• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Issue Atomic Modsecurity duplicates

tkalfaoglu

tkalfaoglu

Silver Pleskian
I today I did an aum -u and enabled the modsecurity basic ruleset.

Afterwards httpd would not start, complaining that every rule ID in
50_plesk_basic_asl_rules.conf
was a duplicate. After commenting out some rules I sensed it as ALL duplicates and renamed the file to "*.bad" and the madness stopped.

I did a grep and found these:
[root@pluto httpd]# grep -ir "SecRule REQUEST_URI|REQUEST_COOKIES|" *
conf/modsecurity.d/rules/tortix.backup/modsec/50_plesk_basic_asl_rules.conf:SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf.bad:#SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
[root@pluto httpd]# pwd
/etc/httpd

Apparently the tortix.backup directory is also parsed?
What shall I do, delete the backup directory?
 
Things got more interesting today.. Feel free to chime in at any time.. The plesk log says:

Error: Failed to update the ModSecurity rule set: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: Signature made Wed Mar 28 23:51:53 2018 +03 using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A 4520 AFA9
TERM environment variable not set.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Command '/bin/bash < /tmp/tmp4jLEfX/aum' returned non-zero exit status 1
Unable to download tortix rule set
 
Using plesk's installer, I uninstalled modsecurity, verified that all related packages were gone using rpm,
and then attempted to re-install modsecurity using plesk's installer.
It gave an error, and autoinstaller3 had these:



[2018-03-31 23:19:11.547806] Use package source http://autoinstall.plesk.com/NGINX17/dist-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547841] Use package source http://autoinstall.plesk.com/NGINX17/update-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547857] Use package source http://autoinstall.plesk.com/NGINX17/thirdparty-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547910] Info: dynamic components selection was changed, reconfiguring sources.
[2018-03-31 23:19:11.582486] gpg-pubkey-5ebd2744-418ffac9 gpg(Atomic Rocket Turtle <[email protected]>)
gpg-pubkey-914bdf7e-55c05220 gpg(Plesk Team <[email protected]>)
gpg-pubkey-0608b895-4bd22942 gpg(EPEL (6) <[email protected]>)
gpg-pubkey-c105b9de-4e0fd3a3 gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <[email protected]>)
gpg-pubkey-f2ee9d55-560cfc0a gpg(CentOS SoftwareCollections SIG (SpecialInterestGroup/SCLo - CentOS Wiki) <[email protected]>)
gpg-pubkey-4520afa9-50ab914c gpg(Atomicorp (Atomicorp Official Signing Key) <[email protected]>)
gpg-pubkey-f4b85e0f-55c89477 gpg(torproject.org RPM signing key (2015 key))
gpg-pubkey-6b8d79e6-3f49313d gpg(Dag Wieers (Dag Apt Repository v1.0) <[email protected]>)

