Issue Error during enabling modsecurity firewall

[fferraro87]

Hi,

when i try to enable modsecurity on my plesk (onyx 17.5.3 last update) i've this error :

ModSecurity: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: Signature made Wed May 24 13:53:48 2017 CEST using RSA key ID 4520AFA9 gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A 4520 AFA9 TERM environment variable not set. aum failed with exitcode 3. stdout: Checking versions ... ASL version is current: package asl is not installed[75G[[1;31m[1;32mPASS[0m[0m] Authorization failed attempting to download an update. The username or password may be invalid, or your license may be expired. Please log in to the License Manager at https://www.atomicorp.com/amember/member.php and verify your account. Further information may be found at: https://www.atomicorp.com/wiki/index.php/ASL_FAQ#HTTP_Error_401:_Authorization_Required. ------------------------------------------------------------------------------- Errors were encountered: L CODE SOURCE MESSAGE - ---- ----------------------------- ------------------------------------------ [1;31m3 303 Core::distributed_update Invalid user credentials [0m172.16.70.6 127.0.0.1 stderr: Unable to download tortix rule set

so i've try to do on console this command (like this post LINK ) said :

/var/asl/bin/aum -uf

but i've this output :

Checking versions ...

    ASL version is current: package asl is not installed              [PASS]
df: `/etc/httpd/conf/modsecurity.d/rules/tortix/modsec': No such file or directory
df: no file systems processed


Authorization failed attempting to download an update.
The username or password may be invalid, or your license may be expired.
Please log in to the License Manager at https://www.atomicorp.com/amember/member.php and verify your account.

Further information may be found at:  https://www.atomicorp.com/wiki/index.php/ASL_FAQ#HTTP_Error_401:_Authorization_Required.

-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE                        MESSAGE
- ---- ----------------------------- ------------------------------------------
2 23   c_modsec::tortix_conf_generat Low space detected writing to tortix_waf.conf - 0 /
2 1    c_modsec::tortix_conf_generat An error occurred attempting to open file /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf
2 48   ASLRBC                        Reverting all changes
2 48   ASLRBC::rollback_file         No valid previous version found for /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf
3 303  Core::distributed_update      Invalid user credentials

i've a regular "Web Host Edition" license.

So what credentials i need and how can i fix this problem?

 

[UFHH01]

Hi fferraro87,

pls. use the command ( logged in as user root over SSH ):

plesk installer --select-product-id plesk --select-release-current --install-component modsecurity

You are able to check the current installed components with the command:

plesk installer --select-product-id plesk --select-release-current --show-components --show-options

... and switch "on" the "Atomic Basic ModSecurity" over your Plesk Control Panel afterwards.

Another solution is to install the component over the "Updates and Upgrades" > "Add/Remove Components" page over Plesk.

​

Pls. check at => HOME > Tools & Settings > License Management , that ModSecurity is displayed with "On".


If you experience issues/errors/problems while updating the "tortix rules", just switch off ModSecurity, check that the component IS installed and turned it on again.

 

[fferraro87]

Hi fferraro87,

pls. use the command ( logged in as user root over SSH ):

plesk installer --select-product-id plesk --select-release-current --install-component modsecurity

You are able to check the current installed components with the command:

plesk installer --select-product-id plesk --select-release-current --show-components --show-options

... and switch "on" the "Atomic Basic ModSecurity" over your Plesk Control Panel afterwards.

Another solution is to install the component over the "Updates and Upgrades" > "Add/Remove Components" page over Plesk.

View attachment 12946​

Pls. check at => HOME > Tools & Settings > License Management , that ModSecurity is displayed with "On".


If you experience issues/errors/problems while updating the "tortix rules", just switch off ModSecurity, check that the component IS installed and turned it on again.

Hi, thanks for your quickly answer.

