store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Oct 30, 2014 12:37 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Syntax error with tortixd
Unread postPosted: Fri Mar 16, 2012 7:59 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Jan 21, 2012 6:37 pm
Posts: 109
Location: Canada
Reloading tortixd: not reloading due to configuration syntax error

I seem to have this though...


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Fri Mar 16, 2012 9:22 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Jan 21, 2012 6:37 pm
Posts: 109
Location: Canada
I had t comment out this line
#LoadModule security2_module modules/mod_security2.so

in /var/asl/etc/httpd/conf.d/00_mod_security.conf

was getting an error about ap_banner something... that was in the mod_security2.so file?

tortixd was dieing off and not reloading itself.


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Sat Mar 17, 2012 1:15 am 
Offline
Forum Regular
Forum Regular

Joined: Sat Jan 21, 2012 6:37 pm
Posts: 109
Location: Canada
This is the exact error I was having.
/etc/cron.hourly/asl:

Stopping tortixd: [ OK ]
Starting tortixd: tortixd: Syntax error on line 211 of /var/asl/etc//httpd/conf/tortixd.conf: Syntax error on line 3 of /var/asl/etc/httpd/conf.d/00_mod_security.conf: Cannot load /var/asl/etc/httpd/modules/mod_security2.so into server: /var/asl/etc/httpd/modules/mod_security2.so: undefined symbol: ap_get_server_banner
[FAILED]


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Sat Mar 17, 2012 6:42 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 15, 2012 5:52 pm
Posts: 51
Location: United States
Now another problem. After reinstalling a new server with cPanel and ASL (updated to 3.0.21), foo test seems to be working most of the time (returning 403). However, ASL does not shun the attacking IP, or add an attack entry. Of course, three purposes of ASL are to shun attackers, show attack details, and show the number of attacks.

Other OSSEC entries are shown, just no attacks.

Can anyone help us figure out how to get ASL to do these things?

Thanks,

Mark


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Sun Mar 18, 2012 6:59 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
Quote:
Stopping tortixd: [ OK ]
Starting tortixd: tortixd: Syntax error on line 211 of /var/asl/etc//httpd/conf/tortixd.conf: Syntax error on line 3 of /var/asl/etc/httpd/conf.d/00_mod_security.conf: Cannot load /var/asl/etc/httpd/modules/mod_security2.so into server: /var/asl/etc/httpd/modules/mod_security2.so: undefined symbol: ap_get_server_banner


That sounds like the wrong version of mod_security is on the box, what is output of these commands:

asl -v

yum list upgrades

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Sun Mar 18, 2012 7:01 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 15, 2012 5:52 pm
Posts: 51
Location: United States
Ours seems okay now...shunning and logging properly. Not sure why it didn't before.


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Mon Mar 19, 2012 9:34 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7945
Location: earth
thats an older version of tortix-waf there, just upgrade to the latest from the -testing channel.

Also remember that -testing builds change frequently and often, if you are using a -testing build because we asked you to, the best place to respond is in the Case thread we started for it. Otherwise testing builds are not supported.


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Mon Mar 19, 2012 4:26 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Jan 21, 2012 6:37 pm
Posts: 109
Location: Canada
mikeshinn wrote:
Quote:
Stopping tortixd: [ OK ]
Starting tortixd: tortixd: Syntax error on line 211 of /var/asl/etc//httpd/conf/tortixd.conf: Syntax error on line 3 of /var/asl/etc/httpd/conf.d/00_mod_security.conf: Cannot load /var/asl/etc/httpd/modules/mod_security2.so into server: /var/asl/etc/httpd/modules/mod_security2.so: undefined symbol: ap_get_server_banner


That sounds like the wrong version of mod_security is on the box, what is output of these commands:

asl -v

yum list upgrades



ASL Version 3.0.21: CentOS 5 (SUPPORTED)

and for yum:Error: No matching Packages to list

Basically after I remmed out that loadmodule line Tortixd started fine. not sure whats up with that. :|

the gui in this test build has some problems also. Although besides that things seem to be working which was my main concern. Basically pushing the FIX button runs asl -s -f but I just get a blank box after. Doesn't look like it runs. I can run it from the command line no problem for now so not too much of an issue right now. asl -u from the gui doesn't work either same issue. But I can run also from the command line. asl -u from the gui doesn't actually do the updates either so I have to run it from the command line.

