store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Sun Apr 20, 2014 11:52 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 12 posts ] 
Author Message
 Post subject: asl -u giving me mystrious syntax errors
Unread postPosted: Sun Mar 18, 2012 1:12 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2007
I've not updated the rules on one of our systems for a while for various reasons.

When I got round to doing it today, I got this:

Code:
# asl -u
Checking for updates..
  ASL version is current: 3.0.20                           [OK]
  APPINV rules are current: 201201041122                   [OK]
  Updating CLAMAV to 201203161207: updated                 [OK]
  Updating GEOMAP to 201203120943: updated                 [OK]
  Updating MODSEC to 201203161837: updated                 [OK]
    Error: There is a problem with the apache config

       Syntax error on line 490 of /etc/httpd/modsecurity.d/10_asl_rules.conf:
       Error creating rule: Unknown variable: MATCHED_VARS

      Rolling back to the previous update.

  Updating OSSEC to 201203021621: updated                  [OK]




Code:
# asl -s -f
(stuff -- nothing bad)




Code:
# asl -u
Checking for updates..
  ASL version is current: 3.0.20                           [OK]
  APPINV rules are current: 201201041122                   [OK]
  CLAMAV rules are current: 201203161207                   [OK]
  GEOMAP rules are current: 201203120943                   [OK]
  MODSEC rules are current: 201203161837                   [OK]
  OSSEC rules are current: 201203021621                    [OK]



Apache starts fine. No problems.

Incidentally, the asl/asl-web version is 3.0.20-2 -- there's no 3.0.21 for Centos 4 x86_64

Any ideas about what's going on here? Have the rules updated or not? What caused the error?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Sun Mar 18, 2012 1:33 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
What is on line 490 of /etc/httpd/modsecurity.d/10_asl_rules.conf? On one server I checked that line contains MATCHED_VAR, but not MATCHED_VARS.

ASL 3.0.21 hasn't been released to the stable channel yet. Also CentOS 4 has recently reached End of Life, so you might want look into migrating to a supported OS.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Sun Mar 18, 2012 6:56 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
Quote:
Syntax error on line 490 of /etc/httpd/modsecurity.d/10_asl_rules.conf:
Error creating rule: Unknown variable: MATCHED_VARS


That means the version of modsecurity you have installed is out of date. The rule is correct, you need to upgrade mod_security. If ASL is set to UPDATE_TYPE="all" it will do this automatically. If you have this disabled, then you need to manually upgrade mod_security.

Quote:
Incidentally, the asl/asl-web version is 3.0.20-2 -- there's no 3.0.21 for Centos 4 x86_64


Centos 4 is not supported, it is EOL.

EOL notice from Centos:

http://wiki.centos.org/FAQ/General#head ... dde5b75e6d

FAQ on supported OSes:

https://www.atomicorp.com/wiki/index.ph ... support.3F

"Please note that when an operating system or distribution is no longer supported by the vendor we also no longer support that operating system (unless you have an extended support contract from us, for that platform). "

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Mon Mar 19, 2012 11:58 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2007
This doesn't quite make sense.

I have UPDATE_TYPE="all" on all my systems.

In any case, is the updated mod_sec not an RPM that would get listed along with asl and asl-web when I run "yum list updates" ? There's nothing there.

Code:
# rpm -qa mod_security
mod_security-2.5.13-2.el4.art


@breun: No point checking what's on that line, as the rules were rolled back :-( I have no idea what rulset I'm really running now.

Yes, I'm aware EL4 is EOL. We will be EL6 shortly. But right now we are still EL4

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Mon Mar 19, 2012 12:51 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
EL4 is not supported, as you may know the Centos project End of Lifed it on February 29th, so are very unlikely to see any updates from us for that platform. A lot of things just do not work with it anymore, they won't build correctly and there are no bug or security fixes from the Vendor(s) anymore. If we could build 2.6.4 (we we can not on el4, it just wont build anymore), we would, but its not supported.

Here is the official announcement from Centos:

http://lists.centos.org/pipermail/cento ... 18462.html

Per our support policy, here:

https://www.atomicorp.com/wiki/index.ph ... ing_system

"We support versions of operating systems per the list above. Specifically, we only support operating systems which are still supported by the vendor.

We do this because of the serious security issues associated with running an operating system that is no longer supported, as well as the problems associated with lack of bug fixes for platforms that have been abandoned by their Vendors. For example, if a serious vulnerability were to be discovered in openssh and there was no patch for your system, ASL may not be able to protect your system adequately. Some vulnerabilities are beyond even our capabilities to defend against. We are always looking out for your security - and unsupported OSes are a serious risk to operate."

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Tue Mar 20, 2012 1:37 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2007
This isn't how the world works, and by taking that into account you can get more happy customers.

