/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

Centminmod 124.00, NGINX 1.23.1 and ModSecurity

Discussion in 'Install & Upgrades or Pre-Install Questions' started by enderst, Oct 18, 2022.

Previous Thread Next Thread
Loading...
  1. Oct 18, 2022 #1
    enderst

    enderst Member

    38
    7
    8
    Dec 12, 2017
    Ratings:
    +10
    Local Time:
    10:41 PM
    Upgraded to Centminmod 124.00, NGINX 1.23.1 and ModSecurity is broke. Looks like this line in /usr/local/nginx/modsec/main.conf:
    Code:
    Include "/usr/local/nginx/coreruleset-3.3.2/rules/*.conf"
    My error from nginx -t
    Code:
    nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/nginx/modsec/main.conf. Line: 6. Column: 57. "/usr/local/nginx/coreruleset-3.3.2/rules/*.conf": Not able to open file. Looking at: '"/usr/local/nginx/coreruleset-3.3.2/rules/*.conf"', '"/usr/local/nginx/coreruleset-3.3.2/rules/*.conf"', '/usr/local/nginx/modsec/"/usr/local/nginx/coreruleset-3.3.2/rules/*.conf"', '/usr/local/nginx/modsec/"/usr/local/nginx/coreruleset-3.3.2/rules/*.conf"'. in /usr/local/nginx/conf/conf.d/example.com.ssl.conf:62

     
    Last edited: Oct 18, 2022
  2. Oct 18, 2022 #2
    rdan

    rdan Well-Known Member

    5,452
    1,418
    113
    May 25, 2014
    Ratings:
    +2,212
    Local Time:
    12:41 PM
    Mainline
    10.2
  3. Oct 18, 2022 #3
    enderst

    enderst Member

    38
    7
    8
    Dec 12, 2017
    Ratings:
    +10
    Local Time:
    10:41 PM
  4. Oct 18, 2022 #4
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:41 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Did you only update from 123.09beta01 to 124.00stable and nothing else? You may need to run cmupdate and then do a Nginx recompile via centmin.sh menu option 4.
     
  5. Oct 18, 2022 #5
    enderst

    enderst Member

    38
    7
    8
    Dec 12, 2017
    Ratings:
    +10
    Local Time:
    10:41 PM
    I did:
    Update from 123.09beta01 to 124.00stable
    cmupdate
    Option 15
    Server updates
    Option 4
    I ended up commenting out the modsecurity line until this is sorted out to get the site up.
     
  6. Oct 18, 2022 #6
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:41 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    what's in directory at /usr/local/nginx/coreruleset-3.3.2/rules/

    output for
    Code (Text):
    ls -lah /usr/local/nginx/coreruleset-3.3.2/rules/

    It would of been populated via inc/mod_scurity.inc lines 224-240 at https://github.com/centminmod/centminmod/blob/124.00stable/inc/mod_security.inc#L224-L240

    Probably need to troubleshoot Nginx upgrade/recompile with log outlined at https://community.centminmod.com/threads/how-to-troubleshoot-nginx-installs-upgrades.17778/
     
