• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Issue Atomic Modsecurity duplicates

tkalfaoglu

tkalfaoglu

Silver Pleskian
I today I did an aum -u and enabled the modsecurity basic ruleset.

Afterwards httpd would not start, complaining that every rule ID in
50_plesk_basic_asl_rules.conf
was a duplicate. After commenting out some rules I sensed it as ALL duplicates and renamed the file to "*.bad" and the madness stopped.

I did a grep and found these:
[root@pluto httpd]# grep -ir "SecRule REQUEST_URI|REQUEST_COOKIES|" *
conf/modsecurity.d/rules/tortix.backup/modsec/50_plesk_basic_asl_rules.conf:SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf.bad:#SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column procedure update set union or = ' -- procedure declare serialize passthru outfile =1 null =2 =3 <=> <> != eval system exec" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,skip:1"
[root@pluto httpd]# pwd
/etc/httpd

Apparently the tortix.backup directory is also parsed?
What shall I do, delete the backup directory?
 
Things got more interesting today.. Feel free to chime in at any time.. The plesk log says:

Error: Failed to update the ModSecurity rule set: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: Signature made Wed Mar 28 23:51:53 2018 +03 using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A 4520 AFA9
TERM environment variable not set.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
https://plesk_global_unpaid:nYk9teL...s/asl-4.0/centos/6/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 401"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Command '/bin/bash < /tmp/tmp4jLEfX/aum' returned non-zero exit status 1
Unable to download tortix rule set
 
Using plesk's installer, I uninstalled modsecurity, verified that all related packages were gone using rpm,
and then attempted to re-install modsecurity using plesk's installer.
It gave an error, and autoinstaller3 had these:



[2018-03-31 23:19:11.547806] Use package source http://autoinstall.plesk.com/NGINX17/dist-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547841] Use package source http://autoinstall.plesk.com/NGINX17/update-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547857] Use package source http://autoinstall.plesk.com/NGINX17/thirdparty-rpm-CentOS-6-x86_64/
[2018-03-31 23:19:11.547910] Info: dynamic components selection was changed, reconfiguring sources.
[2018-03-31 23:19:11.582486] gpg-pubkey-5ebd2744-418ffac9 gpg(Atomic Rocket Turtle <[email protected]>)
gpg-pubkey-914bdf7e-55c05220 gpg(Plesk Team <[email protected]>)
gpg-pubkey-0608b895-4bd22942 gpg(EPEL (6) <[email protected]>)
gpg-pubkey-c105b9de-4e0fd3a3 gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <[email protected]>)
gpg-pubkey-f2ee9d55-560cfc0a gpg(CentOS SoftwareCollections SIG (SpecialInterestGroup/SCLo - CentOS Wiki) <[email protected]>)
gpg-pubkey-4520afa9-50ab914c gpg(Atomicorp (Atomicorp Official Signing Key) <[email protected]>)
gpg-pubkey-f4b85e0f-55c89477 gpg(torproject.org RPM signing key (2015 key))
gpg-pubkey-6b8d79e6-3f49313d gpg(Dag Wieers (Dag Apt Repository v1.0) <[email protected]>)