I was not expecting ASL for EL4 to go EOL on the 29th of Feb just because EL4 did, especially with no notifications and no warnings. Indeed, ASL on EL4 would be absolutely fine if there hadn't happened to have been an incompatible mod_sec update. There's one line in one file that's causing a problem as far as I can tell?

My suggestion is therefore to keep supporting EL4 for a little while. A month, say. It isn't going to add any strain given that you were doing exactly that 20 days ago. In the meantime, send out a note to customers to say that now that EL4 is EOL, ASL for EL4 is going to EOL on such and such a date.

In this way, you don't have to do anything you weren't doing 20 days ago, and everybody still in the process of migrating get covered.

I'm not saying you should do this if, say, this new mod_sec needs package foobar42 which isn't available for EL4 and won't compile without X, Y or Z. That would be a pain. Not worth the bother. I'm just saying that if you can, and it is no skin off your nose, you should. Please?

And remember: All Your Turtles Are Belong To Us (tm).

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Tue Mar 20, 2012 2:44 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
faris wrote:
This isn't how the world works


I'd say this is exactly how the world works. Especially if you're serious about your online business and its security. I'd be grateful to Scott for building mod_security 2.6.4 for EL4 after the EOL date and get myself a new system ready to migrate to ASAP if I were you.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Tue Mar 20, 2012 5:41 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2007
We scheduled the upgrade for *last* Easter :-) Unfortunately it just could not happen then, and in a way I'm glad because EL6 and Plesk 10 have only recently matured enough to be useful.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Tue Mar 20, 2012 5:55 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
Quote:
I'd be grateful to Scott for building mod_security 2.6.4 for EL4 after the EOL date and get myself a new system ready to migrate to ASAP if I were you.


mod_security 2.6.4 for el4 is available, however you can not use the Plesk WAF. It is not possible to build a working mod_security for that component on el4 any more. Please upgrade to a supported OS if you want to use that component.

And our support policy has always been made available on our website, along with when we stop supporting a platform:

https://www.atomicorp.com/wiki/index.ph ... ing_system

Which has always been to only support a platform as long as the vendor supports it. As soon as the vendor stops supporting it, our policy is to do the same. As that means the vendor will no longer be releasing any security fixes - thats a critical issue for us. We never want a customer to be left with a false sense of security. As wonderful as we try to make our products, patching is still an important part of system security. And once the vendor gives up on the system, that means patches will no longer be made available for any security issues (or bug fixes, which is also a problem for any product). And from a security perspective we believe you should not use a system that is no longer supported by the vendor.

We do our best to continue to make updates available for unsupported platforms, but we can't guarantee that will be able to do that either. If the vendor will also no longer fix bugs that impair proper performance of our products, we do not want you to be left with a broken product. Nor can we guarantee that that we can release updates to meet the increasing needs of the evolving security threats our products are designed to combat if the vendor will not fix bugs either.

We wish we could support products forever, but there is a finite limit on the lifetime for any given product, and as a rule if the vendor EOLs a product, we EOL support on the same day.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Tue Mar 20, 2012 6:50 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2007
mikeshinn wrote:
mod_security 2.6.4 for el4 is available, however you can not use the Plesk WAF. It is not possible to build a working mod_security for that component on el4 any more. Please upgrade to a supported OS if you want to use that component.


That's exactly what I'm talking about. Don't do stuff that's hard for an EOL OS (Plesk WAF), but where possible and not too much trouble, push out an easy update (mod_sec), but only for a limited time.

*** Thanks to Scott and Mike for doing this ***

Regarding the support policy on the website -- it isn't enough. We're talking users/customers here. They have to be TOLD. Loudly :-) In capitals. Several times. Including by blog post/facebook/tweet - and also by email and for that you have to read their minds to find their current email address since the one they gave at registration may no longer valid.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Tue Mar 20, 2012 7:05 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
Quote:
and also by email and for that you have to read their minds to find their current email address since the one they gave at registration may no longer valid.


LOL, I'll go see about finding a psychic. :-P

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: asl -u giving me mystrious syntax errors
Unread postPosted: Thu Mar 22, 2012 8:03 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2007
And as it to illustrate the EL4 support nightmare for Scott and Mike.....

Now that an updated mod_sec has been added to the EL4 repo (along with asl and asl-web) I thought I'd do an asl -u, but unfortunately tortixd 2.2.22 is required by the newer asl-web:

Code:
Error: Missing Dependency: tortixd >= 2.2.22 is needed by package asl-web


I presume a simple solution is to change my config file to update "rules-only" only, not "all"? In this way it won't try to update asl/asl-web and all will be well?

EDITED: answering my own question, the answer is indeed yes :-)

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group