tkalfaoglu
Silver Pleskian
I today I did an aum -u and enabled the modsecurity basic ruleset.
Afterwards httpd would not start, complaining that every rule ID in
50_plesk_basic_asl_rules.conf
was a duplicate. After commenting out some rules I sensed it as ALL duplicates and renamed the file to "*.bad" and the madness stopped.
I did a grep and found these:
[root@pluto httpd]# grep -ir "SecRule REQUEST_URI|REQUEST_COOKIES|" *
conf/modsecurity.d/rules/tortix.backup/modsec/50_plesk_basic_asl_rules.conf:SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf.bad:#SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
[root@pluto httpd]# pwd
/etc/httpd
Apparently the tortix.backup directory is also parsed?
What shall I do, delete the backup directory?
Afterwards httpd would not start, complaining that every rule ID in
50_plesk_basic_asl_rules.conf
was a duplicate. After commenting out some rules I sensed it as ALL duplicates and renamed the file to "*.bad" and the madness stopped.
I did a grep and found these:
[root@pluto httpd]# grep -ir "SecRule REQUEST_URI|REQUEST_COOKIES|" *
conf/modsecurity.d/rules/tortix.backup/modsec/50_plesk_basic_asl_rules.conf:SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf.bad:#SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
[root@pluto httpd]# pwd
/etc/httpd
Apparently the tortix.backup directory is also parsed?
What shall I do, delete the backup directory?