=ns0.transip.nl
ns2=ns1.transip.net
numservers=5
open_basedir=ON
openlitespeed=0
owsadm=/usr/local/frontpage/version5.0/bin/owsadm.exe
partition_usage_threshold=95
port=2222
pureftp=1
purge_spam_days=30
quota_partition=/
removeip=/usr/local/directadmin/scripts/removeip
reseller_helper=reseller.site-helper.com
safemode=ON
secure_access_group=access
servername=vps4.rhinestone77.nl
serverpath=/usr/local/directadmin
session_minutes=60
skinsdir=./data/skins
sshdconfig=/etc/ssh/sshd_config
ssl=0
ssl_cipher=HIGH:!aNULL:!MD5
taskqueue=/usr/local/directadmin/data/task.queue
templates=/usr/local/directadmin/data/templates
ticketsdir=/usr/local/directadmin/data/tickets
timeout=60
tmpdir=../../../home/tmp
unblock_brute_ip_time=0
unified_ftp_password_file=1
user_brutecount=20
user_can_set_email_limit=1
user_helper=www.site-helper.com
userdata=./data/users
webalizer=1

options.conf:
INI:
#PHP Settings
php1_release=7.4
php1_mode=php-fpm
php2_release=no
php2_mode=php-fpm
opcache=no
htscanner=no
php_ini=no
php_timezone=Europe/Amsterdam
php_ini_type=production
ioncube=no
zend=no
suhosin=no
x_mail_header=yes

#MySQL Settings
mysql=5.6
mysql_inst=mariadb
mysql_backup=yes
mysql_backup_dir=/usr/local/directadmin/custombuild/mysql_backups
mysql_force_compile=no

#WEB Server Settings
webserver=apache
modsecurity=yes
modsecurity_ruleset=owasp
apache_ver=2.4
apache_mpm=auto
mod_ruid2=no
harden_symlinks_patch=yes
use_hostname_for_alias=yes
redirect_host=vps4.rhinestone77.nl
redirect_host_https=yes

#WEB Applications Settings
phpmyadmin=yes
phpmyadmin_ver=5
squirrelmail=no
roundcube=yes
webapps_inbox_prefix=no

#ClamAV-related Settings
clamav=yes
clamav_exim=yes
proftpd_uploadscan=no
pureftpd_uploadscan=yes
suhosin_php_uploadscan=yes

#Mail Settings
exim=yes
eximconf=yes
eximconf_release=4.5
blockcracking=yes
easy_spam_fighter=yes
spamd=spamassassin
dovecot=yes
dovecot_conf=yes
pigeonhole=no

#FTP Settings
ftpd=pureftpd

#Statistics Settings
awstats=yes
webalizer=yes

#CustomBuild Settings
custombuild=2.0
autover=yes
bold=yes
clean=yes
cleanapache=yes
clean_old_tarballs=yes
clean_old_webapps=yes
downloadserver=files.directadmin.com

#Cronjob Settings
cron=yes
cron_frequency=daily
[email protected]
notifications=no
da_autoupdate=no
updates=no
webapps_updates=no

#CloudLinux Settings
cloudlinux=no
cagefs=no

#Advanced Settings
autoconf=yes
automake=yes
libtool=yes
curl=yes
new_pcre=yes

cloudlinux_beta=no
sa_update=daily
modsecurity_uploadscan=yes
http_methods=GET:HEAD:POST:PUT:DELETE:PATCH
litespeed_serialno=trial
mariadb=10.5
mysql_backup_gzip=yes
mysql_use_new_user_methods=1
unit=no
userdir_access=no
php3_release=no
php4_release=no
php3_mode=php-fpm
php4_mode=php-fpm
secure_php=no
mail_compress=no
phpmyadmin_public=no
ssl_configuration=intermediate
custombuild_plugin=yes
unofficial_mirrors=no
 
What’s the command you ran? Make sure it is modsecurity, and not libmodsecurity.
 
Ah! Thanks for your reply!

The 'modsecurity' command on the custombuild-update page did not work.
So I looked at the build-page and runned the first modsecurity-button there ;-)
Indeed that says 'libmodsecurity', I did not realize that there were more 'modsecurity' items.

Running modsecurity from the update-page says:
Code:
Executing /usr/local/directadmin/plugins/custombuild/admin/build update_versions...
[1mUpdating OWASP ModSecurity Rule Set(B[m
Installing OWASP Core Rule Set for ModSecurity...
Installation of ModSecurity Rule Set has been finished.
[1mUpdating ModSecurity(B[m
/usr/sbin/apxs is not found, skipping ModSecurity for now.

'apxs' seems to be missing.
Of course I can look into that. But since I am only installing the defaults by directadmin/custombuild on this server, I do not want to mess around.

What is wrong here?

Thanks, flexjoly
 
Hm... it should be there. May you try rebuilding apache?
 
Back
Top