Issue Accidentally delete /etc/asl/ directory

[Jo.H]

Hi,

I accidentally delete /etc/asl/ directory on my debian 8 server. Tried to reinstall the mod_security component but it doesn't work.

Thx

 

[Jo.H]

Sorry guys i forgot to ask a question....

How can i generate a new directory as it was? If not what can i do?

Thx

 

[IgorG]

Try to fix it with

# apt-get install aum

 

[Jo.H]

Try to fix it with

# apt-get install aum

Hi,
Thx Igor for your reply.... but it didn't work. It helped me to find a way! It was messy... This is what i did

1.Uninstall the plesk 12.5 addon

2. Uninstall and purge
#sudo apt-get remove --purge aum

3.Install aum
#sudo apt-get update
#sudo apt-get install aum

4.Configure it
#/var/asl/lib/modules/configuration_setup.sh (don't know if it's necessary) ##(only rules)
#/var/asl/bin/aum -uf

5. Reinstall Plesk 12.5 Modsecurity addon

Now i just have this issue like it was in August with the KB129494. Every hour i receive this mail :

#run-parts: /etc/cron.hourly/asl exited with return code 126

I made the changes in the /etc/asl/config
APACHE_RESTART_COMMAND="/etc/init.d/apache2 restart"

But let
REPUTATION_REPORT="yes" (the normal behavior)


aum is the 4.0.19-40 but the version detected in /etc/asl/VERSION is
ASL_VERSION=4.0.19-37

How can i find a normal behavior of modsecurity??
In the /etc/asl/config file do i have to enter specific user and password??

Thx

 

[UFHH01]

Hi Jo.H,

How can i find a normal behavior of modsecurity??

I suggest the following way:

1. apt-get remove --purge aum
2. /usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --remove-component modsecurity
   
3. rmdir /etc/asl ( might not be necessary... just to be sure, that all is deleted! If you experience issues here, consider to remove possible existent content INSIDE that folder and retry the command! )
4. /usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component modsecurity
   
5. Plesk Control Panel: Go to => Home > Tools & Settings > Web Application Firewall ( Pls. see the additional screenshot for further explanations! )
6. apt-get update
7. apt-get upgrade ( or, if you only would like to upgrade ModSecurity, then pls. use: apt-get install --only-upgrade aum )

Additional informations, as screenshot ( see 5. above ):

​

Pls. report possible issues, when you follow my suggestion and pls. don't forget to list your steps before the issues appear.

 

[Jo.H]

Hi,

Thx UFHH01 for your answer. It seems that is no mail from cron for 1 hour.

So i tried your solution. This is what happenned !

• apt-get remove --purge aum

• /usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --remove-component modsecurity

• rmdir /etc/asl ( might not be necessary... just to be sure, that all is deleted! If you experience issues here, consider to remove possible existent content INSIDE that folder and retry the command! )

Steps 1 to 3 everything ok. Except that --purge didn't delete /etc/asl/ and /var/asl/ so i made it manually:

# rm -RIf /etc/asl /var/asl #I backed them up before

Everything seems clean except in /etc/apache2/conf_enabled/00_modsecurity.conf . This file risks to blow things up when apache restarts ! (i know... ). Remove it or comment every line in it to keep temporarily the paths inside (the file should be regenerated after).

• /usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component modsecurity

• Plesk Control Panel: Go to => Home > Tools & Settings > Web Application Firewall ( Pls. see the additional screenshot for further explanations! )

Steps 4 & 5 : Installation succeded, start the module in Detection only mode for Atomic basic Modsecurity OK . But with no /etc/asl and no /var/asl directories
Weird!!

apt-get install --only-upgrade aum

It told that it can't update it's not installed.
---> Plesk autoinstaller should install aum ! No?

I stopped ModSecurity with Plesk Control Panel: in Home > Tools & Settings > Web Application Firewall --> off

• I installed aum manually:

# apt-get update
# apt-get install aum #Version aum 4.0.19-40

• Configuration process

#/var/asl/bin/aum -uf

The first time you have to give a USER and a PASSWORD (specific it seems -> available in this file posted on Plesk forum) and choose rules only, update daily.

• Modify /etc/asl/config

# nano /etc/asl/config
To modify only:
APACHE_RESTART_COMMAND="/etc/init.d/httpd restart" ----> APACHE_RESTART_COMMAND="/etc/init.d/apache2 restart"

• Configuration process again

#/var/asl/bin/aum -uf

• Start ModSecurity

I started ModSecurity with Plesk Control Panel: in Home > Tools & Settings > Web Application Firewall --> Detection Only #To test before production


Everything looks good. I'm waiting for the next backup and log rotation to be sure !

Thx guys!!

 

[UFHH01]

Hi Jo.H,

But with no /etc/asl and no /var/asl directories
Weird!!

hm... yes... this should not happen. If you would like to investigate this issue, pls. consider to see the depending log - files ( psa ):

Plesk for Linux services logs and configuration files ( KB - article: 111 283 )​

... but you still continued with the correct solution and there shouldn't be any problem now. If, for what ever reason, you experience issues now, pls. don't hesite to post some depending - log - files for further investigations.