Control Web Panel
WebPanel => Apache => Topic started by: warwicknz on February 02, 2017, 04:19:34 AM
-
Hi,
I've just built a fresh install of centos 7 CWP in preparation for migration from centos 6 CWP.
All gone well apart from the install of mod_security, after install Apache fails to start with the following error log:
httpd.service - Web server Apache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2017-02-02 17:08:28 NZDT; 3min 1s ago
Process: 21127 ExecStop=/usr/local/apache/bin/apachectl graceful-stop (code=exited, status=1/FAILURE)
Process: 20817 ExecReload=/usr/local/apache/bin/apachectl graceful (code=exited, status=1/FAILURE)
Process: 21132 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 16577 (code=exited, status=0/SUCCESS)
[1]: Starting Web server Apache...
[21132]: httpd: Syntax error on line 508 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
[1]: httpd.service: control process exited, code=exited status=1
[1]: Failed to start Web server Apache.
[1]: Unit httpd.service entered failed state.
[1]: httpd.service failed.
Any help would be greatly appreciated.
Another thing I've noted is the enabled modules don't work on Apache rebuild and have to be activated manually in config.
Thanks,
Chris
-
try reinstalling mod_security
-
Yes I attempted this first and apache rebuild, are there any other module dependencies that might not be turned on in apache? Also I note that mod_security2.so has different permissions in the modules folder to all others is this correct?
Thanks Chris
-
OK so there is some sort of issue with the CWP install process for mod_security2.
Workaround is:
- Install modsecurity through CWP GUI so it generates the main config and OWASP rules
- Then reinstall mod_security2 manually to overwrite the issue with mod_security.so:
#Download ModSecurity
wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz.sha256
#Config checksum of download
sha256sum -c modsecurity-2.9.1.tar.gz.sha256
#Install ModSecurity:
tar -xvf modsecurity-2.9.1.tar.gz
cd modsecurity-2.9.1
./configure --with-apxs=/usr/local/apache/bin/apxs
make
sudo make install
cp /usr/local/modsecurity/lib/mod_security2.so /usr/local/apache/modules
Restart Apache, fixed!
If this was helpful let me know, spent a couple of hours getting to the bottom of it in preparation for centos CWP 6 to 7 migration.
Cheers.
-
warwicknz
Thanks
-
@warwicknz worked for me. Thank you :D
-
for centos 7 try
Backup folders:
/usr/local/apache/conf
/usr/local/apache/conf.d
yum reinstall cwp-httpd apr apr-util apr-devel apr-util-devel
and then install modsecurity from cwp
-
Can someone please do a dumbed down help guide of this cause you say to reinstall mod-security with cwp yet i have no idea where to do that.
-
Not worked:
yum reinstall cwp-httpd apr apr-util apr-devel apr-util-devel
I have tried too many solutions but problem not solved for me.
Only one solution "Uninstall ModSecurity", Otherwise Apache go down.
Every time that i try Apache failed.
Starting httpd: httpd: Syntax error on line 507 of /usr/local/apache/conf/httpd.conf: Syntax error on line 5 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/mod_security2.so into server: /usr/local/apache/modules/mod_security2.so: undefined symbol: apr_crypto_block_cleanup
[FAILED]
-
are you using the latest version of CWP ?
-
are you using the latest version of CWP ?
In my CWP panel it is looks like:
CWPpro version: 0.9.8.227
I think it is latest version.. ?
-
also include all output you get from yum reinstall and mod_security install
-
-Output of Reinstall-
[root@server ~]# yum reinstall cwp-httpd apr apr-util apr-devel apr-util-devel
Loaded plugins: fastestmirror, presto
Setting up Reinstall Process
Loading mirror speeds from cached hostfile
* rpmforge: miroir.univ-paris13.fr
Installed package cwp-httpd-2.4.25-5.x86_64 (from cwp) not available.
Resolving Dependencies
--> Running transaction check
---> Package apr.x86_64 0:1.5.2-2 will be reinstalled
---> Package apr-devel.x86_64 0:1.5.2-2 will be reinstalled
---> Package apr-util.x86_64 0:1.5.4-2 will be reinstalled
---> Package apr-util-devel.x86_64 0:1.5.4-2 will be reinstalled
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================
Reinstalling:
apr x86_64 1.5.2-2 cwp 193 k
apr-devel x86_64 1.5.2-2 cwp 821 k
apr-util x86_64 1.5.4-2 cwp 71 k
apr-util-devel x86_64 1.5.4-2 cwp 130 k
Transaction Summary
=============================================================================================================================================================================================================================================
Reinstall 4 Package(s)
Total download size: 1.2 M
Installed size: 8.4 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 1.2 M
(1/4): apr-1.5.2-2.x86_64.rpm | 193 kB 00:00
(2/4): apr-devel-1.5.2-2.x86_64.rpm | 821 kB 00:00
(3/4): apr-util-1.5.4-2.x86_64.rpm | 71 kB 00:00
(4/4): apr-util-devel-1.5.4-2.x86_64.rpm | 130 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 5.5 MB/s | 1.2 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : apr-1.5.2-2.x86_64 1/4
Installing : apr-devel-1.5.2-2.x86_64 2/4
Installing : apr-util-1.5.4-2.x86_64 3/4
Installing : apr-util-devel-1.5.4-2.x86_64 4/4
Verifying : apr-util-devel-1.5.4-2.x86_64 1/4
Verifying : apr-1.5.2-2.x86_64 2/4
Verifying : apr-devel-1.5.2-2.x86_64 3/4
Verifying : apr-util-1.5.4-2.x86_64 4/4
Installed:
apr.x86_64 0:1.5.2-2 apr-devel.x86_64 0:1.5.2-2 apr-util.x86_64 0:1.5.4-2 apr-util-devel.x86_64 0:1.5.4-2
Complete!
Because of character limit i cannot put the output of Mod_security install.
I have to open a Ticket about this problem?
However, i think if it is a general problem of CWP upgrade, maybe helpful for forum members and CWP users.
-
this looks fine now only mod_security install output should be checked.
-
Mod Security Install all outputs via CWP panel.
There is 20000 character limit. So, Link is below.
https://drive.google.com/open?id=0BxfRrvJ6xFi5R1dkTjdnRDhwWWs
-
I have had the same issue, i have run the reinstall process and it still did not help.
I then performed a rebuild of Apache, to the same version and settings, this fixed me issue.
-
This worked for me! Was looking forever for a solution.