Facebook
Twitter
DieterWerner
Regular Pleskian
modsecurity_ctl failed: <urlopen error ('_ssl.c:602: The handshake operation timed out',)>
Unable to download tortix rule set.
Unable to download tortix rule set.
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Resolved ModSecurity (once again)
- Thread starter DieterWerner
- Start date
DieterWerner
Regular Pleskian
Am I the only one having this problem?
Hi,
What is the OS and Plesk version?
What rule set do you use?
Best Regards,
What is the OS and Plesk version?
What rule set do you use?
Best Regards,
DieterWerner
Regular Pleskian
1. CentOS7
2. Plesk Onyx Version 17.8.11
3. Atomic Basic ModSecurity
2. Plesk Onyx Version 17.8.11
3. Atomic Basic ModSecurity
DieterWerner
Regular Pleskian
modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: Signature made Tue Oct 16 14:25:50 2018 CEST using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A 4520 AFA9
TERM environment variable not set.
aum failed with exitcode 3.
stdout:
Checking versions ...
-------------------------------------------------------------------------------
Errors were encountered:
L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
[0;33m2 9901 ASLCommon::cmd_exec ERROR: '(28) /usr/bin/curl -A "Atomic Updater Modified (4.0)" -s -f --connect-timeout 10 --data "member=plesk_global_unpaid&license=&product=asl-4.0-plesk-unpaid&from_web=1&system_type=webserver&act=2" https://updates.atomicorp.com/pgui_v/rpc4.0.php -- '
[0m[0;33m2 9998 ASLValidate::_send_request validation error: 28
[0m[0;33m2 9999 ASLValidate::validate_asl Bad data from request
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www4.atomicorp.com/channels/rules/VERSION
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www6.atomicorp.com/channels/rules/VERSION
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www5.atomicorp.com/channels/rules/VERSION
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www2.atomicorp.com/channels/rules/VERSION
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www3.atomicorp.com/channels/rules/VERSION
[0m[1;31m3 301 Core::check_versions ASL Version list could not be retrieved.
[0m85.214.231.106
stderr:
Unable to download tortix rule set
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: Signature made Tue Oct 16 14:25:50 2018 CEST using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A 4520 AFA9
TERM environment variable not set.
aum failed with exitcode 3.
stdout:
Checking versions ...
-------------------------------------------------------------------------------
Errors were encountered:
L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
[0;33m2 9901 ASLCommon::cmd_exec ERROR: '(28) /usr/bin/curl -A "Atomic Updater Modified (4.0)" -s -f --connect-timeout 10 --data "member=plesk_global_unpaid&license=&product=asl-4.0-plesk-unpaid&from_web=1&system_type=webserver&act=2" https://updates.atomicorp.com/pgui_v/rpc4.0.php -- '
[0m[0;33m2 9998 ASLValidate::_send_request validation error: 28
[0m[0;33m2 9999 ASLValidate::validate_asl Bad data from request
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www4.atomicorp.com/channels/rules/VERSION
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www6.atomicorp.com/channels/rules/VERSION
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www5.atomicorp.com/channels/rules/VERSION
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www2.atomicorp.com/channels/rules/VERSION
[0m[0;33m2 302 Core::distributed_update remote fail: E_CONNECT 28 .. www3.atomicorp.com/channels/rules/VERSION
[0m[1;31m3 301 Core::check_versions ASL Version list could not be retrieved.
[0m85.214.231.106
stderr:
Unable to download tortix rule set
DieterWerner
Regular Pleskian
I did ...
plesk daily UpdateModSecurityRuleSet
but I don't know how to check whether it was successfull or not.
plesk daily UpdateModSecurityRuleSet
but I don't know how to check whether it was successfull or not.
DieterWerner
Regular Pleskian
OK - but I am a Plesk user and Atiomic is a part of the Plesk extensions and so, Plesk should be able to make it useable for all Plesk users.
Am I wrong?
Believe me, we are working with Atomic for solving this issue on their side.
DieterWerner
Regular Pleskian
I did:
aum -u
Checking versions ...
AUM version is current: Das Paket asl ist nicht installiert[75G[[1;31m[1;32mPASS[0m[0m]
Web Application Firewall is current: 201901081846[75G[[1;31m[1;32mPASS[0m[0m]
Generating report ...
Finished
(Package asl is not installed)
aum -u
Checking versions ...
AUM version is current: Das Paket asl ist nicht installiert[75G[[1;31m[1;32mPASS[0m[0m]
Web Application Firewall is current: 201901081846[75G[[1;31m[1;32mPASS[0m[0m]
Generating report ...