Getting bootstrapper packages to installation list:
[2018-03-31 23:19:12.783227] skip package 'pp17.5.3-bootstrapper-17.5.3-cos6.build1705170317.16.x86_64' from component panel - same or newer version of this package is already installed (in system pp17.5.3-bootstrapper-17.5.3-cos6.build1705170317.16.x86_64)
[2018-03-31 23:19:12.783273] skip package 'sw-engine-cli-2.21-2.21.0-centos6.201702161518.x86_64' from component panel - same or newer version of this package is already installed (in system sw-engine-cli-2.21-2.21.0-centos6.201702161518.x86_64)
[2018-03-31 23:19:12.783310] Following bootstrapper packages will be installed: (empty)
[2018-03-31 23:19:12.783323] ----------------
[2018-03-31 23:19:12.783334] Getting packages to installation list:
[2018-03-31 23:19:12.783371] Following packages will be installed: mod_security-2.9.0-centos6.17031414.x86_64 plesk-modsecurity-configurator-17.5.3-cos6.build1705170317.16.noarch plesk-modsecurity-crs-17.5.3-centos6.17031414.x86_64
[2018-03-31 23:19:12.783388] ----------------
[2018-03-31 23:19:12.855471] Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot find a valid baseurl for repo: asl-4.0. Trying again.
Could not retrieve mirrorlist file:///etc/asl/asl-4.0-mirrorlist error was
14: Could not open/read file:///etc/asl/asl-4.0-mirrorlist
NGINX-thirdparty | 2.9 kB 00:00
PHP_5_2-thirdparty | 2.9 kB 00:00
PHP_5_3-thirdparty | 2.9 kB 00:00
PHP_5_4-thirdparty | 2.9 kB 00:00
PHP_5_5-thirdparty | 2.9 kB 00:00
PHP_5_6-thirdparty | 2.9 kB 00:00
PHP_7_0-thirdparty | 2.9 kB 00:00
PHP_7_1-thirdparty | 2.9 kB 00:00
PLESK_17_5_3-dist | 2.9 kB 00:00
PLESK_17_5_3-extras | 2.9 kB 00:00
PLESK_17_5_3-extras/primary_db | 28 kB 00:00
PLESK_17_5_3-thirdparty | 2.9 kB 00:00
PLESK_17_NGINX | 2.9 kB 00:00
PLESK_17_NGINX/primary_db | 3.3 kB 00:00
PLESK_17_PHP52 | 2.9 kB 00:00
PLESK_17_PHP52/primary_db | 13 kB 00:00
PLESK_17_PHP53 | 2.9 kB 00:00
PLESK_17_PHP53/primary_db | 13 kB 00:00
PLESK_17_PHP54 | 2.9 kB 00:00
PLESK_17_PHP54/primary_db | 14 kB 00:00
PLESK_17_PHP55 | 2.9 kB 00:00
PLESK_17_PHP55/primary_db | 14 kB 00:00
PLESK_17_PHP56 | 2.9 kB 00:00
PLESK_17_PHP56/primary_db | 14 kB 00:00
PLESK_17_PHP70 | 2.9 kB 00:00
PLESK_17_PHP70/primary_db | 14 kB 00:00
PLESK_17_PHP71 | 2.9 kB 00:00
PLESK_17_PHP71/primary_db | 14 kB 00:00
SITEBUILDER_17_0_15-dist | 2.9 kB 00:00
SITEBUILDER_17_0_15-thirdparty | 2.9 kB 00:00
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again. Trying again.
Failed to install mod_security@x86_64:
Number of retries is exceeded.
RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot find a valid baseurl for repo: asl-4.0. Trying again.
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again. Trying again.
Failed to install mod_security@x86_64:
Number of retries is exceeded.
Traceback (most recent call last):
File "/usr/local/psa/bin/yum_install", line 239, in <module>
main()
File "/usr/local/psa/bin/yum_install", line 225, in main
inst, rem = installer.resolve(to_install, opts.remove, opts.tries)
File "/usr/local/psa/bin/yum_install", line 133, in resolve
self._iremove(to_install, to_remove)
File "/usr/local/psa/bin/yum_install", line 95, in _iremove
if self.install(**self._package2pkgdict(p)):
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 3584, in install
pkgs = self.pkgSack.searchNevra(name=nevra_dict['name'],
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 907, in <lambda>
pkgSack = property(fget=lambda self: self._getSacks(),
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 687, in _getSacks
self.repos.populateSack(which=repos)
File "/usr/lib/python2.6/site-packages/yum/repos.py", line 324, in populateSack
sack.populate(repo, mdtype, callback, cacheonly)
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 165, in populate
if self._check_db_version(repo, mydbtype):
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 223, in _check_db_version
return repo._check_db_version(mdtype)
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1263, in _check_db_version
repoXML = self.repoXML
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1462, in <lambda>
repoXML = property(fget=lambda self: self._getRepoXML(),
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1458, in _getRepoXML
raise Errors.RepoError, msg
RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Error: The Yum utility failed to install the required packages.
 
You must log in or register to reply here.

Similar threads

F
Question Add SecRule to Apache
Replies
0
Views
743
Filipe Silva
F
Back
Top