[tools] update.script

[Remco00]

update perl module

perl -MCPAN -eshell

install version

But I do have Perl 5.8.5 installed.

 

[darkus]

I have a brand new clean install of DA with Apache 2.2.8 and PHP5 and i used this script to install MODSecurity2 and I get these errors on install:

msc_xml.h:17:31: error: libxml/xmlschemas.h: No such file or directory
msc_xml.h:18:26: error: libxml/xpath.h: No such file or directory
In file included from modsecurity.h:38,
                 from mod_security2.c:16:
msc_xml.h:23: error: expected specifier-qualifier-list before 'xmlSAXHandler'
make: *** [mod_security2.slo] Error 1
make[1]: Entering directory `/usr/local/updatescript/modsecurity2/modsecurity-apache_2.1.5/apache2'
/usr/local/directadmin/custombuild/httpd-2.2.8/srclib/apr/libtool --silent --mode=compile gcc -g -O2 -pthread -I/usr/local/include  -O2 -g -Wuninitialized -Wall -Wmissing-prototypes -Wshadow -Wunused-variable -Wunused-value -Wchar-subscripts -Wsign-compare -DWITH_LIBXML2 -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE   -I /usr/include/libxml2 -I /path/to/httpd-x.y/srclib/pcre -I. -I/usr/local/directadmin/custombuild/httpd-2.2.8/os/unix -I/usr/local/directadmin/custombuild/httpd-2.2.8/server/mpm/prefork -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/http -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/filters -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/proxy -I/usr/local/directadmin/custombuild/httpd-2.2.8/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/generators -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/mappers -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/database -I/usr/local/directadmin/custombuild/httpd-2.2.8/srclib/apr/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/srclib/apr-util/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/srclib/apr-util/xml/expat/lib -I/usr/local/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/proxy/../generators -I/usr/include -I/usr/kerberos/include -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/ssl -I/usr/local/directadmin/custombuild/httpd-2.2.8/modules/dav/main -prefer-pic -c mod_security2.c && touch mod_security2.slo
In file included from modsecurity.h:38,
                 from mod_security2.c:16:
msc_xml.h:17:31: error: libxml/xmlschemas.h: No such file or directory
msc_xml.h:18:26: error: libxml/xpath.h: No such file or directory
In file included from modsecurity.h:38,
                 from mod_security2.c:16:
msc_xml.h:23: error: expected specifier-qualifier-list before 'xmlSAXHandler'
make[1]: *** [mod_security2.slo] Error 1
make[1]: Leaving directory `/usr/local/updatescript/modsecurity2/modsecurity-apache_2.1.5/apache2'
make: *** [install-recursive] Error 1

And when I try to restart apache it tells me:

Starting httpd: [Wed Jan 30 18:44:12 2008] [warn] module php5_module is already loaded, skipping
httpd: Syntax error on line 20 of /etc/httpd/conf/httpd.conf: Cannot load /usr/lib/libxml2.so into server: /usr/lib/libxml2.so: cannot open shared object file: No such file or directory

 

[hkim]

BTW, why can't I modify /etc/modsecrity2/config.conf to allow looging for example? When edited, the httpd is stalled.

 

[webquarry]

Problem with squirrelmail's attachments directory

In our installation, we have specified a directory for squirrelmail to store attachments in that is outside of data. This directory is not created when squirrelmail is updated.

Fix: make sure that you create a directory attachments inside squirrelmail's directory like this:

[root@rack15 squirrelmail-1.4.13]# ls -la
total 4152
drwxr-xr-x  17 root   root      4096 Feb  5 10:31 .
drwxr-xr-x  10 root   root      4096 Feb  1 11:38 ..
-rw-r--r--   1 root   root   3958484 Jan  6  2007 all_locales-1.4.9-20070106.tar.gz
drwx------   2 apache apache    4096 Feb  5 10:36 attachments
etc...

 

[@how@]

update to AVG 7.5 r51-a1243

Wael

 

[@how@]

Update to MySQL 5.0.51a

Wael

 

[hkim]

