Join the community today
Become a Member

Error in setting up modsecurity

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Lav, Mar 4, 2020.

  1. Lav

    Lav Member

    49
    1
    8
    Feb 23, 2020
    Ratings:
    +1
    Local Time:
    8:15 PM
    1.17.8
    10.3
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.17.9
    • PHP Version Installed: 7.3.15
    • MariaDB MySQL Version Installed: 10.3.22
    • When was last time updated Centmin Mod code base ? : today
    • Persistent Config:
      Code:
      NGINX_SSLCACHE_ALLOWOVERRIDE='y'
      SET_DEFAULT_MYSQLCHARSET='utf8mb4'
      AUTOHARDTUNE_NGINXBACKLOG='y'
      ZSTD_LOGROTATE_NGINX='y'
      ZSTD_LOGROTATE_PHPFPM='y'
      LETSENCRYPT_DETECT='y'
      DUALCERTS='y'
      NGINX_LIBBROTLI='y'
      NGXDYNAMIC_BROTLI='y'
      PHP_PGO='y'
      PHP_BROTLI='y'
      PHP_LZFOUR='y'
      PHP_LZF='y'
      PHP_ZSTD='y'
      PHPFINFO='y'
      
      MARCH_TARGETNATIVE='n'
      AUDITD_ENABLE='y'
      
      ALERTEMAIL='*********'
      
      NGINX_MODSECURITY='y'

    I am following the guide give here Beta Branch - update inc/mod_security.inc fix for GeoIP2 conflict in 123.09beta01 and here https://community.centminmod.com/threads/update-prep-for-modsecurity-v3-0.12453.
    After implementation my nginx is failing to restart. It shows an error which is Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

    The "systemctl status nginx.service" shows "nginx.service - SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server
    Loaded: loaded (/etc/rc.d/init.d/nginx; bad; vendor preset: disabled)
    Active: failed (Result: exit-code) since Tue 2020-03-03 21:00:42 UTC; 37s ago
    Docs: man:systemd-sysv-generator(8)
    Process: 64095 ExecStart=/etc/rc.d/init.d/nginx start (code=exited, status=1/FAILURE)
    Main PID: 50714 (code=exited, status=0/SUCCESS)

    Mar 03 21:00:42 nedhost systemd[1]: Starting SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IM...er...
    Mar 03 21:00:42 nedhost nginx[64095]: Starting nginx: nginx: [emerg] "modsecurity_rules_file" directive Rules er...
    Mar 03 21:00:42 nedhost nginx[64095]: [FAILED]
    Mar 03 21:00:42 nedhost systemd[1]: nginx.service: control process exited, code=exited status=1
    Mar 03 21:00:42 nedhost systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy...rver.
    Mar 03 21:00:42 nedhost systemd[1]: Unit nginx.service entered failed state.
    Mar 03 21:00:42 nedhost systemd[1]: nginx.service failed.
    Hint: Some lines were ellipsized, use -l to show in full."






    II haand "journalctl -xe" shows "Unit session-207.scope has finished starting up.
    --
    -- The start-up result is done.
    Mar 03 21:00:01 nedhost CROND[63846]: (root) CMD (/usr/lib64/sa/sa1 1 1)
    Mar 03 21:00:01 nedhost CROND[63847]: (root) CMD (/usr/share/clamav/freshclam-sleep)
    Mar 03 21:00:01 nedhost CROND[63848]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
    Mar 03 21:00:26 nedhost yum[63991]: Updated: ssdeep-libs-2.14.1-1.el7.remi.x86_64
    Mar 03 21:00:26 nedhost yum[63991]: Updated: ssdeep-devel-2.14.1-1.el7.remi.x86_64
    Mar 03 21:00:26 nedhost yum[63991]: Updated: ssdeep-2.14.1-1.el7.remi.x86_64
    Mar 03 21:00:42 nedhost polkitd[892]: Registered Authentication Agent for unix-process:64089:2573043 (system bus na
    Mar 03 21:00:42 nedhost systemd[1]: Starting SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
    -- Subject: Unit nginx.service has begun start-up
    -- Defined-By: systemd
    -- Support: systemd-devel Info Page
    --
    -- Unit nginx.service has begun starting up.
    Mar 03 21:00:42 nedhost nginx[64095]: Starting nginx: nginx: [emerg] "modsecurity_rules_file" directive Rules error
    Mar 03 21:00:42 nedhost nginx[64095]: [FAILED]
    Mar 03 21:00:42 nedhost systemd[1]: nginx.service: control process exited, code=exited status=1
    Mar 03 21:00:42 nedhost systemd[1]: Failed to start SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMA
    -- Subject: Unit nginx.service has failed
    -- Defined-By: systemd
    -- Support: systemd-devel Info Page
    --
    -- Unit nginx.service has failed.
    --
    -- The result is failed.
    Mar 03 21:00:42 nedhost systemd[1]: Unit nginx.service entered failed state.
    Mar 03 21:00:42 nedhost systemd[1]: nginx.service failed.
    Mar 03 21:00:42 nedhost polkitd[892]: Unregistered Authentication Agent for unix-process:64089:2573043 (system bus
    Mar 03 21:01:01 nedhost systemd[1]: Started Session 210 of user root.
    -- Subject: Unit session-210.scope has finished start-up
    -- Defined-By: systemd
    -- Support: systemd-devel Info Page
    --
    -- Unit session-210.scope has finished starting up.
    --
    -- The start-up result is done.
    Mar 03 21:01:01 nedhost CROND[64129]: (root) CMD (run-parts /etc/cron.hourly)
    Mar 03 21:01:01 nedhost run-parts(/etc/cron.hourly)[64132]: starting 0anacron
    Mar 03 21:01:01 nedhost run-parts(/etc/cron.hourly)[64138]: finished 0anacron
    Mar 03 21:01:01 nedhost run-parts(/etc/cron.hourly)[64140]: starting 0yum-hourly.cron".

    I had executed the cmupdate command after putting NGINX_MODSECURITY='y' in custom config file and compiled nginx using option 4 but then it is not restarting.

    Also this directory is not in my system /usr/local/nginx/owasp-modsecurity-crs-3.1.0/
    How to install owasp-modesecurity?
     
    Last edited by a moderator: Mar 4, 2020
  2. eva2000

    eva2000 Administrator Staff Member

    47,474
    10,760
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,718
    Local Time:
    12:45 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x