• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Issue with AtomicCorp rules updates.

micfrip

New Pleskian
Hi,

Both web interface and command line failed to download the updated rules.

Here is the output:

Code:
[root@myServer1 ~]# /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php UpdateModSecurityRuleSet
[2016-11-28 10:47:00] ERR [util_exec] proc_close() failed ['/usr/local/psa/admin/bin/modsecurity_ctl' '--install' '--with-backup' '--ruleset' 'atomic'] with exit code [1]
Error occured while sending feedback. HTTP code returned: 502
[2016-11-28 10:47:01] ERR [panel] modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: Signature made Mon Sep 12 17:56:54 2016 CEST using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42  9B08 FFBD 5D0A 4520 AFA9
TERM environment variable not set.
aum failed with exitcode 3.
stdout:



Checking versions ...

        ASL version is current:                                           [PASS]
        Updating Web Application Firewall to 201611221017: updated        [PASS]
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE                        MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_system         ERROR: '/bin/cp -af /var/asl/rules/modsec/
                                     template-* /var/asl/data/templates/ >/dev/
                                     null 2>&1 (1)'
3 18   c_modsec::apply_rules         Failed to copy file /var/asl/rules/modsec/
                                     waf_classes -> /var/asl/data/waf_classes



stderr:
Unable to download atomic rule set

Could you please help?
 
Hi micfrip,

you could try to solve the issue with the following commands over the ssh - command line ( logged in as user "root" ):

Code:
/var/asl/bin/aum -uf
yum upgrade mod_security tortix-waf
/var/asl/bin/asl -s -f
On Debian/Ubuntu based systems, the package would be upgraded with the command "apt-get install --only-upgrade aum"


If you exsperience issues with these commands, pls. consider to check the file "/etc/asl/config" to ensure that UPDATE_TYPE is set to "all".

If you experience the issue, that there is no "config" - file on Debian/Ubuntu - based systems, which you could edit, pls. consider to use "cp -p /etc/asl/config.dpkg-dist /etc/asl/config", followed by the command "/var/asl/bin/aum -c". But ( ! ), pls. be informed, that the sample configuration is a STANDARD configuration file, with no unique settings, so the copy of the configuration file is only recommended for experienced linux administrators, who are able to solve ( possible ) issues with a standard configuration file for WAF. If you are an unexperienced user, pls. consider to WAIT for an update/upgrade/patch from Atomic and Plesk, to solve the described issue!

Pls. see as well an actual forum thread at the Atomic forum: => https://forums.atomicorp.com/viewtopic.php?f=3&t=8497
 
First of all, many thanks for your kind help!

The first command seems to return some problems:

# /var/asl/bin/aum -uf




Checking versions ...

ASL version is current: [PASS]
Updating Web Application Firewall to 201611221017: updated [PASS]
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
2 9901 ASLCommon::cmd_system ERROR: '/usr/sbin/apachectl -t >/dev/null
2>&1 (1)'
2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 --
[Mon Nov 28 11:41:38.543463 2016] [so:war
n] [pid 17534:tid 140267821828160] AH01574
: module unique_id_module is already loade
d, skipping||[Mon Nov 28 11:41:38.583052 2
016] [so:warn] [pid 17534:tid 140267821828
160] AH01574: module security2_module is a
lready loaded, skipping||AH00526: Syntax e
rror on line 36 of /etc/httpd/conf/modsecu
rity.d/rules/atomic/modsec/00_asl_z_antiev
asion.conf:||ModSecurity: Found another ru
le with the same id'
2 601 c_modsec::apply_rules There is a problem with the apache config:
[Mon Nov 28 11:41:38.543463 2016] [so:war
n] [pid 17534:tid 140267821828160] AH01574
: module unique_id_module is already loade
d, skipping; [Mon Nov 28 11:41:38.583052 2
016] [so:warn] [pid 17534:tid 140267821828
160] AH01574: module security2_module is a
lready loaded, skipping; AH00526: Syntax e
rror on line 36 of /etc/httpd/conf/modsecu
rity.d/rules/atomic/modsec/00_asl_z_antiev
asion.conf:; ModSecurity: Found another ru
le with the same id
2 601 c_modsec::apply_rules There is a problem with the apache config:
Rolling back to the previous update
3 600 c_modsec::apply_rules Errors occurred with Apache
 
Hi micfrip,

pls. consider to use the ssh - command over the command line ( logged in as user "root" ):

/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php UpdateModSecurityRuleSet

