Failed ModSecurity update has crashed Apache 2 days in a row

[Chris1]

I've woken up two mornings in a row with customers complaining that their website has been unavailable.

Upon logging into Plesk I get Modsecurity update errors along with the Apache service being down.

This has happened onto two different servers on two different virtualization platforms. Other servers on CloudLinux 6.7 have not had this problem.

The two servers that have had this problem have the following:

Plesk 12.5.30 Update #14
CloudLinux 7.1
Modsecurity version: 2.9.0-centos7.15082019
Apache version: 2.4.6-31.el7_1.1.cloudlinux
Modsecurity ruleset: Atomic Basic ModSecurity, Update rule sets Daily, Tradeoff config

I've included the error received when going into the ModSecurity section in Plesk.

What is going on here? How do we fix this problem.

We have left ModSecurity off for the time being as we cant have Apache crashing every day.

Error: Failed to update the ModSecurity rule set: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: Signature made Tue Dec 8 07:41:31 2015 AEDT using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A 4520 AFA9
TERM environment variable not set.
aum failed with exitcode 3.
stdout:



Checking versions ...

ASL version is current: [75G[[1;31m[1;32mPASS[0m[0m]
Updating Web Application Firewall to 201512080958: updated[75G[[1;31m[1;32mPASS[0m[0m]
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
[0;33m2 2 c_modsec::apply_rules An error occurred attempting to read file
/var/asl/data/waf_groups
[0m[0;33m2 9901 ASLCommon::cmd_system ERROR: '/usr/sbin/apachectl -t >/dev/null
2>&1 (1)'
[0m[0;33m2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 --
[Wed Dec 09 04:18:51.076389 2015] [so:war
n] [pid 662077] AH01574: module actions_mo
dule is already loaded, skipping||[Wed Dec
09 04:18:51.079756 2015] [so:warn] [pid 6
62077] AH01574: module headers_module is a
lready loaded, skipping||[Wed Dec 09 04:18
:51.080071 2015] [so:warn] [pid 662077] AH
01574: module logio_module is already load
ed, skipping||[Wed Dec 09 04:18:51.081453
2015] [so:warn] [pid 662077] AH01574: modu
le suexec_module is already loaded, skippi
ng||[Wed Dec 09 04:18:51.125845 2015] [so:
warn] [pid 662077:tid 139838976211008] AH0
1574: module unique_id_module is already l
oaded, skipping||httpd: Syntax error on li
ne 357 of /etc/httpd/conf/httpd.conf: Synt
ax error on line 12 of /etc/httpd/conf.d/0
0_mod_security.conf: No matches for the wi
ldcard '*asl*.conf' in '/etc/httpd/conf/mo
dsecurity.d/rules/tortix/modsec', failing
(use IncludeOptional if required)'
[0m[0;33m2 601 c_modsec::apply_rules There is a problem with the apache config:
[Wed Dec 09 04:18:51.076389 2015] [so:war
n] [pid 662077] AH01574: module actions_mo
dule is already loaded, skipping; [Wed Dec
09 04:18:51.079756 2015] [so:warn] [pid 6
62077] AH01574: module headers_module is a
lready loaded, skipping; [Wed Dec 09 04:18
:51.080071 2015] [so:warn] [pid 662077] AH
01574: module logio_module is already load
ed, skipping; [Wed Dec 09 04:18:51.081453
2015] [so:warn] [pid 662077] AH01574: modu
le suexec_module is already loaded, skippi
ng; [Wed Dec 09 04:18:51.125845 2015] [so:
warn] [pid 662077:tid 139838976211008] AH0
1574: module unique_id_module is already l
oaded, skipping; httpd: Syntax error on li
ne 357 of /etc/httpd/conf/httpd.conf: Synt
ax error on line 12 of /etc/httpd/conf.d/0
0_mod_security.conf: No matches for the wi
ldcard '*asl*.conf' in '/etc/httpd/conf/mo
dsecurity.d/rules/tortix/modsec', failing
(use IncludeOptional if required)
[0m[0;33m2 601 c_modsec::apply_rules There is a problem with the apache config:
Rolling back to the previous update
[0m[0;33m2 9901 ASLCommon::cmd_system ERROR: '/bin/cp -af /var/asl/tmp/waf_rules
/* /etc/httpd/conf/modsecurity.d/rules/tor
tix/modsec>/dev/null 2>&1 (1)'
[0m[1;31m3 600 c_modsec::apply_rules Errors occurred with Apache


stderr:
Unable to download tortix rule set

Out of the above error, I'm assuming this might be causing the problem?

Syntax error on line 357 of /etc/httpd/conf/httpd.conf: Syntax error on line 12 of /etc/httpd/conf.d/00_mod_security.conf: No matches for the wildcard '*asl*.conf' in '/etc/httpd/conf/modsecurity.d/rules/tortix/modsec', failing use IncludeOptional if required)'

There doesn't appear to be anything in "/etc/httpd/conf.d/00_mod_security.conf", so I can't change Include to IncludeOptional?? (As shown below)

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

..and there does appear to be file in "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec" that would match the wildcard '*asl*.conf', it is 50_plesk_basic_asl_rules.conf

 

[Oto Tortorella]

Same problem here!
I already posted here: http://talk.plesk.com/threads/error...-atomic-basic-modsecurity.336154/#post-792729

This seems a general problem, please advise...