• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Bug with Plesk's Modsecurity v2.9.3

Wiz

Basic Pleskian
TITLE:
Bug with Plesk's Modsecurity v2.9.3
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Obsidian Version 18.0.19, Debian 9, amd64, libapache2-modsecurity-plesk_2.9.3-v.debian.9+p18.0.19.3+t191002.1251
PROBLEM DESCRIPTION:
Hello,

I wish to report a bug, and the fix, in the current released version of Plesk's modsecurity package version which is causing a segmentation fault in apache under Plesk Obsidian/Debian 9.

/var/log/apache2# apt-cache policy libapache2-modsecurity-plesk
libapache2-modsecurity-plesk:
Installed: 2.9.3-v.debian.9+p18.0.19.3+t191002.1251
Candidate: 2.9.3-v.debian.9+p18.0.19.3+t191002.1251
Version table:
*** 2.9.3-v.debian.9+p18.0.19.3+t191002.1251 500
500 http://autoinstall.plesk.com/pool/PSA_18.0.19_1013 stretch/all amd64 Packages
500 http://autoinstall.plesk.com/pool/PSA_18.0.19_1013 stretch/extras amd64 Packages
100 /var/lib/dpkg/status

The fix/patch has already been committed to SpiderLabs/ModSecurity and Plesk needs to recompile libapache2-modsecurity-plesk to v2.9.4 and release it via Obsidian's update channel.

Please share the above with your developers so it is actioned as soon as possible as I am unable to use my custom modsecurity rules due to this.

Thank you.

Wiz​
STEPS TO REPRODUCE:
The fault is caused when using 'SecRemoteRules' in custom modsecurity rules - ref: SecRemoteRules (2.9.3) - Segfault · Issue #1982 · SpiderLabs/ModSecurity
ACTUAL RESULT:
Code:
systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-10-16 16:37:49 +04; 2s ago
Process: 14963 ExecStop=/usr/sbin/apachectl stop (code=exited, status=139)
Process: 14980 ExecStart=/usr/sbin/apachectl start (code=exited, status=139)

Oct 16 16:37:48 xx.xxxxxx.xx systemd[1]: Starting The Apache HTTP Server...
Oct 16 16:37:49 xx.xxxxxx.xx apachectl[14980]: Segmentation fault
Oct 16 16:37:49 xx.xxxxxx.xx apachectl[14980]: Action 'start' failed.
Oct 16 16:37:49 xx.xxxxxx.xx apachectl[14980]: The Apache error log may have more information.
Oct 16 16:37:49 xx.xxxxxx.xx systemd[1]: apache2.service: Control process exited, code=exited status=139
Oct 16 16:37:49 xx.xxxxxx.xx systemd[1]: Failed to start The Apache HTTP Server.
Oct 16 16:37:49 xx.xxxxxx.xx systemd[1]: apache2.service: Unit entered failed state.
Oct 16 16:37:49 xx.xxxxxx.xx systemd[1]: apache2.service: Failed with result 'exit-code'.

journalctl -xe
Oct 16 16:37:48 xx.xxxxxx.xx systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit apache2.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apache2.service has begun starting up.
Oct 16 16:37:49 xx.xxxxxx.xx apachectl[14980]: Segmentation fault
Oct 16 16:37:49 xx.xxxxxx.xx apachectl[14980]: Action 'start' failed.
Oct 16 16:37:49 xx.xxxxxx.xx apachectl[14980]: The Apache error log may have more information.
Oct 16 16:37:49 xx.xxxxxx.xx kernel: apache2[14983]: segfault at 38 ip 00007fc00fb6d0a8 sp 00007ffcab7d8ce0 error 4 in mod_security2.so[7fc00fb03000+b5000]
Oct 16 16:37:49 xx.xxxxxx.xx systemd[1]: apache2.service: Control process exited, code=exited status=139
Oct 16 16:37:49 xx.xxxxxx.xx systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit apache2.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apache2.service has failed.
--
-- The result is failed.
Oct 16 16:37:49 xx.xxxxxx.xx systemd[1]: apache2.service: Unit entered failed state.
Oct 16 16:37:49 xx.xxxxxx.xx systemd[1]: apache2.service: Failed with result 'exit-code'.