... and/or try to switch the actual rule-set and reverse it afterwards over your Plesk Control Panel ( => Home > Tools & Settings > Web Application Firewall ). ;)
 
running
/var/asl/bin/aum -uf
I get messages
- ---- ----------------------------- ------------------------------------------
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www4.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www4.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www3.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www3.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www6.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www6.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www5.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www5.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2
2 302 Core::distributed_update remote fail: E_GEN_RETRY 22 .. www2.atomicorp.com/channels/asl-4.0/modsec-201706161912.tar.bz2
2 6 Core::distributed_update File not found www2.atomicorp.com /channels/asl-4.0/modsec-201706161912.tar.bz2


I have subscription on atomicorp
 
--bc1c384c-H--
Message: [file "/etc/httpd/conf/modsecurity.d/rules/atomic/modsec/20_asl_useragents.conf"] [line "360"] [id "333515"] [rev "4"] [msg "Atomicorp.com WAF Rules: MJ12 Distributed bot detected (Disable this rule if you want to allow this bot)"] [severity "ERROR"] [tag "no_ar"] Access denied with code 403 (phase 2). Pattern match "MJ12bot" at REQUEST_HEADERS:User-Agent.
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s
Action: Intercepted (phase 2)
Stopwatch: 1497887726147861 9581 (- - -)
Stopwatch2: 1497887726147861 9581; combined=4500, p1=246, p2=4200, p3=0, p4=0, p5=54, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.1 (ModSecurity: Open Source Web Application Firewall 201706161912.
Server: Apache
Engine-Mode: "ENABLED
 
Hi dyrer,

apart from the fact, that the previous copied message is a normal information about the ( expected ) behaviour, when you use ModSecurity, could you pls. explain
  • What has this information got to do with the thread?
  • Why did you paste it to this thread?
  • Did you notice, that Plesk ( and Plesk Forum Members ) can't give support for Atomic Rules, as they don't develop ModSecurity?
 
I know here is a forum about Plesk, but the problem occurs from Plesk so I am asking help here
I have removed and installed again modsecurity, to see if problem persists
and something else how can remove modsecurity log file? from plesk of course
@UFHH01 Thank for your help
 
Hi micfrip,

you could try to solve the issue with the following commands over the ssh - command line ( logged in as user "root" ):

Code:
/var/asl/bin/aum -uf
yum upgrade mod_security tortix-waf
/var/asl/bin/asl -s -f
On Debian/Ubuntu based systems, the package would be upgraded with the command "apt-get install --only-upgrade aum"


If you exsperience issues with these commands, pls. consider to check the file "/etc/asl/config" to ensure that UPDATE_TYPE is set to "all".

If you experience the issue, that there is no "config" - file on Debian/Ubuntu - based systems, which you could edit, pls. consider to use "cp -p /etc/asl/config.dpkg-dist /etc/asl/config", followed by the command "/var/asl/bin/aum -c". But ( ! ), pls. be informed, that the sample configuration is a STANDARD configuration file, with no unique settings, so the copy of the configuration file is only recommended for experienced linux administrators, who are able to solve ( possible ) issues with a standard configuration file for WAF. If you are an unexperienced user, pls. consider to WAIT for an update/upgrade/patch from Atomic and Plesk, to solve the described issue!

Pls. see as well an actual forum thread at the Atomic forum: => https://forums.atomicorp.com/viewtopic.php?f=3&t=8497

Hi!
I found this thread while searching informations wether it is possible to use a Ubuntu Server with Plesk Onyx and Atomic-Rules via Plesk? I have found limitations to some os (Centos 6 and 7, Red Hat Enterprise Linux 6 and 7, CloudLinux 6 and 7). But when i read your post it seems to be possible to use the Plesk-Extension "
Atomic Secured Linux" on Ubuntu 16 with Onyx...
Can you tell me something about the real status?
Best wishes,
Matthias
 
Hi!
I found this thread while searching informations wether it is possible to use a Ubuntu Server with Plesk Onyx and Atomic-Rules via Plesk? I have found limitations to some os (Centos 6 and 7, Red Hat Enterprise Linux 6 and 7, CloudLinux 6 and 7). But when i read your post it seems to be possible to use the Plesk-Extension "
Atomic Secured Linux" on Ubuntu 16 with Onyx...
Can you tell me something about the real status?
Best wishes,
Matthias


Sorry, i have just found out that using mod_security with "atomic Rules subscription" is something complitly different then using the plesk-extension "Atomic Secured Linux"...

Best regards,
Matthias
 
Back
Top