• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

mod_security install error

C

criticman

Guest
I have downloaded mod_security, uncompressed it. I have downloaded httpd-devel via yum and ART's repository.

I located apsx...

Ran the command to compile that I have seen two places, gotroot and eth0.us...and here is the error:
# /usr/sbin/apxs -cia mod_security.c
/usr/lib/httpd/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -march=i386 -mcpu=i686 -I/usr/kerberos/include -DAP_HAVE_DESIGNATED_INITIALIZER -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -pthread -DNO_DBM_REWRITEMAP -I/usr/include/httpd -c -o mod_security.lo mod_security.c && touch mod_security.slo
mod_security.c: In function `sec_audit_logger_concurrent':
mod_security.c:5403: `APR_MD5_DIGESTSIZE' undeclared (first use in this function)
mod_security.c:5403: (Each undeclared identifier is reported only once
mod_security.c:5403: for each function it appears in.)
apxs:Error: Command failed with rc=65536
.
 
Yes. In addition to that page having spelling issues on code and missing special characters at time :);-_ etc), none of the options there worked.

I have tried from there, modsecurity.org, and various other sites from Google searches, as well as eth0.us, as I mentioned in my original post
 
I am not sure if this will help. But in the error it mentions MD5. Is it possible that the APXS script requires the perl module md5?

Try installing that:
perl -MCPAN -e 'shell'
perl> install MD5

I hope it works.
 
# perl -MCPAN -e 'shell'
Can't locate CPAN.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .).
BEGIN failed--compilation aborted.
 
Thanks, that was not it but good to have that, heh.

going by gotroot....

edited mod_security.c as stated
+++++++++++++++++++++++++++
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <apr-0/apr_md5.h>
#include <apr-0/apr_user.h>

+++++++++++++++++++++++++++

Did the symlinks.

Made sure I have the latest httpd-devel using YUM.

and here is what happens.
# /usr/sbin/apxs -cai -lapr-0 -laprutil-0 mod_security.c
/usr/lib/httpd/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -march=i386 -mcpu=i686 -I/usr/kerberos/include -DAP_HAVE_DESIGNATED_INITIALIZER -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -pthread -DNO_DBM_REWRITEMAP -I/usr/include/httpd -c -o mod_security.lo mod_security.c && touch mod_security.slo
mod_security.c:19:27: apr-0/apr_md5.h: No such file or directory
mod_security.c:20:28: apr-0/apr_user.h: No such file or directory
mod_security.c: In function `sec_audit_logger_concurrent':
mod_security.c:5405: `APR_MD5_DIGESTSIZE' undeclared (first use in this function)
mod_security.c:5405: (Each undeclared identifier is reported only once
mod_security.c:5405: for each function it appears in.)
apxs:Error: Command failed with rc=65536
.
 
OK - I am officially an idiot!

Which distro are you on?

I believe you need to install APR.

e.g. with centos the RPM is apr-0.9.4-24.5.i386.rpm
apr-devel-0.9.4-24.5.i386.rpm

There is also, apr-util-devel-0.9.4-21.i386.rpm apr-util-0.9.4-21.i386.rpm

I hope it helps.
 
Can this be installed on a RedHat 9 distro.?

I have the 0.9.7 rpms


Paul
 
I am running RH9. And all attempts to find up to date RPMs seem to fail on what you mentioned above.
 
By all means, tell that to GoDaddy.

My RackSpace server for one of my clients is Fedora Core 4...much better.
 
There is nothing wrong with RH9 - the only problem is that it is not being supported by RH anymore. So in effect any RPM installed now would prolly be pretty much out of date.

The most concerning thing would be the security issues - using RH9 now involves compiling the kernel etc.. manually to keep it up to date, not a difficult task - but very boring and can be tricky doing it remotely unless you have KVMoIP

Good luck with that :)
 
I installed the apr rpms - the mod_security appeared to install OK, but then when I try to load the module, it gives me the error:

Cannot load /usr/lib/httpd/modules/mod_security.so into server: /usr/lib/libapr-0.so.0: symbol sys_siglist, version GLIBC_2.3.3 not defined in file libc.so.6 with link time reference

Commenting out the load module parameter in the httpd.conf allows me to get the server up and running again.

