Author Topic: Editor Wrecks Modsecurity Configuration  (Read 3754 times)

0 Members and 1 Guest are viewing this topic.

Editor Wrecks Modsecurity Configuration
« on: March 27, 2020, 01:32:06 PM »
I was trying to add the SecStatusEngine option, using the GUI Configuration Files: Main Configuration.
It appeared to Save OK. Restarted Apache and it failed.
Upon re-opening the Main Configuration:
Code: [Select]
LoadFile /usr/lib64/libxml2.so
            LoadFile /usr/lib64/liblua-5.1.so
           
            <IfModule !unique_id_module>
              LoadModule unique_id_module modules/mod_unique_id.so
            </IfModule>
           
            <IfModule !mod_security2.c>
              LoadModule security2_module  modules/mod_security2.so
            </IfModule��Y�[�[H[���X�\�]L��ς�Y�[�[H[�ܝZY ��ς��X�]Y]���ܘY�Q\� �\܋���[ �\X�K�����[��X��]Y]��X�]Y]��\H�ۘ�\��[�� �Y�[�[O��Y�[�[H]˘ς��X�]Y]���ܘY�Q\� �\܋���[ �\X�K�����[��X��]Y]��X�]Y]��\H�ۘ�\��[�� �Y�[�[O���X��]\�[��[�H�ۂ��Xԝ[Q[��[�Hۂ��X�]Y][��[�H�[]�[�ۛB��X�]Y]�� �\܋���[ �\X�K�����[��X��]Y] ��ˆ�X�X�Y��� �\܋���[ �\X�K�����[��X��X�Y˛�ˆ�X�]Y]��\H�\�X[��X�X�Y���]�[ ��Xԙ\]Y\���PX��\��ۂ��X�]Q\� �\��X�\\� �\��X�\�Y\� �\��X���X�[ە[Y[�]
� ��X�ܙSX]�[Z] L�L ��X�ܙSX]�[Z]�X�\��[ۈ L�L �[��YH��\܋���[ �\X�K�[��X�\�]K[��\� []\� ���\� ��ۙ��� �Y�[�[

Not good!  :(
Fortunately, this is on CWP Pro and I don't (yet) have custom rules set. I switched to old OWASP rules, then back. This reset the configuraion.

Offline
*
Re: Editor Wrecks Modsecurity Configuration
« Reply #1 on: March 27, 2020, 06:24:18 PM »
Hi

I faced the same problem. The best way to add the line using CLI.

 
Code: [Select]
# vi  /usr/local/apache/conf.d/mod_security.conf

LoadFile /usr/lib64/libxml2.so
            LoadFile /usr/lib64/liblua-5.1.so
           
            <IfModule !unique_id_module>
              LoadModule unique_id_module modules/mod_unique_id.so
            </IfModule>
           
            <IfModule !mod_security2.c>
              LoadModule security2_module  modules/mod_security2.so
            </IfModule>
           
            <IfModule mod_security2.c>
              <IfModule mod_ruid2.c>
                SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
                SecAuditLogType Concurrent
              </IfModule>
              <IfModule itk.c>
                SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
                SecAuditLogType Concurrent
              </IfModule>
           
      SecStatusEngine On

              SecRuleEngine On
              SecAuditEngine On
              SecAuditLog /usr/local/apache/logs/modsec_audit.log
              SecDebugLog /usr/local/apache/logs/modsec_debug.log
              SecAuditLogType Serial
              SecDebugLogLevel 0
              SecRequestBodyAccess On
              SecDataDir /tmp
              SecTmpDir /tmp
              SecUploadDir /tmp
              SecCollectionTimeout 600
              SecPcreMatchLimit 1250000
              SecPcreMatchLimitRecursion 1250000
              Include "/usr/local/apache/modsecurity-owasp-latest/owasp.conf"
            </IfModule>

Re: Editor Wrecks Modsecurity Configuration
« Reply #2 on: March 27, 2020, 08:24:48 PM »
Yeah, I'm well versed with CLI being an old vi person (vim is too modern!).
The point of a GUI is to make things easier/quicker though. ;)
Thought I'd make others aware/wary of the issue.
Cheers!
 ;D