<IfModule mod_security2.c>
# ModSecurity2 ONLY
# All time config.conf and apache2-rules.conf ON
# Do not change anything in included files
#
Include /etc/modsecurity2/config.conf
#Include /etc/modsecurity2/apache2-rules.conf
#Include /etc/modsecurity2/bad_robots.conf
#Include /etc/modsecurity2/blacklist.conf
#Include /etc/modsecurity2/blacklist2.conf
#Include /etc/modsecurity2/exclude.conf
## stop #Include /etc/modsecurity2/generic_attacks.conf
#Include /etc/modsecurity2/http_policy.conf
#Include /etc/modsecurity2/jitp.conf
#Include /etc/modsecurity2/outbound.conf
#Include /etc/modsecurity2/protocol_anomalies.conf
#Include /etc/modsecurity2/protocol_violations.conf
#Include /etc/modsecurity2/recons.conf
#Include /etc/modsecurity2/request_limits.conf
#Include /etc/modsecurity2/rootkits.conf
#Include /etc/modsecurity2/trojans.conf
#Include /etc/modsecurity2/useragents.conf
</IfModule>

restart apache or remove # trojans.conf , useragents.conf
use any rules you want

Wael

But these are gotroot rules? From my experience I must use these rules and not the standard rules? Or can I add them to the above list? Also, why can I not activate the log function by editing the config.conf file of the modsecurity module?

 

[edla]

awesome script you rock

 

[@how@]

New update
[*] ClamAV 0.92.1
[*] Webmin control panel 1.400

Wael

 

[@how@]

But these are gotroot rules? From my experience I must use these rules and not the standard rules? Or can I add them to the above list? Also, why can I not activate the log function by editing the config.conf file of the modsecurity module?

yes, you can edit if you want activate log.
all gotroot rules = server load high



Wael

 

[SajtXL]

Hi.

Try to run: ./update.script OPENSSL
It's a new clean CentOS 4.6 with custombuild latest "standard" version.
Xen VPS server

Here are the error I revcived:

/sbin/ldconfig: Cannot stat /usr/lib/tls/i686/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so
/usr/lib/tls/i486: (hwcap: 0x8002000000000000)
/sbin/ldconfig: Cannot stat /usr/lib/tls/i486/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so
/usr/lib/tls/i586: (hwcap: 0x8004000000000000)
/sbin/ldconfig: Cannot stat /usr/lib/tls/i586/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so


Openssl update done

I try the "ldconfig" gives error down in post.

bash-3.00# /sbin/ldconfig
/sbin/ldconfig: /usr/lib/mysql/libmysqlclient.so.15 is not a symbolic link

 

[@how@]

update to
[*] MODsecurity 2.1.6
[*] MRTG 2.16.1

Wael

 

[SajtXL]

Hi.

Try to run: ./update.script OPENSSL
It's a new clean CentOS 4.6 with custombuild latest "standard" version.
Xen VPS server

Here are the error I revcived:

/sbin/ldconfig: Cannot stat /usr/lib/tls/i686/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so
/usr/lib/tls/i486: (hwcap: 0x8002000000000000)
/sbin/ldconfig: Cannot stat /usr/lib/tls/i486/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so
/usr/lib/tls/i586: (hwcap: 0x8004000000000000)
/sbin/ldconfig: Cannot stat /usr/lib/tls/i586/libdb-4.2.so: No such file or directory
libdb_cxx-4.2.so -> libdb_cxx-4.2.so


Openssl update done

I try the "ldconfig" gives error down in post.

bash-3.00# /sbin/ldconfig
/sbin/ldconfig: /usr/lib/mysql/libmysqlclient.so.15 is not a symbolic link

No one that have any idea about this error

 

[@how@]

No one that have any idea about this error

update script work fine with Centos X.X
tr again or try to find admin fix this problem for you

Wael

 

[jca]

Hi Wael,

Is there a option to select which sourceforge mirror do we use? I wonder because your default one is usually very slow with my server, having faster options. (Sometimes I even modify the script to use other mirror) but I don't know if there's a way to select it (maybe a config file on the same folder would help)

 

[@how@]

ill add more option in next release.

Wael

 

[tarquel]

Thanks Wael... that would be great I was gonna ask about that too

Nath.

 

[albatroz]

Can this script be used along with CustomBUILD?

 

[tarquel]

Possibly, although I dont use custombuild as the first time i used it after a rebuild of the OS, my server was basically messed up, and wasn't long before it was hacked and brought down to such a state that i or the server provider couldnt get it to work or retrieve anything off it lol

Such a waste of my time that was... had about 2 hrs sleep the night it died because had to rebuild again, set everything back up, get some old backups uploaded and get things going again. Managed it but was not impressed.

excuse the rant there and its in no way meant to be sound nasty... It just didnt work for me and as someone who has a normal 9-5 job and does this on the side, i cant afford for these things to happen you see.

But back on topic, I believe you could use this script alongside.

I do with customapache, but hopefully Wael will answer for you too.

As they both do different stuff, its a useful thing

Regards
Nath

 

[Gregory]

Great script, just a question.

I did setup mod_security reload the apache server and checked all configuration were done as instruction you wrote.

So, my question is, why the SecServerSignature "string" does not change the http header with the name of string but keeps apache ?

Any idea ?

Thanks.