I've this component installed :

Detecting installed product components.
  panel             [up2date] - Plesk
  bind              [up2date] - BIND DNS server
  postgresql        [install] - PostgreSQL server
  health-monitor    [up2date] - Server Health Monitor
  fail2ban          [install] - Fail2Ban
  selinux           [up2date] - SELinux policy
  l10n              [up2date] - All language localization for Plesk
  git               [install] - Git
  pmm               [install] - Plesk Migrator
  sitebuilder       [up2date] - Web Presence Builder
  mysqlgroup        [up2date] - MySQL server
  horde             [up2date] - Horde
  roundcube         [up2date] - Roundcube
  kav               [install] - Kaspersky Anti-Virus
  drweb             [up2date] - Plesk Premium Antivirus
  spamassassin      [install] - SpamAssassin
  mailman           [up2date] - Mailman
  postfix           [up2date] - Postfix
  qmail             [install] - Qmail
  msmtp             [install] - MSMTP (relay only)
  dovecot           [install] - Dovecot
  courier           [up2date] - Courier
  proftpd           [up2date] - ProFTPD
  java              [install] - Support for Tomcat Java Servlets
  webalizer         [up2date] - Webalizer
  awstats           [up2date] - AWStats
  modsecurity       [up2date] - ModSecurity
  passenger         [install] - Phusion Passenger server
  ruby              [install] - Ruby support
  nodejs            [install] - NodeJS support
  gems-pre          [install] - Tools required for building Ruby gems
  mod_fcgid         [up2date] - mod_fcgid
  mod_perl          [up2date] - mod_perl
  mod-bw            [install] - mod_bw
  mod_python        [up2date] - mod_python
  webservers        [up2date] - Apache
  php7.1            [install] - PHP 7.1
  php7.0            [install] - PHP 7.0
  php5.6            [up2date] - PHP 5.6
  php5.5            [install] - PHP 5.5
  php5.4            [install] - PHP 5.4
  php5.3            [install] - PHP 5.3
  php5.2            [install] - PHP 5.2
  phpgroup          [up2date] - PHP 5 from OS vendor
  nginx             [up2date] - Nginx web server
  phpfpm            [install] - PHP-FPM from OS vendor
  config-troubleshooter[up2date] - Plesk Web Server Configuration Troubleshooter
  psa-firewall      [install] - Plesk Firewall
  psa-vpn           [install] - Plesk VPN
  psa-fileserver    [install] - Plesk file server
  watchdog          [install] - Watchdog system monitoring
  cloudflare        [install] - Cloudflare ServerShield
  magicspam         [up2date] - MagicSpam Embedded Protection
  heavy-metal-skin  [install] - Skins and Color Schemes
  wp-toolkit        [upgrade] - WordPress Toolkit
  security-advisor  [install] - Security Advisor
  letsencrypt       [up2date] - Let's Encrypt
None of the components have installation settings.

so also modsecurity is installed, in license management i've modsecurity On ( see attached image)
but i've same error
i've also try to turn off and turned on again but nothing

 

[UFHH01]

Hi fferraro87,

in case of issues/errors/problems with ModSecurity, the very first recommended procedure is always the de- and re-install process:

plesk installer --select-product-id plesk --select-release-current --remove-component modsecurity
plesk installer --select-product-id plesk --select-release-current --install-component modsecurity

Second, pls. note, that Plesk comes with the Plesk Repair Utility, which is able to investigate and solve quite a lot of ( possible ) misconfigurations automatically. Pls. see the official Plesk documentation, to inform yourself about the options and usage:

=> Plesk Repair Utility​

If you experience issues/errors/problems when you unstall or re-install a Plesk component, pls. consider to include the corresponding log - file from "/var/log/plesk", so that people willing to help you have something to investigate together with you.

... and each repair - process will as write informations to the depending repair - log.

 

[fferraro87]

Thanks for your reply, i've try to uninstall/reinstall modsecurity but i've same error.

Thanks for notes me plesk repair utility, i've done a check in order to repair some permissions and files.
But I see that there isn't an option to repair module installation right? or it is under "installation" option?

Thanks

 

[UFHH01]

Hi fferraro87,

I just noticed:

distributed_update Invalid user credentials

... so I assume, that you put additional user credentials at the fields where "( subscription )" is optional.
Pls. note, that IF you put in additional user credentials, you have to make sure that you registered at => Create Customer Profile and signed up for additional services.

If you didn't sign up for additional Atomic services, pls. leave these options fields blank to avoid issues/errors/problems, when using the Plesk license included ModSecurity Rules "Atomic Basic ModSecurity" or "OWASP ModSecurity". Don't forget to SAVE your settings, before you change back to another ModSecurity Rule.


In addition, pls. follow as well the suggestions from => Atomic ModSecurity rule set (subscription) does not work even after Plesk 12 MU#52 is installed