• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Issue with AtomicCorp rules updates.

micfrip

micfrip

New Pleskian
Hi,

Both web interface and command line failed to download the updated rules.

Here is the output:

Code: 
[root@myServer1 ~]# /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php UpdateModSecurityRuleSet
[2016-11-28 10:47:00] ERR [util_exec] proc_close() failed ['/usr/local/psa/admin/bin/modsecurity_ctl' '--install' '--with-backup' '--ruleset' 'atomic'] with exit code [1]
Error occured while sending feedback. HTTP code returned: 502
[2016-11-28 10:47:01] ERR [panel] modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: Signature made Mon Sep 12 17:56:54 2016 CEST using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42  9B08 FFBD 5D0A 4520 AFA9
TERM environment variable not set.
aum failed with exitcode 3.
stdout:



Checking versions ...

        ASL version is current:                                           [PASS]
        Updating Web Application Firewall to 201611221017: updated        [PASS]
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE                        MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_system         ERROR: '/bin/cp -af /var/asl/rules/modsec/
                                     template-* /var/asl/data/templates/ >/dev/
                                     null 2>&1 (1)'
3 18   c_modsec::apply_rules         Failed to copy file /var/asl/rules/modsec/
                                     waf_classes -> /var/asl/data/waf_classes



stderr:
Unable to download atomic rule set

Could you please help?
 
Hi micfrip,

you could try to solve the issue with the following commands over the ssh - command line ( logged in as user "root" ):

Code: 
/var/asl/bin/aum -uf
yum upgrade mod_security tortix-waf
/var/asl/bin/asl -s -f
On Debian/Ubuntu based systems, the package would be upgraded with the command "apt-get install --only-upgrade aum"


If you exsperience issues with these commands, pls. consider to check the file "/etc/asl/config" to ensure that UPDATE_TYPE is set to "all".

If you experience the issue, that there is no "config" - file on Debian/Ubuntu - based systems, which you could edit, pls. consider to use "cp -p /etc/asl/config.dpkg-dist /etc/asl/config", followed by the command "/var/asl/bin/aum -c". But ( ! ), pls. be informed, that the sample configuration is a STANDARD configuration file, with no unique settings, so the copy of the configuration file is only recommended for experienced linux administrators, who are able to solve ( possible ) issues with a standard configuration file for WAF. If you are an unexperienced user, pls. consider to WAIT for an update/upgrade/patch from Atomic and Plesk, to solve the described issue!

Pls. see as well an actual forum thread at the Atomic forum: => https://forums.atomicorp.com/viewtopic.php?f=3&t=8497
 
First of all, many thanks for your kind help!

The first command seems to return some problems:

# /var/asl/bin/aum -uf




Checking versions ...

ASL version is current: [PASS]
Updating Web Application Firewall to 201611221017: updated [PASS]
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_system ERROR: '/usr/sbin/apachectl -t >/dev/null
2>&1 (1)'
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 --
[Mon Nov 28 11:41:38.543463 2016] [so:war
n] [pid 17534:tid 140267821828160] AH01574
: module unique_id_module is already loade
d, skipping||[Mon Nov 28 11:41:38.583052 2
016] [so:warn] [pid 17534:tid 140267821828
160] AH01574: module security2_module is a
lready loaded, skipping||AH00526: Syntax e
rror on line 36 of /etc/httpd/conf/modsecu
rity.d/rules/atomic/modsec/00_asl_z_antiev
asion.conf:||ModSecurity: Found another ru
le with the same id'
2 601 c_modsec::apply_rules There is a problem with the apache config:
[Mon Nov 28 11:41:38.543463 2016] [so:war
n] [pid 17534:tid 140267821828160] AH01574
: module unique_id_module is already loade
d, skipping; [Mon Nov 28 11:41:38.583052 2
016] [so:warn] [pid 17534:tid 140267821828
160] AH01574: module security2_module is a
lready loaded, skipping; AH00526: Syntax e
rror on line 36 of /etc/httpd/conf/modsecu
rity.d/rules/atomic/modsec/00_asl_z_antiev
asion.conf:; ModSecurity: Found another ru
le with the same id
2 601 c_modsec::apply_rules There is a problem with the apache config:
Rolling back to the previous update
3 600 c_modsec::apply_rules Errors occurred with Apache
Click to expand...
 