Shawn


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Tue Mar 20, 2012 6:03 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
3.0.21 stable was pushed out yesterday, can you upgrade to the stable release?

yum upgrade asl asl-web

asl -s -f

asl -uf

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Tue Mar 20, 2012 6:09 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 15, 2012 5:52 pm
Posts: 51
Location: United States
If we're in the test channel (which we switched to to get 3.0.21), how do we switch back to the standard release channel and update to 3.0.21 stable?

Thanks.


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Tue Mar 20, 2012 6:27 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Jan 21, 2012 6:37 pm
Posts: 109
Location: Canada
mikeshinn wrote:
3.0.21 stable was pushed out yesterday, can you upgrade to the stable release?

yum upgrade asl asl-web

asl -s -f

asl -uf


Wondering same as Mark, I run that I get no packages available.

if I run yum list updates I get this

asl-php.x86_64 5.4.0-0.6.el5.art asl-3.0
asl-php-cli.x86_64 5.4.0-0.6.el5.art asl-3.0
asl-php-common.x86_64 5.4.0-0.6.el5.art asl-3.0
asl-php-gd.x86_64 5.4.0-0.6.el5.art asl-3.0
asl-php-mysql.x86_64 5.4.0-0.6.el5.art asl-3.0
asl-php-pdo.x86_64 5.4.0-0.6.el5.art asl-3.0
tortix-waf.x86_64 2.6.4-1.el5.art asl-3.0

Should I update these?

is PHP 5.4 needed anyway? I guess the tortix-waf may be why I'm having that other issue though.

Shawn


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Tue Mar 20, 2012 6:41 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
The asl-php packages are used by ASL, they have nothing to do with the systems PHP, if asl needs them it will upgrade them otherwise dont upgrade any asl packages unless asl needs them. One thing to point out use the keyword upgrade and upgrades, not update or updates when upgrading ASL. Please see the documentation if you are not sure how to upgrade ASL:

https://www.atomicorp.com/wiki/index.php/Upgrading_ASL

ASL will automatically upgrade itself by default (unless you disable this, if you dont know if you disabled this check the UPDATE_TYPE setting, if its set to "all" ASL will upgrade itself). So you may already have 3.0.21 stable. In which case your issue may already be resolved. So lets find out if it is, and what version of ASL do you have installed, can you provide the output of this command:

asl -v

If you have 3.0.21, please send the output of these commands:

yum upgrade asl asl-web

yum list upgrades

/etc/init.d/tortixd restart

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: After install ASL on Cpanel all sites get slow...
Unread postPosted: Tue Mar 20, 2012 6:43 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
Quote:
If we're in the test channel (which we switched to to get 3.0.21), how do we switch back to the standard release channel and update to 3.0.21 stable?


If you just used the "enablerepo" switch, nothing. If you manually changed the yum repo files, then you need to disable the testing repo entry (and make sure stable is enabled).

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Syntax error with tortixd
Unread postPosted: Tue Mar 20, 2012 6:58 pm 
Offline
Forum User
Forum User

Joined: Thu Mar 15, 2012 5:52 pm
Posts: 51
Location: United States
Hi,

I used this command:

Code:
yum --enablerepo=asl-3.0-testing upgrade asl asl-web


So I'm not sure what to do from here.

Thanks,

Mark


Top
 Profile  
 
 Post subject: Re: Syntax error with tortixd
Unread postPosted: Tue Mar 20, 2012 7:06 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3661
Location: Chantilly, VA
Use this command:

yum upgrade asl asl-web

ASL will upgrade itself automatically by default, and 3.0.21 came out yesterday so its possible you are already running it. You can see what you are running with this command:

asl -v

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot] and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group