Anyone know if glibc-2.3.3 is out in rpm format for redhat 9? I could try compiling from a src.rpm but it is getting a bit risky..

Oh well, Centos build from now on......
 
So, new troubles

So, I have moved away from GoDaddy and am on a new server...

Fedora Core 3
Plesk 7.5.4

Trying to install mod_security.

I installed httpd_devel successfully from ART using yum. I downloaded the latest release of mod_security, untar, went into apache2 directory, ran the install command, got this error:
Code:
apache2]# /usr/sbin/apxs -cia mod_security.c
/bin/sh /usr/lib/apr/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -DAP_HAVE_DESIGNATED_INITIALIZER -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apr-0 -I/usr/include/httpd  -c -o mod_security.lo mod_security.c && touch mod_security.slo
/usr/lib/apr/build/libtool: line 1092: gcc: command not found
apxs:Error: Command failed with rc=65536
.
 
Alright, as per the instructions here: http://www.gotroot.com/tiki-index.php?page=Setting up mod_security

I did
Code:
Edit modsecurity.c, and add these two lines to the list of #include lines:

#include <apr-0/apr_md5.h>
#include <apr-0/apr_user.h>

Then, add these symlinks:

ln -s /usr/lib/libaprutil-0.so.0 /usr/lib/libaprutil-0.so
ln -s /usr/lib/libapr-0.so.0 /usr/lib/libapr-0.so

And then compile like this:

apxs -cai -lapr-0 -laprutil-0 mod_security.c


And I got it!!!!
Code:
yum install gcc

All good!
 
I also have problems installing mod_security on a 3ES box:

/usr/local/psa/admin/bin/apxs -cai -lapr-0 -laprutil-0 mod_security.c
gcc-3.4 -DHARD_SERVER_LIMIT=512 -DDEFAULT_PATH="/usr/local/psa/admin/bin:/bin:/usr/bin" -DLINUX=22 -DTARGET="httpsd" -DHAVE_SET_DUMPABLE -I/usr/include/gdbm -DMOD_SSL=208122 -DEAPI -O -pipe -I/home/builder/pb_work_dir/psa_aiconfig_7.5.4/psa/release/openssl/include -W -Wall -I/home/builder/pb_work_dir/psa_aiconfig_7.5.4/psa/lib/dist/usr/include -DPLESK_Linux -I/home/builder/pb_work_dir/psa_aiconfig_7.5.4/psa/plesk-utils/include -DBSG_CR -DBSG_MSG -I/home/builder/pb_work_dir/psa_aiconfig_7.5.4/psa/release/openssl/include -DHAS_RPM -O3 -fexpensive-optimizations -I/usr/kerberos/include -fstrength-reduce -pipe -I/home/builder/pb_work_dir/psa_aiconfig_7.5.4/psa/lib/dist/usr/include -I/usr/include/libxml2 -Wno-unused-parameter -fpic -DSHARED_MODULE -I/usr/local/psa/admin/include -c mod_security.c
sh: line 1: gcc-3.4: command not found
apxs:Break: Command failed with rc=127

I already did:
#include <apr-0/apr_md5.h>
#include <apr-0/apr_user.h>

Then, add these symlinks:

ln -s /usr/lib/libaprutil-0.so.0 /usr/lib/libaprutil-0.so
ln -s /usr/lib/libapr-0.so.0 /usr/lib/libapr-0.so

any clue on the problem?
 
Hello ART

Yes, I know that you do the atomic security package. We are about to install it on one of our servers.

However the one platform that we are having trouble with cannot upgrade the kernrel, due to RAID driver issues.

Do you have any assistance for that scenario?
 
Back
Top