Hi micfrip,

pls. consider to use the ssh - command over the command line ( logged in as user "root" ):

/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php UpdateModSecurityRuleSet

... and/or try to switch the actual rule-set and reverse it afterwards over your Plesk Control Panel ( => Home > Tools & Settings > Web Application Firewall ). ;)
 
running
/var/asl/bin/aum -uf
I get messages
- ---- ----------------------------- ------------------------------------------
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www4.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www4.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www3.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www3.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www6.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www6.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www5.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www5.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www2.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www2.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2


I have subscription on atomicorp
 
--bc1c384c-H--
Message: [file "/etc/httpd/conf/modsecurity.d/rules/atomic/modsec/20_asl_useragents.conf"] [line "360"] [id "333515"] [rev "4"] [msg "Atomicorp.com WAF Rules: MJ12 Distributed bot detected (Disable this rule if you want to allow this bot)"] [severity "ERROR"] [tag "no_ar"] Access denied with code 403 (phase 2). Pattern match "MJ12bot" at REQUEST_HEADERS:User-Agent.
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s
Action: Intercepted (phase 2)
Stopwatch: 1497887726147861 9581 (- - -)
Stopwatch2: 1497887726147861 9581; combined=4500, p1=246, p2=4200, p3=0, p4=0, p5=54, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.1 (ModSecurity: Open Source Web Application Firewall 201706161912.
Server: Apache
Engine-Mode: "ENABLED
 
Hi dyrer,

apart from the fact, that the previous copied message is a normal information about the ( expected ) behaviour, when you use ModSecurity, could you pls. explain
  • What has this information got to do with the thread?
  • Why did you paste it to this thread?
  • Did you notice, that Plesk ( and Plesk Forum Members ) can't give support for Atomic Rules, as they don't develop ModSecurity?
 
I know here is a forum about Plesk, but the problem occurs from Plesk so I am asking help here
I have removed and installed again modsecurity, to see if problem persists
and something else how can remove modsecurity log file? from plesk of course
@UFHH01 Thank for your help
 
UFHH01 said:
Hi micfrip,

you could try to solve the issue with the following commands over the ssh - command line ( logged in as user "root" ):

Code: 
/var/asl/bin/aum -uf
yum upgrade mod_security tortix-waf
/var/asl/bin/asl -s -f
On Debian/Ubuntu based systems, the package would be upgraded with the command "apt-get install --only-upgrade aum"


If you exsperience issues with these commands, pls. consider to check the file "/etc/asl/config" to ensure that UPDATE_TYPE is set to "all".

If you experience the issue, that there is no "config" - file on Debian/Ubuntu - based systems, which you could edit, pls. consider to use "cp -p /etc/asl/config.dpkg-dist /etc/asl/config", followed by the command "/var/asl/bin/aum -c". But ( ! ), pls. be informed, that the sample configuration is a STANDARD configuration file, with no unique settings, so the copy of the configuration file is only recommended for experienced linux administrators, who are able to solve ( possible ) issues with a standard configuration file for WAF. If you are an unexperienced user, pls. consider to WAIT for an update/upgrade/patch from Atomic and Plesk, to solve the described issue!

Pls. see as well an actual forum thread at the Atomic forum: => https://forums.atomicorp.com/viewtopic.php?f=3&t=8497
Click to expand...

Hi!
I found this thread while searching informations wether it is possible to use a Ubuntu Server with Plesk Onyx and Atomic-Rules via Plesk? I have found limitations to some os (Centos 6 and 7, Red Hat Enterprise Linux 6 and 7, CloudLinux 6 and 7). But when i read your post it seems to be possible to use the Plesk-Extension "
Atomic Secured Linux" on Ubuntu 16 with Onyx...
Can you tell me something about the real status?
Best wishes,
Matthias
 
GaMa said:
Hi!
I found this thread while searching informations wether it is possible to use a Ubuntu Server with Plesk Onyx and Atomic-Rules via Plesk? I have found limitations to some os (Centos 6 and 7, Red Hat Enterprise Linux 6 and 7, CloudLinux 6 and 7). But when i read your post it seems to be possible to use the Plesk-Extension "
Atomic Secured Linux" on Ubuntu 16 with Onyx...
Can you tell me something about the real status?
Best wishes,
Matthias
Click to expand...


Sorry, i have just found out that using mod_security with "atomic Rules subscription" is something complitly different then using the plesk-extension "Atomic Secured Linux"...

Best regards,
Matthias
 
You must log in or register to reply here.

Similar threads

S
Resolved Web Application Firewall: Error when changing to ruleset "Atomic Advanced (erworben über Plesk)"
Replies
4
Views
444
Sascha Schlüter
S
M
Issue Failed to update ModSecurity ruleset: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
Replies
0
Views
1K
muhammad.faraz
M
T
APT ISSUE and PUM ISSUE - Docker public key
Replies
10
Views
2K
Peter Debik
P
finbarr69
Resolved /var/awp/etc/config: No such file or directory, Failed to update the ModSecurity rule set
Replies
5
Views
3K
8tango
8
brainforge
Resolved System updates have started failing.
Replies
2
Views
2K
brainforge
brainforge
Back
Top