Getting bootstrapper packages to installation list:
[2018-03-31 23:19:12.783227] skip package 'pp17.5.3-bootstrapper-17.5.3-cos6.build1705170317.16.x86_64' from component panel - same or newer version of this package is already installed (in system pp17.5.3-bootstrapper-17.5.3-cos6.build1705170317.16.x86_64)
[2018-03-31 23:19:12.783273] skip package 'sw-engine-cli-2.21-2.21.0-centos6.201702161518.x86_64' from component panel - same or newer version of this package is already installed (in system sw-engine-cli-2.21-2.21.0-centos6.201702161518.x86_64)
[2018-03-31 23:19:12.783310] Following bootstrapper packages will be installed: (empty)
[2018-03-31 23:19:12.783323] ----------------
[2018-03-31 23:19:12.783334] Getting packages to installation list:
[2018-03-31 23:19:12.783371] Following packages will be installed: mod_security-2.9.0-centos6.17031414.x86_64 plesk-modsecurity-configurator-17.5.3-cos6.build1705170317.16.noarch plesk-modsecurity-crs-17.5.3-centos6.17031414.x86_64
[2018-03-31 23:19:12.783388] ----------------
[2018-03-31 23:19:12.855471] Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot find a valid baseurl for repo: asl-4.0. Trying again.
Could not retrieve mirrorlist file:///etc/asl/asl-4.0-mirrorlist error was
14: Could not open/read file:///etc/asl/asl-4.0-mirrorlist
NGINX-thirdparty | 2.9 kB 00:00
PHP_5_2-thirdparty | 2.9 kB 00:00
PHP_5_3-thirdparty | 2.9 kB 00:00
PHP_5_4-thirdparty | 2.9 kB 00:00
PHP_5_5-thirdparty | 2.9 kB 00:00
PHP_5_6-thirdparty | 2.9 kB 00:00
PHP_7_0-thirdparty | 2.9 kB 00:00
PHP_7_1-thirdparty | 2.9 kB 00:00
PLESK_17_5_3-dist | 2.9 kB 00:00
PLESK_17_5_3-extras | 2.9 kB 00:00
PLESK_17_5_3-extras/primary_db | 28 kB 00:00
PLESK_17_5_3-thirdparty | 2.9 kB 00:00
PLESK_17_NGINX | 2.9 kB 00:00
PLESK_17_NGINX/primary_db | 3.3 kB 00:00
PLESK_17_PHP52 | 2.9 kB 00:00
PLESK_17_PHP52/primary_db | 13 kB 00:00
PLESK_17_PHP53 | 2.9 kB 00:00
PLESK_17_PHP53/primary_db | 13 kB 00:00
PLESK_17_PHP54 | 2.9 kB 00:00
PLESK_17_PHP54/primary_db | 14 kB 00:00
PLESK_17_PHP55 | 2.9 kB 00:00
PLESK_17_PHP55/primary_db | 14 kB 00:00
PLESK_17_PHP56 | 2.9 kB 00:00
PLESK_17_PHP56/primary_db | 14 kB 00:00
PLESK_17_PHP70 | 2.9 kB 00:00
PLESK_17_PHP70/primary_db | 14 kB 00:00
PLESK_17_PHP71 | 2.9 kB 00:00
PLESK_17_PHP71/primary_db | 14 kB 00:00
SITEBUILDER_17_0_15-dist | 2.9 kB 00:00
SITEBUILDER_17_0_15-thirdparty | 2.9 kB 00:00
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again. Trying again.
Failed to install mod_security@x86_64:
Number of retries is exceeded.
RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot find a valid baseurl for repo: asl-4.0. Trying again.
Failed to install mod_security@x86_64:
Error while downloading packages metainfo: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again. Trying again.
Failed to install mod_security@x86_64:
Number of retries is exceeded.
Traceback (most recent call last):
File "/usr/local/psa/bin/yum_install", line 239, in <module>
main()
File "/usr/local/psa/bin/yum_install", line 225, in main
inst, rem = installer.resolve(to_install, opts.remove, opts.tries)
File "/usr/local/psa/bin/yum_install", line 133, in resolve
self._iremove(to_install, to_remove)
File "/usr/local/psa/bin/yum_install", line 95, in _iremove
if self.install(**self._package2pkgdict(p)):
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 3584, in install
pkgs = self.pkgSack.searchNevra(name=nevra_dict['name'],
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 907, in <lambda>
pkgSack = property(fget=lambda self: self._getSacks(),
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 687, in _getSacks
self.repos.populateSack(which=repos)
File "/usr/lib/python2.6/site-packages/yum/repos.py", line 324, in populateSack
sack.populate(repo, mdtype, callback, cacheonly)
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 165, in populate
if self._check_db_version(repo, mydbtype):
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 223, in _check_db_version
return repo._check_db_version(mdtype)
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1263, in _check_db_version
repoXML = self.repoXML
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1462, in <lambda>
repoXML = property(fget=lambda self: self._getRepoXML(),
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1458, in _getRepoXML
raise Errors.RepoError, msg
RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: asl-4.0. Please verify its path and try again
Error: The Yum utility failed to install the required packages.
 
You must log in or register to reply here.

Similar threads

F
Question Add SecRule to Apache
Replies
0
Views
763
Filipe Silva
F
Back
Top