Error log via the gui:

modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id Enabling module security2. To activate the new configuration, you need to run: systemctl restart apache2 Module unique_id already enabled INFO: [Wed Oct 16 15:05:50 +04 2019]: Service: apache2, Action: start Trying to start service apache2... failed Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: Starting The Apache HTTP Server... Oct 16 15:05:50 xx.xxxxxx.xx apachectl[13859]: Segmentation fault Oct 16 15:05:50 xx.xxxxxx.xx apachectl[13859]: Action 'start' failed. Oct 16 15:05:50 xx.xxxxxx.xx apachectl[13859]: The Apache error log may have more information. Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: apache2.service: Control process exited, code=exited status=139 Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: Failed to start The Apache HTTP Server. Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: apache2.service: Unit entered failed state. Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: apache2.service: Failed with result 'exit-code'. ***** problem report ***** start service apache2 /opt/psa/admin/sbin/pleskrc execution failed: Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details. /opt/psa/admin/sbin/pleskrc execution failed: Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.

PleskUtilException
Message modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id Enabling module security2. To activate the new configuration, you need to run: systemctl restart apache2 Module unique_id already enabled INFO: [Wed Oct 16 15:05:50 +04 2019]: Service: apache2, Action: start Trying to start service apache2... failed Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: Starting The Apache HTTP Server... Oct 16 15:05:50 xx.xxxxxx.xx apachectl[13859]: Segmentation fault Oct 16 15:05:50 xx.xxxxxx.xx apachectl[13859]: Action 'start' failed. Oct 16 15:05:50 xx.xxxxxx.xx apachectl[13859]: The Apache error log may have more information. Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: apache2.service: Control process exited, code=exited status=139 Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: Failed to start The Apache HTTP Server. Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: apache2.service: Unit entered failed state. Oct 16 15:05:50 xx.xxxxxx.xx systemd[1]: apache2.service: Failed with result 'exit-code'. ***** problem report ***** start service apache2 /opt/psa/admin/sbin/pleskrc execution failed: Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details. /opt/psa/admin/sbin/pleskrc execution failed: Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
File Agent.php
Line 210
EXPECTED RESULT:
Code:
systemctl status apache2.service
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-10-16 16:23:31 +04; 8min ago
  Process: 8148 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
  Process: 2293 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 2328 (apache2)
    Tasks: 153 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─2328 /usr/sbin/apache2 -k start
           ├─8164 /usr/sbin/apache2 -k start
           ├─8165 /usr/sbin/apache2 -k start
           ├─8167 Passenger watchdog
           ├─8170 Passenger core
           ├─8191 /usr/sbin/apache2 -k start
           └─8226 /usr/sbin/apache2 -k start

Oct 16 16:23:30 xx.xxxxxx.xx systemd[1]: Starting The Apache HTTP Server...
Oct 16 16:23:31 xx.xxxxxx.xx systemd[1]: Started The Apache HTTP Server.
Oct 16 16:23:55 xx.xxxxxx.xx systemd[1]: Reloading The Apache HTTP Server.
Oct 16 16:23:56 xx.xxxxxx.xx systemd[1]: Reloaded The Apache HTTP Server.
Oct 16 16:30:27 xx.xxxxxx.xx systemd[1]: Reloading The Apache HTTP Server.
Oct 16 16:30:27 xx.xxxxxx.xx systemd[1]: Reloaded The Apache HTTP Server.

Oct 16 16:30:27 xx.xxxxxx.xx systemd[1]: Reloading The Apache HTTP Server.
-- Subject: Unit apache2.service has begun reloading its configuration
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apache2.service has begun reloading its configuration
Oct 16 16:30:27 xx.xxxxxx.xx systemd[1]: Reloaded The Apache HTTP Server.
-- Subject: Unit apache2.service has finished reloading its configuration
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit apache2.service has finished reloading its configuration
--
-- The result is done.
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Back
Top