Finished
(Package asl is not installed)
DieterWerner
Regular Pleskian
Latest message from last night:
-----------------------------------------
Unable to generate the web server configuration file on the host <hostname> because of the following errors:
Template_Exception: [Fri Jan 11 23:35:12.061535 2019] [so:warn] [pid 32049] AH01574: module unique_id_module is already loaded, skipping
[Fri Jan 11 23:35:12.090292 2019] [so:warn] [pid 32049] AH01574: module security2_module is already loaded, skipping
AH00526: Syntax error on line 35 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:
ModSecurity: Found another rule with the same id
file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0
Please resolve the errors in web server configuration templates and generate the file again.
-----------------------------------------
-----------------------------------------
Unable to generate the web server configuration file on the host <hostname> because of the following errors:
Template_Exception: [Fri Jan 11 23:35:12.061535 2019] [so:warn] [pid 32049] AH01574: module unique_id_module is already loaded, skipping
[Fri Jan 11 23:35:12.090292 2019] [so:warn] [pid 32049] AH01574: module security2_module is already loaded, skipping
AH00526: Syntax error on line 35 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:
ModSecurity: Found another rule with the same id
file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php
line: 75
code: 0
Please resolve the errors in web server configuration templates and generate the file again.
-----------------------------------------
DieterWerner
Regular Pleskian
Today:
-------------------------------
aum -u
Checking versions ...
AUM version is current: Das Paket asl ist nicht installiert[75G[[1;31m[1;32mPASS[0m[0m]
Web Application Firewall is current: 201901111546[75G[[1;31m[1;32mPASS[0m[0m]
Generating report ...
Finished
-------------------------------
That means: asl is (still) not installed.
So I wonder how to install asl?
P.S. Yes, I know that I'm annoying, but the problem has been around for months and there is no solution to see.
-------------------------------
aum -u
Checking versions ...
AUM version is current: Das Paket asl ist nicht installiert[75G[[1;31m[1;32mPASS[0m[0m]
Web Application Firewall is current: 201901111546[75G[[1;31m[1;32mPASS[0m[0m]
Generating report ...
Finished
-------------------------------
That means: asl is (still) not installed.
So I wonder how to install asl?
P.S. Yes, I know that I'm annoying, but the problem has been around for months and there is no solution to see.
Last edited:
DieterWerner
Regular Pleskian
It's like the workaround mentioned in
Atomic ModSecurity ruleset installation fails: Required ruleset configs were not downloaded
and it seems to work - but:
1. Result of full ASL installations:
/var/asl/bin/asl -s -f
File asl not found
2. Result of rules only installations:
/var/asl/bin/aum -uf
Checking versions ...
AUM version is current: Das Paket asl ist nicht installiert[75G[[1;31m[1;32mPASS[0m[0m]
Updating Web Application Firewall to 201901111546: updated[75G[[1;31m[1;32mPASS[0m[0m]
Warning: Not an array or iterable object in foreach, variable is NULL in component/c_apache.php on line 29
-------------------------------------------------------------------------------
Errors were encountered:
L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
[0;33m2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- [Tue Jan 15 13:03:15.135159 2019] [so:warn] [pid 6610] AH01574: module unique_id_module is already loaded, skipping||[Tue Jan 15 13:03:15.163976 2019] [so:warn] [pid 6610] AH01574: module security2_module is already loaded, skipping||AH00526: Syntax error on line 35 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:||ModSecurity: Found another rule with the same id'
[0m[0;33m2 601 c_modsec::apply_rules There is a problem with the apache config: 1
[0m[0;33m2 601 c_modsec::apply_rules There is a problem with the apache config: Rolling back to the previous update
[0m[0;33m2 48 c_modsec::apply_rules Reverting all changes
[0m[0;33m2 48 ASLRBC::rollback_file No valid previous version found for /etc/asl/system.properties
[0m[1;31m3 600 c_modsec::apply_rules Errors occurred with Apache
[0m85.214.231.106
DieterWerner
Regular Pleskian
Someone gave me the hint to deinstall the WAF ...
that leads into a total server crash (url not reachable)
I give up - sorry for open this thread :-(
that leads into a total server crash (url not reachable)
I give up - sorry for open this thread :-(
DieterWerner
Regular Pleskian
Now you got me cornered!
I do not blame anyone and my message was not personalized.
In answer of our question:
neither the url of a domain nor the url of the plesk panel was accessible
I had to restore a BackUp from my provider-account.
Everything is good - please no hard feelings.
P.S. even the access via terminal was crashed
I do not blame anyone and my message was not personalized.
In answer of our question:
neither the url of a domain nor the url of the plesk panel was accessible
I had to restore a BackUp from my provider-account.
Everything is good - please no hard feelings.
P.S. even the access via terminal was crashed
Last edited:
DieterWerner
Regular Pleskian
Not a really good idea - but OK ...
I will no longer waste my time with the errors of WAF and ModSecurity - I'm simply waiting for the day on which it works flawlessly again.
Last edited:
DieterWerner
Regular Pleskian
OK - everything works fine now since 20.01.2019
Similar threads