  7. Oct 18, 2022 #7
    enderst

    enderst Member

    38
    7
    8
    Dec 12, 2017
    Ratings:
    +10
    Local Time:
    10:41 PM
    Not empty:
    Code:
    # ls -lah /usr/local/nginx/coreruleset-3.3.2/rules/
total 700K
drwxrwxr-x 2 root root 4.0K Mar 31  2022 .
drwxrwxr-x 7 root root 4.0K Mar 31  2022 ..
-rw-rw-r-- 1 root root  786 Jun 30  2021 crawlers-user-agents.data
-rw-rw-r-- 1 root root  551 Jun 30  2021 iis-errors.data
-rw-rw-r-- 1 root root  933 Jun 30  2021 java-classes.data
-rw-rw-r-- 1 root root  264 Jun 30  2021 java-code-leakages.data
-rw-rw-r-- 1 root root  240 Jun 30  2021 java-errors.data
-rw-rw-r-- 1 root root  31K Jun 30  2021 lfi-os-files.data
-rw-rw-r-- 1 root root 5.3K Jun 30  2021 php-config-directives.data
-rw-rw-r-- 1 root root 9.0K Jun 30  2021 php-errors.data
-rw-rw-r-- 1 root root  683 Jun 30  2021 php-function-names-933150.data
-rw-rw-r-- 1 root root  21K Jun 30  2021 php-function-names-933151.data
-rw-rw-r-- 1 root root  224 Jun 30  2021 php-variables.data
-rw-r--r-- 1 root root 7.5K Mar 31  2022 REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
-rw-rw-r-- 1 root root 7.5K Jun 30  2021 REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
-rw-rw-r-- 1 root root  14K Jun 30  2021 REQUEST-901-INITIALIZATION.conf
-rw-rw-r-- 1 root root  14K Jun 30  2021 REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
-rw-rw-r-- 1 root root  26K Jun 30  2021 REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
-rw-rw-r-- 1 root root  11K Jun 30  2021 REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
-rw-rw-r-- 1 root root 7.7K Jun 30  2021 REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf
-rw-rw-r-- 1 root root 1.9K Jun 30  2021 REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf
-rw-rw-r-- 1 root root  18K Jun 30  2021 REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf
-rw-rw-r-- 1 root root 1.6K Jun 30  2021 REQUEST-905-COMMON-EXCEPTIONS.conf
-rw-rw-r-- 1 root root  11K Jun 30  2021 REQUEST-910-IP-REPUTATION.conf
-rw-rw-r-- 1 root root 2.6K Jun 30  2021 REQUEST-911-METHOD-ENFORCEMENT.conf
-rw-rw-r-- 1 root root  11K Jun 30  2021 REQUEST-912-DOS-PROTECTION.conf
-rw-rw-r-- 1 root root 7.0K Jun 30  2021 REQUEST-913-SCANNER-DETECTION.conf
-rw-rw-r-- 1 root root  50K Jun 30  2021 REQUEST-920-PROTOCOL-ENFORCEMENT.conf
-rw-rw-r-- 1 root root  13K Jun 30  2021 REQUEST-921-PROTOCOL-ATTACK.conf
-rw-rw-r-- 1 root root 5.9K Jun 30  2021 REQUEST-930-APPLICATION-ATTACK-LFI.conf
-rw-rw-r-- 1 root root 5.6K Jun 30  2021 REQUEST-931-APPLICATION-ATTACK-RFI.conf
-rw-rw-r-- 1 root root  54K Jun 30  2021 REQUEST-932-APPLICATION-ATTACK-RCE.conf
-rw-rw-r-- 1 root root  32K Jun 30  2021 REQUEST-933-APPLICATION-ATTACK-PHP.conf
-rw-rw-r-- 1 root root 3.9K Jun 30  2021 REQUEST-934-APPLICATION-ATTACK-NODEJS.conf
-rw-rw-r-- 1 root root  40K Jun 30  2021 REQUEST-941-APPLICATION-ATTACK-XSS.conf
-rw-rw-r-- 1 root root  69K Jun 30  2021 REQUEST-942-APPLICATION-ATTACK-SQLI.conf
-rw-rw-r-- 1 root root 5.1K Jun 30  2021 REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
-rw-rw-r-- 1 root root  15K Jun 30  2021 REQUEST-944-APPLICATION-ATTACK-JAVA.conf
-rw-rw-r-- 1 root root 4.0K Jun 30  2021 REQUEST-949-BLOCKING-EVALUATION.conf
-rw-rw-r-- 1 root root 4.7K Jun 30  2021 RESPONSE-950-DATA-LEAKAGES.conf
-rw-rw-r-- 1 root root  18K Jun 30  2021 RESPONSE-951-DATA-LEAKAGES-SQL.conf
-rw-rw-r-- 1 root root 3.5K Jun 30  2021 RESPONSE-952-DATA-LEAKAGES-JAVA.conf
-rw-rw-r-- 1 root root 4.9K Jun 30  2021 RESPONSE-953-DATA-LEAKAGES-PHP.conf
-rw-rw-r-- 1 root root 5.7K Jun 30  2021 RESPONSE-954-DATA-LEAKAGES-IIS.conf
-rw-rw-r-- 1 root root 4.2K Jun 30  2021 RESPONSE-959-BLOCKING-EVALUATION.conf
-rw-rw-r-- 1 root root 6.7K Jun 30  2021 RESPONSE-980-CORRELATION.conf
-rw-r--r-- 1 root root 3.0K Mar 31  2022 RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
-rw-rw-r-- 1 root root 3.0K Jun 30  2021 RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example
-rw-rw-r-- 1 root root 2.0K Jun 30  2021 restricted-files.data
-rw-rw-r-- 1 root root  390 Jun 30  2021 restricted-upload.data
-rw-rw-r-- 1 root root  216 Jun 30  2021 scanners-headers.data
-rw-rw-r-- 1 root root  418 Jun 30  2021 scanners-urls.data
-rw-rw-r-- 1 root root 4.8K Jun 30  2021 scanners-user-agents.data
-rw-rw-r-- 1 root root  717 Jun 30  2021 scripting-user-agents.data
-rw-rw-r-- 1 root root 1.9K Jun 30  2021 sql-errors.data
-rw-rw-r-- 1 root root 1.4K Jun 30  2021 unix-shell.data
-rw-rw-r-- 1 root root 3.9K Jun 30  2021 windows-powershell-commands.data
     
  8. Oct 18, 2022 #8
    eva2000

    eva2000 Administrator Staff Member

    58,893
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    2:41 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    looks like probably one of the modsecurity_rules_file in one of the files listed at
    /usr/local/nginx/coreruleset-3.3.2/rules/ so probably need to find out which
     
Previous Thread Next Thread
Loading...

.